Federal circuits around the country are also split on whether to interpret the CFAA narrowly or broadly. A recent decision in the United States District Court for the Eastern District of Pennsylvania weighed in on the significant split of authority among the federal circuit courts concerning the interpretation of the CFAA. Dresser-Rand Co. v. Jones, No. 10-2013, 2013 WL 3810859 (E.D. Pa. July 23, 2013). In Dresser-Rand, the United States District Court for the Eastern District of Pennsylvania adopted the narrow interpretation of the CFAA and ruled that departing managers from a company did not access company computers “without authorization,” nor “exceed authorized access,” in violation of the CFAA when they downloaded thousands of company documents to external storage devices from their work laptops, since they had unrestricted access to such documents. In coming to its decision, the court weighed in on the split in federal circuits concerning the interpretation of the CFAA. The court noted that the “broad” and “narrow” labels have been helpfully divided into three categories: agency-basedauthorization, code-based authorization, and contract-based authorization.
Under the broader, agency-based analysis, “if an employee has access to information on a work computer to perform his or her job, the employee may exceed his or her access misusing the information on the computer, either by severing the agency relationship through disloyal activity, or by violating employer policies and/or confidentiality agreements.” Id. at 5. In one such case the Seventh Circuit held that defendant’s authorization to access his work laptop terminated when, having already engaged in misconduct by resigning in violation of his employment contract, “he resolved to destroy files that incriminated himself and other files that were also the property of his employer, in violation of the duty of loyalty that agency law imposes on an employee.” Id. at 420-421
The Dresser-Rand court also discussed the Fourth and Ninth adoption of the narrow view based on the reasoning that the plain language of the statute, dictionary definition of “authorization.” Id. at *6; see, e.g. WEC Carolina Energy Solutions LLC v. Miller; 687 F.3d 199 (4th Cir. 2012); U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012). The court cites recent Fourth and Ninth Circuit cases noting that they have interpreted “without authorization” and “exceeds authorized access” literally and narrowly, finding that “an employee is authorized to access a computer when his employer approves or sanctions his admission to that computer.
An employee is without authorization when he gains admission to a computer without approval, and an employee exceeds authorized access when he has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access. These definitions do not extend to improper use of information validly accessed.” Id. (quotes omitted). Thus, even if an employee has misappropriated company information, he cannot be held liable if he had permission to access his employer’s computer and his employer’s computer system and files.
The Dresser-Rand court found the Fourth and Ninth circuits more persuasive, citing the Ninth Circuit’s disapproval of the Seventh, Fifth, and Eleventh Circuits’ failure to consider the consequences of a broad interpretation of the CFAA. Based on their review of the opposing federal circuit authorities, the Dresser-Rand court, unlike some of the court’s in New York, concluded the statute simply does not support a broad interpretation of “authorization” based on employer use policies. Id. at *8.
Despite the clear split among the circuit courts and the implications of a potentially broad application of the CFAA to all employees who use a computer, neither the United States Supreme Court nor Congress has addressed these issues. In fact, the Supreme Court recently dismissed a petition for writ of certiori seeking review of a Fourth Circuit case, cited by Dresser-Rand, applying the narrow interpretation of the CFAA. WEC Carolina Energy Solutions LLC v. Miller, 133 S. Ct. 831 (2013). Until the Supreme Court weighs in on the Circuit split, we will continue to see conflicting interpretations of the CFAA from courts across the country.
- The Defend Trade Secrets Act–A Sea Change In The Fight Against The Misappropriation Of Trade Secrets
- New Study Yields Information On Trade Secret Litigation Metrics
- More States Considering Limitations On Non-Competes Through Legislation
- Court Explains Limits Of Restrictive Covenants In Lift Out Of Executive Team
- A “Bet The Company” Trade Secret Case: Waymo LLC V. Uber Technologies, Inc.
- Non-Competes Are Not For Everyone
- Data Misappropriation–Where To Sue
- Jumping Ship And Getting Sued For It: Nike V. Ralph Lauren
- The White House Opines On Non-Competes
- Restrictive Covenant Employment Guide For Employers
- September 2018
- August 2018
- February 2018
- January 2018
- May 2017
- March 2017
- January 2017
- December 2016
- October 2016
- September 2016
- February 2016
- January 2016
- June 2015
- April 2015
- February 2015
- December 2014
- October 2014
- September 2014
- March 2014
- February 2014
- January 2014
- October 2013
- August 2013
- July 2013