The Continuing Split of Authority in the Interpretation of the Computer Fraud and Abuse Act

One of my recent blog posts highlighted how the United States Supreme Court’s dismissal of the petition for writ of certiorari seeking review of the Fourth Circuit’s opinion in WEC Carolina Energy Solutions, LLC v. Miller, 687 F.3d 199 (4th Cir. 2012), dashed the latest hope for the resolution of the Circuit split over the scope of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. Click here to read prior blog entry. A recent decision out of the United States District Court for the Southern District of New York demonstrates that differing opinions on the scope of the CFAA continue to exist even, in some cases, within the same federal judicial district.

The CFAA, primarily a criminal statute, was originally enacted in 1984 to prevent computer hacking. The CFAA permits a private party “who suffers damage or loss by reason of a violation of [the statute]” to bring a civil action “to obtain compensatory damages and injunctive relief or other equitable relief.” 18 U.S.C. § 1030(g). A person may be held civilly liable under the CFAA when that person, among other things, (1) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer; (2) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value; or (3) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage, or causes damage and loss.

In Advanced Aerofoil Technologies, A.G. v. Todaro, the plaintiffs alleged that the defendants conspired to steal confidential and proprietary information and technology during their employment with plaintiffs, and used the information and technology to form a competing business. 2013 U.S. Dist. LEXIS 25711 (S.D.N.Y. Jan. 31, 2013). The issue before the Court was whether the defendants had accessed the plaintiff’s computer systems “without authorization” when, after plaintiff provided defendants with access to plaintiff’s computer systems, defendants allegedly used that access to misappropriate trade secret and confidential information belonging to the plaintiff.

The Court highlighted how other courts within the Southern District of New York to have considered the issue had reached opposite conclusions. See Mktg. Tech. Solutions, Inc. v. Medizine LLC, 2010 U.S. Dist. LEXIS 50027, at *7 (S.D.N.Y. May 18, 2010) (holding an employee exceeded his authorized use by transferring trade secrets of his employer to a competitor); Calyon v. Mizuho Sec. USA, Inc., 2007 U.S. Dist. LEXIS 66051, at *1 (S.D.N.Y. Sept. 5, 2007) (finding “‘without authorization’ . . . would include an employee who is accessing documents on a computer system which that employee had to know was in contravention of the wishes and interests of his employer”); Cf. United States v. Aleynikov, 737 F. Supp. 2d 173, 192 (S.D.N.Y. 2010) (finding there was no violation of the CFAA when the Defendant, who had authorization to access the system, misappropriated the information); Univ. Sports Publ’ns Co. v. Playmakers Media Co., 725 F. Supp. 2d 378, 384 (S.D.N.Y. 2010) (rejecting the argument that the Defendant, who had authorized access, violated the CFAA by misappropriating confidential information from the database); Orbit One Commc’ns, Inc. v. Numerex Corp., 692 F. Supp. 2d 373, 385 (S.D.N.Y. 2010) (“The plain language of the CFAA supports a narrow reading. The CFAA expressly prohibits improper ‘access’ of computer information. It does not prohibit misuse or misappropriation.”).

The Advanced Aerofoil Court found the cases supporting a more narrow reading of the CFAA – requiring the defendant to have actually obtained access to the computer systems without authorization – to be more persuasive. Advanced Aerofoil, 2013 U.S. Dist. LEXIS 25711, at *19.

When and if the Second Circuit weighs in on the interpretation of the proper scope of the CFAA, the conflict in the Southern District of New York will come to an end. Until the United States Supreme Court weighs in on this issue, however, we are likely to continue to see conflicting decisions from courts across the country interpreting the same statute.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress