September 24, 2009

Ninth Circuit narrowly interprets Computer Fraud and Abuse Act

The federal Computer Fraud and Abuse Act ("CFAA") creates a civil remedy against those who access information on a computer without authorization, or in a manner that exceeds authorized access.  The Ninth Circuit last week gave a narrow reading to CFAA, limiting its use as a tool to punish disloyal employees. 

In LVRC Holdings, LLC v. Brekka, defendant was a former employee of plaintiff who, during his employment, emailed company documents to his personal account.  After defendant left his employment with plaintiff, plaintiff discovered that defendant had retained the documents and used them in connection with a competing business.  Plaintiff claimed a violation of CFAA along with various state law tort claims. 

The Ninth Circuit affirmed the District Court's summary judgment for defendant, and dismissed the CFAA claim.  The court held that, because defendant was authorized to access the documents on plaintiff's computer system during his employment, and nothing in company policy prohibited emailing documents to employees' personal accounts, plaintiff could not claim that his access was "without authorization" under CFAA.

While an employer's ability to rely on CFAA is constrained by the result in Brekka, a rogue employee may still be subject to a trade secret claim under state law.

Posted by Lori Bauman on September 24, 2009 at 05:30 PM in Business Torts, Trade Secrets | | Comments (0) | TrackBack (0)

|

August 22, 2006

Misappropriation of Trade Secret Law Casts a Broad Net of Potential Liability

Most states have either adopted the Uniform Trade Secret Act, or enacted statutes that are very similar to the Act, which makes the misappropriation of trade secrets unlawful.  Misappropriation can occur by improper use, disclosure, or acquisition of a trade secret.  A court recently held that improper use of a trade secret may happen even where the alleged perpetrator does not know the trade secret. 

In Cognis Corp. v. ChemCentral Corp., No. 05-C-6344 (N.D.Ill. 2006), a developer of a chemical used as a curing agent for adhesive sued a distributor of chemical products for misappropriation.  The defendant distributor had previously distributed products for plaintiff and now distributed a curing agent from a former employee of plaintiff who was alleged to have misappropriated plaintiff's secret formula for its curing agent.  In another state, Plaintiff had sued the former employee for misappropriation.  Although the distributor did not know the secret formula of the curing agent, it knew that plaintiff had sued the former employee for misappropriation of the secret formula, and the distributor priced the product alleged to have been developed from the secret formula 10% below plaintiff's price to attract plaintiff's customers.  The court held that these alleged facts were sufficient to state a claim for misappropriation of trade secrets against the distributor. 

Posted by Dan Larsen on August 22, 2006 at 02:30 PM in Hot Topics in the Courts, Trade Secrets | | Comments (0)

|

July 26, 2006

Deletion of Data by Former Employee May Violate Computer Fraud and Abuse Act and Breach Duty of Loyalty

The Computer Fraud and Abuse Act prohibits the transmission of a program, information, code or command, which as a result, intentionally causes damage to a protected computer. The Act was designed to address, for example, attacks by virus and worm writers, as well as disgruntled programmers who intentionally damage an employer’s data system. An employer sued its former employee under the Act for deleting data and evidence of improper conduct during employment from a laptop computer furnished by the employer. The former employee argued that no claim could be stated because he merely deleted data on his laptop and did not engage in “transmission” of a program or command, which is an essential element under the Act. 


The appellate court rejected the former employee’s argument and allowed the employer’s lawsuit to proceed. Specifically, the court found that “transmission” does not require a program or command to be sent remotely, as opposed to from the drive of the computer where the data or information was deleted. Furthermore, after the employee engaged in misconduct and decided to quit employment, his actions to destroy files on the laptop violated his duty of loyalty which then terminated his agency relationship with his employer and his authority to access the laptop. By accessing a computer without authorization to destroy files, the employee could also be liable for violating another provision of the Act that prohibits unauthorized access that causes damage.  International Airport Centers, LLC v. Citrin, (7th Cir. 2006)

Posted by Dan Larsen on July 26, 2006 at 11:19 AM in Employment, Hot Topics in the Courts, Trade Secrets | | Comments (0)

|