Articles - Health / Safety / Risk Mgmt

Could it possibly be equally as unlawful to lie about your age as it is to download trade secrets from your employer's computer?  Some say that both may constitute a violation of the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”), and therefore the statute must be amended.
In recent years, the number of prosecutions under the CFAA has increased.

 These cases have been watched closely by many employers because the CFAA is not just a criminal statute.  Rather, provided certain conditions are met, the civil provisions of the CFAA create a private right of action against those who wrongfully access, or exceed their authorized access, to a protected computer (as defined by the CFAA to include computers used in interstate or foreign commerce or communication).

There has been a split of opinions among federal courts about what it means to "exceed authorized access."  For instance, the Eleventh Circuit concluded not too long ago that an employee "exceeded authorized access" under the CFAA by accessing information on a computer in a manner contrary to an employer's written policies.  Rejecting this analysis, the U.S. district court for the Southern District of New York stated that it would be wrong to "expand the reach of the CFAA to any employee who accesses a company's computer system in a manner that is adverse to her employer's interests. This would convert an ordinary violation of the duty of loyalty or of a confidentiality agreement into a federal offense."

While the courts continue to differ in their view, the debate recently shifted to the halls of Congress.  In testimony before the House Committee on the Judiciary, GWU Law Professor, Orin Kerr, offered some extreme examples with the hope that it would spur Congress to narrow the definition of "authorized access."  Professor Kerr explained: "It is common for computers and computer services to be governed by Terms of Use or Terms of Service that are written extraordinarily broadly....The Terms of Use of the popular Internet dating site Match.com says that “You will not provide inaccurate, misleading or false information ...to any other Member....If a user writes in his profile that he goes to the gym every day – but in truth he goes only once a month – he has violated Match.com's Terms of Use.  Similarly, a man who claims to be 5 foot 10 inches tall, but is only 5 foot 9 inches tall, has violated the Terms.  So has a woman who claims to 32 years old but really is 33 years old."  (A copy of Professor Kerr's written testimony is available in pdf format below.)

Providing a different view was Richard W. Downing, Deputy Chief Computer Crime and Intellectual Property Section Criminal Division of the Department of Justice.  Downing noted, "Some have argued that the definition of “exceeds authorized access” in the CFAA should be restricted to disallow prosecutions based upon a violation of contractual agreements with an employer or service provider.  We appreciate this view, but we are concerned that that restricting the statute in this way would make it difficult or impossible to deter and address serious insider threats through prosecution."  Downing continued, "Employers should be able to set and communicate access restrictions to employees and contractors with the confidence that the law will protect them when their employees or contractors exceed these restrictions to access data for a wrongful purpose."  (A copy of Mr. Downing's written testimony is available in pdf format below.)

Whether the CFAA will be amended remains an open question.  For now, the courts will likely continue to grapple with the extent to which Congress originally intended the statute to apply to alleged faithless employees.

Kerr Testimony.pdf (131.59 kb)

Downing Testimony.pdf (61.39 kb)

 -------------------

BIOGRAPHY

Mike Greco is a partner in the Fisher & Phillips LLP, Philadelphia office. He?tigates and provides counseling nationwide to employers concerning legal claims and issues arising from the movement of employees between competitor firms. These issues include: covenants not to compete, non-solicitation and non-disclosure agreements, unfair competition, employee raiding, trade secrets, duty of loyalty, Computer Fraud & Abuse Act, Economic Espionage Act, and state trade secrets and unfair competition statutes.

Mike has prosecuted and defended more than 300 employee defection and recruitment matters, obtaining and defeating injunctive relief in at least 27 different state and federal courts, in addition to dozens of arbitration actions before the National Association of Securities Dealers.

His experience includes representation of clients in the securities brokerage, health information technology, medical practice, computer sales and distribution, commercial window washing, personnel placement, online retailing, insurance brokerage, insurance, publishing, direct response television, radio, institutional food services, and freight forwarding industries. In addition to litigating, Mike assists corporate clients in developing and implementing coordinated local and/or national programs to protect their competitive assets against employee defection, and to minimize risks that when hiring employees from competitors. His practical knowledge of how courts have treated various restrictive covenants enables Mike to help employers draft appropriately tailored restrictive covenants.  

He is recognized in Pennsylvania Super Lawyers – Rising Stars in 2005, 2006, 2007 and 2010. He is also co-editor of the firm's Non-Compete and Trade Secrets Blog.  

Follow Michael R. Greco on Twitter or on LinkedIn or subscribe to this blog's RSS feed.

##

###

Comments: