Advertising Disclosure Email Disclosure

District Court in 2nd Circuit rejects broad interpretation of Computer Fraud and Abuse Act.

April 11, 2013
Advanced Aerofoil Techs., AG v. Todaro, 2013 U.S. Dist. LEXIS 25711 (S.D.N.Y. 1/30/13)

Although primarily a criminal anti-hacking statute, the Computer Fraud and Abuse Act, 18 U.S. C. § 1030, et seq. (“CFAA”) also provides for certain civil causes of action. In this case, the plaintiff, AAT, argued that various employees violated the CFAA when they downloaded and accessed proprietary and trade secret information from AAT’s computers in order to form a competing company. AAT alleged that its employees also deleted and deliberately destroyed emails and vital electronic data.

A key prerequisite to stating a civil claim under the CFAA is access “without authorization” to the plaintiff’s computers. In other words, were the defendants accessing and/or transmitting information from AAT’s computers without authorization within the meaning of the CFAA? Here, there was no question that the defendants had unfettered access to AAT’s computer systems as employees. The issue was whether intentional misuse or misappropriation of an employer’s confidential information constituted unauthorized access. The statute does not define the term “without authorization,” which has led to a split amongst the Circuits. Several Circuits, including the 1st and 7th, have held that an employee’s authorization under the CFAA is effectively terminated once the employee acquires interests adverse to the employer or otherwise breaches a duty of loyalty to the employer.

In AAT, the court rejected the expansive view of the CFAA and chose to adopt a narrow reading of “without authorization” under the CFAA. Rather, citing other cases within the 2nd and 9th Circuits, the court held that there is no statutory language that supports interpreting the CFAA to reach misuse or misappropriation of information. Since AAT had not revoked the employee's unlimited access to its computer systems at the time the information was obtained, AAT could not state a claim under the CFAA. In other words, the purpose or reason the employee accesses the data (and subsequent use or misuse of the data) is not relevant under the CFAA. Instead, the issue is whether the access to the data was authorized by the employer.

This decision is certainly not the last word on civil actions under the CFAA, and it remains to be seen how this issue will continue to play out in the federal court system.

Affiliated Attorney

Practice Areas

Before you send this email please note:

You are attempting to send email, through a link on our website, to an attorney of Marshall Dennehey Warner Coleman & Goggin or an employee in our firm. Please note that your email may not be treated as confidential and does not create an attorney-client relationship. You should not rely upon the transmission of an email through this website if you are seeking to enter into such a relationship. Until such time as we have agreed to represent you, no information in your email will be treated as confidential. Please contact us directly by telephone at 1.800.220.3308 if it is your intent to seek legal counsel with our firm or convey confidential information.

If it is still your intent to send this email, knowing that it may not be treated as confidential, you may accept our terms of agreement by pressing "OK". If you choose not to accept these terms of agreement you may navigate away from this page by pressing "Cancel."