One issue I’ve written about here and here is the split among the federal circuit courts regarding the interpretation of the Computer Fraud and Abuse Act (CFAA) as it applies to employees who steal their employers’ confidential information. The Ninth Circuit takes a narrow view, saying that the CFAA only applies to employees when “hacking” is involved. But the First Circuit (which includes Massachusetts) and other circuits interpret the act to apply more broadly to include instances where an employee violates the terms of an employer’s computer use policy. In a very short opinion issued on June 26, the New York Appellate Division, First Department, has picked a side:
The court properly determined that plaintiffs failed to state a cause of action under the CFAA. Even assuming the truth of the allegations in the complaint (see generally Leon v. Martinez, 84 NY2d 83, 87-88 ), the CFAA does not encompass Jacob’s misappropriation of information that he lawfully accessed while working for plaintiffs or misuse of work computers in violation of their computer policies (see United States v Nosal, 676 F3d 854 [9th Cir. 2012]; see also University Sports Publs. Co. v Playmakers Media Co., 725 F. Supp. 2d 378, 385 [S.D.N.Y. 2010]).
MSCI Inc. v. Jacob, 2012 N.Y. Slip. Op. 05107 (N.Y. App. Div., 1st Dep’t June 26, 2012). It’s interesting that the New York Appellate Division concluded that the issue was easy while the circuit courts continue to grapple with the scope of the CFAA.