An interesting article by Jeffrey Spear that appeared in the New Hampshire Bar News earlier this month shows that the federal district court in New Hampshire is struggling with the same question as the district court in Massachusetts: What is the proper interpretation of the Computer Fraud and Abuse Act (“CFAA”)? The CFAA, as I have mentioned many times on this blog, is a federal statute that has been interpreted by various courts in essentially one of two ways: (1) an employee can be liable to an employer if the employee takes information from the employer’s computer system to a competitor, even if that employee had access to that information as part of his job; or (2) the employee can only be liable if the employee did not have access to that information as part of his employment (i.e., the employee “hacked” into the employer’s computer system, stole a password, etc.). As Spear notes, although the First Circuit Court of Appeals, the federal appellate court for both New Hampshire and Massachusetts that issues controlling case law for the federal district courts in those states to follow, has decided that a CFAA violation can be based on (1), the district court in New Hampshire has interpreted the CFAA to be limited to (2). This is the same conflict that at least one judge in the District of Massachusetts has with the First Circuit. Spear recognizes that this conflict will cause a lot of uncertainty in future cases about how the CFAA will be interpreted in New Hampshire, but that uncertainty exists in Massachusetts, too.
Copyright © 2022, Foley Hoag LLP. All rights reserved.