Category Archives: Computer Fraud and Abuse Act

            Judge Peter M. Lauriat of the Massachusetts Superior Court decided late last year that an employee who takes confidential documents from her employer’s electronic document system to use in a discrimination lawsuit against her employer is not liable to the employer under the Computer Fraud and Abuse Act (CFAA), especially when the employer knew about the lawsuit but nonetheless did not restrict the employee’s access to those documents while she was working for the employer. … More

            Over the past two months, several interesting items of Computer Fraud and Abuse Act (CFAA) and noncompete news have crossed my desk.  Below are summaries of the two most important items:

            1. Encryption Can Be a CFAA Violation: In early December, Judge Denise J. Casper of the U.S. District Court in Massachusetts ordered a former employee of a company to, among other things, disclose the password that he put on an important file on the company’s server because the company was likely to prevail on its CFAA claim against the employee under the “preliminary injunction”… More

            Echoing a new theme in the federal district court in Massachusetts, last month Chief Magistrate Judge Leo T. Sorokin refused to dismiss a Computer Fraud and Abuse Act (“CFAA”) claim brought against the former CEO of a company, but did so without prejudice, meaning that the defendants could ask the Court to dismiss the claim again later in the case.  Under the CFAA, “[a] defendant is liable where he or she ‘knowingly and with intent to defraud,… More

            An interesting article by Jeffrey Spear that appeared in the New Hampshire Bar News earlier this month shows that the federal district court in New Hampshire is struggling with the same question as the district court in Massachusetts: What is the proper interpretation of the Computer Fraud and Abuse Act (“CFAA”)?  The CFAA, as I have mentioned many times on this blog, is a federal statute that has been interpreted by various courts in essentially one of two ways: (1) an employee can be liable to an employer if the employee takes information from the employer’s computer system to a competitor,… More

            Massachusetts Lawyers Weekly reported two weeks ago on a very interesting decision from the District of Massachusetts by Judge Timothy Hillman that interprets the Computer Fraud and Abuse Act (“CFAA”).  There is now a split in how judges within the district interpret the CFAA, and this split can affect whether employers’ CFAA claims against employees survive.  Both Michael Rosen and I offer some commentary in the article, … More

            As readers of this blog know, there is a split among federal courts over the proper interpretation of the Computer Fraud and Abuse Act (CFAA).  Some courts, like the Ninth Circuit Court of Appeals on the West Coast, believe that the law is narrow and only imposes criminal and civil liability for “hackers,” people who actually “break in” to a company’s computer system to access information.  But other courts like the First Circuit based in New England think the law is broader and applies to disloyal employees as well. … More

            As regular readers of this blog know, the courts are split over the proper interpretation of the Computer Fraud and Abuse Act (“CFAA”), in particular whether the CFAA should apply only to “hackers,” those who truly break into a computer system, or to those who misuse someone else’s data that they lawfully accessed as well.  In a recent Forbes article, Eric Goldman argues that the CFAA is,… More

            I’ve written many times about the significant split in circuit courts’ interpretation of the Computer Fraud and Abuse Act (CFAA), which affects whether an employer can sue an employee for violating computer use restrictions, usually embodied in a confidentiality agreement or company IT policy, when an employee downloads confidential information he is permitted to access but then takes that information to a competitor.  The debate centers on when an employee “exceeds authorized access” under the text of the CFAA. … More

During this past fall and much of the winter, I was serving as a Special Assistant District Attorney in Norfolk County, Massachusetts, which didn’t give me much time to blog. So, to steal a technique that John Marsh uses every week to supplement his excellent posts on the Trade Secret Litigator blog, here are some short discussions of interesting cases and articles I came across over the past few months.… More

Back in November, I wrote about how a plaintiff in a lawsuit involving the Computer Fraud and Abuse Act (CFAA) decided to appeal its case to the Supreme Court.  I explained that the CFAA is interpreted differently by the different federal circuit courts; depending on what state you are in, you might get a different result in a CFAA case.  Some circuits, like the First Circuit that covers most of New England,… More

I have written much on this blog about the Computer Fraud and Abuse Act (“CFAA”) and the split among the federal circuit courts of appeals over how it should be interpreted.  (See my prior posts here.)  The issue being debated among the circuits is whether CFAA claims should only be permitted against an employee who “hacks” into an employer’s computer system, or should also be permitted against an employee who has access to an employer’s information,… More

BNA has published a good article by David A. McManus, Prashanth Jayachandran, and Jason Burns on how an employer can protect its confidential information from being taken by a departing employee to a competitor.  The key is to have a plan.  Some of their more interesting points include:

• In addition to having certain employees sign non-disclosure agreements, an employer should have employees who use their own electronic devices to access company information sign a separate agreement permitting the employer to inspect the devices and delete company information upon termination of employment.…

More

Law360 reported yesterday that, with the Solicitor General’s decision not to seek Supreme Court review of the Ninth Circuit’s decision in United States v. Nosal, “whether an employer can bring [Computer Fraud and Abuse Act] claims against employees who steal company data in violation of computer usage policies depends on where the employer can file suit.”  I anticipated this would be the case back in April. … More

A recent case from the U.S. District Court for the District of New Hampshire highlights the split between the District of New Hampshire and the District of Massachusetts over the proper interpretation of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, in particular the phrase “exceeds authorized access.”  Under various provisions of the CFAA, an individual can be liable if certain conditions are met for exceeding his or her authorized access to information in a computer. … More

One issue I’ve written about here and here is the split among the federal circuit courts regarding the interpretation of the Computer Fraud and Abuse Act (CFAA) as it applies to employees who steal their employers’ confidential information.  The Ninth Circuit takes a narrow view, saying that the CFAA only applies to employees when “hacking” is involved.  But the First Circuit (which includes Massachusetts) and other circuits interpret the act to apply more broadly to include instances where an employee violates the terms of an employer’s computer use policy. … More

I’m quoted in this week’s edition of Massachusetts Lawyers Weekly in an article that discusses the differences between Ninth Circuit and First Circuit case law interpreting the Computer Fraud and Abuse Act.  (The First Circuit includes Massachusetts.)  The article also explains how this circuit split affects claims against employees who take confidential information from their former employers.  The article originally appeared in Lawyers USA magazine and is available here.… More

My article on the recent Ninth Circuit decision in United States v. Nosal, a case concerning the Computer Fraud and Abuse Act that has created a split in the case law with the First Circuit, appears in this month’s Massachusetts Lawyers Journal.  The circuit split affects claims by employers against former employees for theft of confidential information.  Read the article here (it’s on page 18). … More

Below is an article that I wrote for the June edition of Massachusetts Lawyers Journal, the monthly publication of the Massachusetts Bar Association. It discusses an important case that interprets the Computer Fraud and Abuse Act and the split in the law that case has created with the First Circuit, which includes Massachusetts.

The U.S. District Court for the District of Massachusetts has noted that employers are increasingly using the federal Computer Fraud and Abuse Act (CFAA) “to sue former employees and their new companies who seek a competitive edge through wrongful use of information from the former employer’s computer system.” But in April,… More

My colleague Daniel Marx has written an excellent summary and analysis of United States v. Aleynikov, a Second Circuit decision that affects interpretations of the Computer Fraud and Abuse Act, National Stolen Property Act, and Economic Espionage Act.  It is available on our Security, Privacy and the Law Blog.  Importantly, as Dan explains, the district court’s narrow interpretation of the CFAA in that case remains good law,… More