Category Archives: Computer Fraud and Abuse Act

Rare Massachusetts Superior Court Decision Interpreting the CFAA Takes the Narrow View Without Squarely Addressing the Broad

            Judge Peter M. Lauriat of the Massachusetts Superior Court decided late last year that an employee who takes confidential documents from her employer’s electronic document system to use in a discrimination lawsuit against her employer is not liable to the employer under the Computer Fraud and Abuse Act (CFAA), especially when the employer knew about the lawsuit but nonetheless did not restrict the employee’s access to those documents while she was working for the employer. … More

CFAA and Noncompete News

            Over the past two months, several interesting items of Computer Fraud and Abuse Act (CFAA) and noncompete news have crossed my desk.  Below are summaries of the two most important items:

            1. Encryption Can Be a CFAA Violation: In early December, Judge Denise J. Casper of the U.S. District Court in Massachusetts ordered a former employee of a company to, among other things, disclose the password that he put on an important file on the company’s server because the company was likely to prevail on its CFAA claim against the employee under the “preliminary injunction”… More

Massachusetts Federal Court Refuses to Dismiss CFAA Claim But Permits the Defendants to Ask Again Later

            Echoing a new theme in the federal district court in Massachusetts, last month Chief Magistrate Judge Leo T. Sorokin refused to dismiss a Computer Fraud and Abuse Act (“CFAA”) claim brought against the former CEO of a company, but did so without prejudice, meaning that the defendants could ask the Court to dismiss the claim again later in the case.  Under the CFAA, “[a] defendant is liable where he or she ‘knowingly and with intent to defraud,… More

New Hampshire Struggles with First Circuit Precedent on the Computer Fraud and Abuse Act, Too

            An interesting article by Jeffrey Spear that appeared in the New Hampshire Bar News earlier this month shows that the federal district court in New Hampshire is struggling with the same question as the district court in Massachusetts: What is the proper interpretation of the Computer Fraud and Abuse Act (“CFAA”)?  The CFAA, as I have mentioned many times on this blog, is a federal statute that has been interpreted by various courts in essentially one of two ways: (1) an employee can be liable to an employer if the employee takes information from the employer’s computer system to a competitor,… More

There Is Now a Split Within the District of Massachusetts over the Proper Interpretation of the Computer Fraud and Abuse Act

            Massachusetts Lawyers Weekly reported two weeks ago on a very interesting decision from the District of Massachusetts by Judge Timothy Hillman that interprets the Computer Fraud and Abuse Act (“CFAA”).  There is now a split in how judges within the district interpret the CFAA, and this split can affect whether employers’ CFAA claims against employees survive.  Both Michael Rosen and I offer some commentary in the article, … More

Who’s at Fault for the CFAA Mess? Blame Congress!

            As readers of this blog know, there is a split among federal courts over the proper interpretation of the Computer Fraud and Abuse Act (CFAA).  Some courts, like the Ninth Circuit Court of Appeals on the West Coast, believe that the law is narrow and only imposes criminal and civil liability for “hackers,” people who actually “break in” to a company’s computer system to access information.  But other courts like the First Circuit based in New England think the law is broader and applies to disloyal employees as well. … More

Is the Computer Fraud and Abuse Act a Failed Experiment?

            As regular readers of this blog know, the courts are split over the proper interpretation of the Computer Fraud and Abuse Act (“CFAA”), in particular whether the CFAA should apply only to “hackers,” those who truly break into a computer system, or to those who misuse someone else’s data that they lawfully accessed as well.  In a recent Forbes article, Eric Goldman argues that the CFAA is,… More

The Split in the Circuit Courts Over the Proper Interpretation of the Computer Fraud and Abuse Act Actually Goes Three Ways

            I’ve written many times about the significant split in circuit courts’ interpretation of the Computer Fraud and Abuse Act (CFAA), which affects whether an employer can sue an employee for violating computer use restrictions, usually embodied in a confidentiality agreement or company IT policy, when an employee downloads confidential information he is permitted to access but then takes that information to a competitor.  The debate centers on when an employee “exceeds authorized access” under the text of the CFAA. … More

10 Important Pieces of Noncompete, Trade Secret, and Computer Fraud News

During this past fall and much of the winter, I was serving as a Special Assistant District Attorney in Norfolk County, Massachusetts, which didn’t give me much time to blog. So, to steal a technique that John Marsh uses every week to supplement his excellent posts on the Trade Secret Litigator blog, here are some short discussions of interesting cases and articles I came across over the past few months.… More

The Supreme Court Will Not Review the Computer Fraud and Abuse Act (for Now)

Back in November, I wrote about how a plaintiff in a lawsuit involving the Computer Fraud and Abuse Act (CFAA) decided to appeal its case to the Supreme Court.  I explained that the CFAA is interpreted differently by the different federal circuit courts; depending on what state you are in, you might get a different result in a CFAA case.  Some circuits, like the First Circuit that covers most of New England,… More

The Supreme Court Now has the Opportunity to Review the Computer Fraud and Abuse Act

I have written much on this blog about the Computer Fraud and Abuse Act (“CFAA”) and the split among the federal circuit courts of appeals over how it should be interpreted.  (See my prior posts here.)  The issue being debated among the circuits is whether CFAA claims should only be permitted against an employee who “hacks” into an employer’s computer system, or should also be permitted against an employee who has access to an employer’s information,… More

The Key to Protecting Confidential Information from Being Taken by a Departing Employee to a Competitor: Planning

BNA has published a good article by David A. McManus, Prashanth Jayachandran, and Jason Burns on how an employer can protect its confidential information from being taken by a departing employee to a competitor.  The key is to have a plan.  Some of their more interesting points include:

  • In addition to having certain employees sign non-disclosure agreements, an employer should have employees who use their own electronic devices to access company information sign a separate agreement permitting the employer to inspect the devices and delete company information upon termination of employment.…
  • More

Solicitor General’s Decision Not to Seek Supreme Court Review of the Ninth Circuit’s Decision in United States v. Nosal Makes Viability of Certain Computer Fraud and Abuse Act Claims Dependent on Where an Employer Can File Suit

Law360 reported yesterday that, with the Solicitor General’s decision not to seek Supreme Court review of the Ninth Circuit’s decision in United States v. Nosal, “whether an employer can bring [Computer Fraud and Abuse Act] claims against employees who steal company data in violation of computer usage policies depends on where the employer can file suit.”  I anticipated this would be the case back in April. … More

New Hampshire Federal Court Interprets the Computer Fraud and Abuse Act More Narrowly Than Massachusetts Federal Court and Dismisses Claims Based on Violations of Computer Use Restrictions

A recent case from the U.S. District Court for the District of New Hampshire highlights the split between the District of New Hampshire and the District of Massachusetts over the proper interpretation of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, in particular the phrase “exceeds authorized access.”  Under various provisions of the CFAA, an individual can be liable if certain conditions are met for exceeding his or her authorized access to information in a computer. … More

New York Appellate Division Picks a Side in the Computer Fraud and Abuse Act Circuit Split in Two Sentences

One issue I’ve written about here and here is the split among the federal circuit courts regarding the interpretation of the Computer Fraud and Abuse Act (CFAA) as it applies to employees who steal their employers’ confidential information.  The Ninth Circuit takes a narrow view, saying that the CFAA only applies to employees when “hacking” is involved.  But the First Circuit (which includes Massachusetts) and other circuits interpret the act to apply more broadly to include instances where an employee violates the terms of an employer’s computer use policy. … More

I’m Quoted in a Massachusetts Lawyers Weekly Article on the Computer Fraud and Abuse Act

I’m quoted in this week’s edition of Massachusetts Lawyers Weekly in an article that discusses the differences between Ninth Circuit and First Circuit case law interpreting the Computer Fraud and Abuse Act.  (The First Circuit includes Massachusetts.)  The article also explains how this circuit split affects claims against employees who take confidential information from their former employers.  The article originally appeared in Lawyers USA magazine and is available here.… More

My Article on the Implications of United States v. Nosal Appears in This Month’s Massachusetts Lawyers Journal

My article on the recent Ninth Circuit decision in United States v. Nosal, a case concerning the Computer Fraud and Abuse Act that has created a split in the case law with the First Circuit, appears in this month’s Massachusetts Lawyers Journal.  The circuit split affects claims by employers against former employees for theft of confidential information.  Read the article here (it’s on page 18). … More

Ninth Circuit En Banc Decision Creates Circuit Split with First Circuit that Affects Employer Claims Against Employees under the Computer Fraud and Abuse Act

Below is an article that I wrote for the June edition of Massachusetts Lawyers Journal, the monthly publication of the Massachusetts Bar Association. It discusses an important case that interprets the Computer Fraud and Abuse Act and the split in the law that case has created with the First Circuit, which includes Massachusetts.

The U.S. District Court for the District of Massachusetts has noted that employers are increasingly using the federal Computer Fraud and Abuse Act (CFAA) “to sue former employees and their new companies who seek a competitive edge through wrongful use of information from the former employer’s computer system.” But in April,… More

Second Circuit Reverses Convictions in Data-Theft Prosecution and Narrowly Interprets Federal Criminal Statutes with Important Intellectual Property Implications

My colleague Daniel Marx has written an excellent summary and analysis of United States v. Aleynikov, a Second Circuit decision that affects interpretations of the Computer Fraud and Abuse Act, National Stolen Property Act, and Economic Espionage Act.  It is available on our Security, Privacy and the Law Blog.  Importantly, as Dan explains, the district court’s narrow interpretation of the CFAA in that case remains good law,… More