Cyber Law - Dismissing Employer's Claim under the CFAA against Former Employees Who Allegedly Misappropriated Trade Secrets

Article excerpt

Cyber Law--Dismissing Employer's Claim Under the CFAA Against Former Employees Who Allegedly Misappropriated Trade Secrets--WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012), cert. dismissed, 133 S. Ct. 831 (2013)

Among other things, the Computer Fraud and Abuse Act (CFAA) provides for civil and criminal penalties when a person, "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer." (1) Employers have increasingly sought relief under the CFAA against errant employees who download confidential and proprietary information from the employer's network files for their own benefit or for the benefit of a competitor. (2) In WEC Carolina Energy Solutions LLC v. Miller, (3) the Fourth Circuit Court of Appeals determined whether WEC Carolina Energy Solutions LLC (WEC) could maintain a CFAA claim against former employees and a competitor who allegedly misappropriated WEC's proprietary information. (4) The Fourth Circuit affirmed the district court's dismissal of the CFAA claim, holding WEC failed to adequately allege that former employees accessed its confidential and proprietary information "without authorization" or "exceed[ed] authorized access" as required under the statute. (5)

WEC had employed Mike Miller as a project director. (6) Emily Kelley was his assistant. (7) While working for WEC, Miller was provided with a laptop computer, a cell phone, and authorization to access the company's intranet and computer servers, which stored confidential and proprietary trade secret information. (8) Miller resigned from WEC on April 30, 2010, and subsequently began working at Arc Energy Services, Inc. (Arc). (9) WEC suspected that prior to resigning, Miller, or Kelley acting on behalf of Miller, downloaded a substantial amount of WEC's confidential information and forwarded it to a personal e-mail address. (10) Additionally, WEC suspected that Miller used the downloaded information in a presentation on behalf of Arc shortly after resigning. (11)

In October 2010, WEC sued Miller, Kelley, and Arc in federal district court alleging violations of the CFAA and nine state law causes of action. (12) WEC claimed Miller's and Kelley's actions impaired the "integrity of its data, programs, systems or information," and that as a result, it suffered economic damages. (13) The defendants moved to dismiss the federal CFAA claim and the district court granted dismissal, finding that WEC failed to state a claim under which the CFAA provided relief. (14) On appeal, the Fourth Circuit affirmed the district court's dismissal of the CFAA claim. (15) By affirming, the Fourth Circuit adopted a narrow reading of the provisions of the CFAA, holding that an employee accesses a computer "without authorization" or "exceeds authorized access" only when the employee accesses a computer without permission, or obtains or alters information beyond their authorized level of access. (16)

Early prosecutions of computer-misuse crimes relied on traditional property law notions of theft. (17) The crime of theft, however, was poorly equipped to handle the proliferation of computer offenses where deprivation of property was lacking. (18) Unsatisfactory application of traditional property laws and the absence of specific computer-misuse legislation led to heightened congressional interest and the passage of the Counterfeit Access Device and Computer Fraud and Abuse Act in 1984. (19) The CFAA has since been amended numerous times, and its scope broadened to include both criminal and civil liability, as well as application to all computers used in or affecting commerce. (20)

Although the original focus of the CFAA was primarily to deter computer hacking, it has been increasingly used by employers against "employee-hackers" who access and use confidential information in an anticompetitive or fraudulent manner. (21) The CFAA is an attractive alternative (or complement) to state law claims because it creates a basis for federal jurisdiction, provides injunctive relief, and does not require an employer to prove that the information accessed was secret. …