Academic journal article American University Law Review

Reining in the Rogue Employee: The Fourth Circuit Limits Employee Liability under the Cfaa

Academic journal article American University Law Review

Reining in the Rogue Employee: The Fourth Circuit Limits Employee Liability under the Cfaa

Article excerpt

The Fourth Circuit's opinion in WEC Carolina Energy LLC v. Miller reflects a growing trend among the courts to adopt a narrow code approach to employee liability under the Computer Fraud and Abuse Act. The case exacerbates the existing circuit split and reinforces the need for reconciling when an employee accesses a computer "without authorization." While resolution from the judiciary remains remote, Congress is engaged in a lively debate over the proper interpretation of the term "without authorization." Recent legislative proposals suggest that Congress has united in support of limiting liability for unauthorized access under the CFAA to the circumvention of technological barriers. Support for this restrictive interpretation signifies that until the ambiguity in the law is clarified, future undecided courts should follow in the Fourth Circuit's footsteps and adopt the code approach to determine employee liability under the CFAA.

INTRODUCTION

On January 2, 2013, the Supreme Court dismissed the petition for writ of certiorari in WEC Carolina Energy Solutions LLC v. Miller,1 leaving unresolved the vexing question of employee liability under the Computer Fraud and Abuse Act2 (CFAA). The case involved Mike Miller, former Project Director for WEC Carolina Energy Solutions (WEC), who used WEC's proprietary information to benefit a competing business.3 WEC permitted Miller to access the company's confidential and trade secret documents stored on his employer-provided laptop computer.4 On April 30, 2010, only twenty days after resigning from his position with WEC, Miller used the confidential information to make a pitch to a potential client on behalf of a competitor, Arc Energy Services, Inc. (Arc).5 Arc won the client's business, and WEC sued Miller and another participating colleague, asserting nine state-law charges as well as several violations of the CFAA.6

The CFAA, codified at 18 U.S.C. § 1030, is the nation's first and leading cybercrime statute. The statute grants employers a private right of action to hold employees liable for accessing a company computer "without authorization" or for "exceeding authorized access."7 Penalizing this conduct grows more imperative: a 2009 study conducted by the Ponemon Institute revealed that six out of every ten departing employees steal company data and described this figure as a growing problem of "malicious insiders."8 Unsurprisingly, following this expansion in the computer protection statute, employers have increasingly used the CFAA as a means to hold rogue employees accountable for using information obtained from a company computer in a manner that conflicts with the employer's interests.

WEC attempted to hold Miller liable under the CFAA precisely for his misuse of the company's confidential data.9 The Fourth Circuit affirmed that WEC failed to file a viable claim under the CFAA because WEC did not "allege that Miller... accessed a computer or information on a computer without authorization."10 This decision exacerbates the existing circuit split with respect to applying the CFAA to the employer-employee context. The Fourth Circuit aligns itself with the Ninth Circuit, which has adopted the narrow code approach to interpreting employee liability under the CFAA.11 In contrast, the Fifth, Seventh, and Eleventh Circuits have embraced a broader and more employer-friendly approach.12 The widening division among the circuits creates enormous problems for employers, as the CFAA's mandate directly affects what types of employee actions are culpable and what computer authorization protections the employer must implement to protect against intellectual property theft. Many scholars and commentators hoped that the Supreme Court would grant writ of certiorari to hear WEC and thus provide guidance to employers and unify the courts.13 Such resolution, however, remains elusive-on January 2, 2013, the Court dismissed WEC's petition for certiorari.14 In the midst of the jurisprudential confusion, Congress seeks to amend the CFAA to mitigate some of the statutory interpretation issues at the heart of the circuit split. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.