Header graphic for print
Trading Secrets A Law Blog on Trade Secrets, Non-Competes, and Computer Fraud

Pennsylvania Federal Court Dismisses Employee’s Computer Fraud and Abuse Act Claim Based Upon Employer’s Alleged Improprer Access of LinkedIn Account: No Cognizable Damages

Posted in Computer Fraud, Computer Fraud and Abuse Act, Practice & Procedure, Trade Secrets

By Jessica Mendelson and Robert Milligan

Ownership of company social media accounts has recently become a hot topic in the legal industry, and with its decision in Eagle v. Morgan, 2012 WL 4739436, E.D.Pa., October 04, 2012 (NO. CIV.A. 11-4303) this past week, the Eastern District of Pennsylvania has added fuel to the fire.

Edcomm, a banking education company, was initially run by Dr. Linda Eagle. In 2010, Sawabeh Information Services Company (“SISCOM”) purchased the outstanding common shares of Edcomm. While she was president of the company, Dr. Eagle established an account on LinkedIn. Another employee assisted her in maintaining the account, which was used “to promote Edcomm’s banking education services; foster her reputation as a businesswoman; reconnect with family, friends, and colleagues, and build social and professional relationships.” Edcomm’s general, informal policy was that when an employee left the company, the company would, in effect, “own” the account, and could “mine” the incoming traffic and the information on the account, as long as its actions did not rise to the level of stealing an employee’s identity.

Eagle initially remained the CEO of the company, but was allegedly fired by the defendants in June 2011. Sandy Morgan was appointed interim CEO. Edcomm changed the password for Eagle’s LinkedIn account and replaced her name and photo with that of Sandy Morgan and blocked Eagle’s access to the account. Eagle initiated this lawsuit in July 2011. Defendant Edcomm counterclaimed, and in December 2011, this court dismissed Edcomm’s own CFAA claims against Eagle. For additional background, see our prior post on this case here. In July 2012, defendants filed a motion for summary judgment.

On October 4, 2012, the U.S. District Court for the Eastern District of Pennsylvania granted defendants’ motion for summary judgment on Eagle’s Computer Fraud and Abuse Act and Lanham Act claims. The court denied summary judgment with respect to the state claims asserted by Eagle.

The court dismissed the CFAA claim, finding Eagle had not shown a legally cognizable loss or damages suffered during the brief period in which she could not access her LinkedIn account. Eagle alleged she had missed out on professional opportunities because she lacked access to her account. However, according to the court, typically CFAA damages are limited to cases where a plaintiff lost money because her computer was inoperable or damaged, neither of which was the case here. Instead, Eagle alleged loss of potential business opportunities. According to the court, such speculative losses are “simply not compensable under the CFAA.” The court further objected to Eagle’s failure to quantify damages: Eagle provided “absolutely no evidence in support” of her damages claims.

In addition, the court dismissed the Lanham Act claim for failure to show a likelihood of confusion. Here, the defendants had switched the name and photo on the account, replacing Eagle’s name and image with that of Morgan. Although it may have diverted Eagle’s contacts, the defendants did not try to “pass off” Morgan as Eagle, nor did they suggest Eagle endorsed her in any capacity. As such, defendants’ actions would merely serve to divert Eagle’s contacts, rather than confuse them.

The court retained jurisdiction over Eagle’s state law claims. The case is scheduled to go to trial on October 16. Among the claims that will be addressed at that time are invasion of privacy by misappropriation of identity, tortious interference with contract, unauthorized use of name in violation of Pa. C.S. § 8316, misappropriation of publicity, identity theft under Pa. C.S. § 8316, conversion, civil conspiracy, and civil aiding and abetting. Ultimately, the court’s resolution of the conversion claim may resolve the ownership issue regarding the LinkedIn account.

This case is emblematic of significant controversies faced by the courts and the legislature with respect to social media. The courts have begun to grapple with issues such as whether social media accounts and followers can be owned, misappropriated, converted, transferred, or assigned, who may be liable when someone loses access to their social media accounts and followers, what damages are recoverable, and what is a personal social media account versus a company social media account. These issues have already arisen in cases such as Phone Dog, Christou v. Beatport, LLC and Piggy Paint, and will likely continue to arise in the future.

As social media disputes have become more prominent in the courts, the issues have become a hot topic in the state and federal legislatures. As of now, the current legislative debate on social media is primarily focused on prohibiting the turnover of user names and passwords for personal social media accounts by employees and prospective hires. California recently joined Maryland and Illinois in passing legislation prohibiting employers from requiring access to employees’ and prospective hires’ ”personal” social media. “Personal” is not defined, however, in the California statute and “social media” has a very broad definition that may encompass any “personal” digital information. In the future, the larger issues are likely to focus on the extent to which companies can assert ownership interests in social media accounts, including the passwords, contacts, and other information contained in the accounts, defining the distinction between between personal and work accounts, and developing appropriate protections to ensure that company trade secrets and confidential information are not leaked on “personal” social media without invading privacy and other legal protections.

The takeaway message from this case is to be proactive and develop social media policies and agreements concerning these issues before the need actually arises. Agreements and policies should establish who owns the company social media account, and specify a procedure for returning login information upon termination. Employees should be reminded of the agreements and policies at the time of termination and employers should ensure that they obtain the relevant usernames and passwords. Additionally, the company should register or create the account, and change the password at the time of termination in order to avoid confusion. Agreements and control over the account are key in such disputes, as it speaks to who actually owns the account. Please also see Eric Goldman’s informative and insightful blog entry on this new decision.

We will continue to keep you apprised of future developments in this case and similar social media ownership/trade secret issues.