Header graphic for print
Trading Secrets A Law Blog on Trade Secrets, Non-Competes, and Computer Fraud

Missouri Federal Court Finds Violations of Employment Agreement May Constitute Unlawful Access Under the Computer Fraud and Abuse Act

Posted in Computer Fraud and Abuse Act, Restrictive Covenants, Trade Secrets

By Paul Freehling and Joshua Salinas

A recent Missouri federal court opinion describes an almost unbelievable scenario. Employees signed well-drafted employment agreements — containing such provisions as non-competition, confidentiality, promise of loyalty, and commitment to return employer’s property within 24 hours of termination of employment — and then incorporated and operated a competitor company while still employed. Moreover, they transferred the employer’s computer source code to their own computers, delayed returning their ex-employer’s property after resigning, cleansed their computers before producing them pursuant to a court order, and never did turn over the source code. The court granted summary judgment to the ex-employer with respect to liability, with only damages issues left to be tried, on the breach of contract counts. The court also ordered a trial as to liability and damages with regard to the ex-employer’s CFAA and trade secret misappropriation claims. Custom Hardware Eng’r’g & Consulting, Inc. v. Dowell, Case No. 4:10CV000653 ERW (E.D.Mo., Jan. 23, 2013).

Custom Hardware Engineering (Custom) developed technology permitting its employees to monitor and trouble-shoot computers remotely. Employees signed agreements promising Custom (a) faithful performance and full time attention to its business; (b) non-competition; (c) the return of all of its property, and disclosure to Custom of all relevant passwords and codes, within 24 hours of employment termination; and (d) maintenance of the confidentiality of Custom’s trade secrets. Notwithstanding these commitments, several months before resigning from the company four employees transferred Custom’s source code to a file they created, and they formed and began operating a competing corporation. In addition, they violated their promises immediately upon termination to return Custom’s property and to disclose relevant passwords and codes. After Custom filed suit against them and their competing corporation, they were ordered to produce their personal computers for Custom’s inspection. Before complying, they erased pertinent information from the computers.

Custom’s complaint alleged copyright infringement, breach of contract, trade secret misappropriation, violation of CFAA, and various other claims. The court granted Custom’s motion for summary judgment as to liability with respect to breach of contract and ordered a trial regarding damages. The defendants’ motion for summary judgment as to counts alleging copyright infringement, misappropriation of trade secrets, and CFAA violations were denied, and a trial of all issues ordered. However, the defendants did prevail on their motion to dismiss, as preempted by the Missouri Uniform Trade Secrets Act, Custom’s claims of breach of fiduciary duty and the duty of loyalty, tortious interference with contract, unfair competition, conversion, and unjust enrichment.

One significant takeaway from this case was survival of the CFAA claim based on the employees’ violations of the employer’s Employment Agreement.  Specifically, the court stated:

“The terms of Defendant’s Employment Agreements clearly limit their use of CHE’s protected materials to the period of their employment, and for the benefit of CHE; consequently, any access by Defendants after their termination would be unauthorized, as would any access not used for CHE’s benefit.”

The court applied the “intended use” theory, which is a departure from the Ninth Circuits narrow interpretation of the CFAA and the Seventh Circuit’s agency law-based theory.   Courts in the Third, Fifth, Eighth, and Eleventh Circuits have applied the intended use theory to find “unlawful access” under the CFAA when employees violate company policies and agreements.

This case reminds us that an employer’s protection under the CFAA against rogue employees that steal valuable company data may simply depend on which jurisdiction they are in and/or the genius of counsel.