Although the trial court’s analysis was not extensive, it clearly found that allegations in a complaint that an employee used a computer program to delete information from a laptop and knowingly deleted information without authorization sufficiently states a Computer Fraud and Abuse Act claim so as to survive a motion to dismiss for failure to state a claim.
In Alliance International Inc. v. Todd, Civ. Action No. 5:08-CV-214-BR (E.D.N.C. July 22, 2008), the parties contested whether the former employees (now defendants) could be held liable for deleting information from company computers. Defendants argued, ultimately unsuccessfully, that plaintiff could not bring a cause of action under CFAA Subsection (a)(5)(A)(i) against two of the individual defendants because Alliance did not plead that those individuals downloaded a file erasure program. Subsection (a)(5)(A)(i) provides a cause of action against someone who
knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer . . .
18 U.S.C. § 1030(a)(5)(A)(i).
Defendants argued that "[a]n employee’s act of knowingly deleting files by hitting the ‘delete’ key could not plausibly give rise to criminal and civil liability under the CFAA." (Defs.’ Mem. of Law in Support of Mot. to Dismiss at 24 (filed May 29, 2008) (emphasis added). Not taking the bait to argue whether hitting the delete key constitutes a "command," Alliance merely contended that it met its pleading obligation under the CFAA by alleging that the defendants permanently deleted/destroyed information from Alliance computers.
The Court side-stepped both parties’ arguments, however, and found that the specific allegations in Alliance’s complaint, to wit that the defendants
(1) "deleted, removed and destroyed information, documents and/or data contained on . . . protected computers" and
(2) "knowingly caused the transmission of a program, information, code or command, including but not limited to, Net Eraser Trial, and as a result of such conduct, intentionally caused damage without authorization, to a protected computer" (citing paragraphs 62 & 63 of the complaint),
were sufficient to state a CFAA claim. Although clearly tailored to the facts at hand, the court’s decision could be persuasive authority for a plaintiff to withstand a Rule 12(b)(6) motion targeting similar allegations.
Not long after the Court’s ruling, on August 12, 2008, Alliance filed a stipulation of dismissal of the case, with prejudice, signaling a likely settlement with the defendants following the Court’s ruling in Alliance’s favor. The court’s opinion, nonetheless, as well as the parties’ briefing, is a ready resource for case citations on the issue of deletion as well as "authorization" under the CFAA, as the parties and the court cite to numerous federal cases on these issues.