By Robert Milligan and Joshua Salinas
The Ninth Circuit’s important U.S. v. Nosal decision is gaining momentum. On September 14, 2011, a California district court in Facebook v. MaxBounty, the Honorable Jeremy Fogel, presiding, became one of the first courts to apply Nosal, reaffirming that the violation of computer use policies constitutes “exceeding authorized access” under the Computer Fraud and Abuse Act (CFAA). In doing so, Facebook arguably reinforced the legal protections for employers against employees who steal or remove electronic files or data in violation of their employers’ written computer-use restrictions.
Maxbounty is an online advertising and marketing company that drives internet traffic to its customers’ websites.
Facebook alleged that MaxBounty engaged in impermissible advertising and commercial activity on its website. Facebook alleged that MaxBounty created Facebook pages that were intended to re-direct unsuspecting Facebook users to third-party commercial websites.
Facebook brought a claim, inter alia, under the CFAA against MaxBounty for “knowingly and with intent to defraud, access[ing] of a protected computer without authorization or exceeding authority.” 18 U.S.C. § 1030(a)(4).
MaxBounty moved to dismiss Facebook’s CFAA claim per Federal Rule of Procedure 12(b)(6). MaxBounty argued that it could not act “without authorization” or “exceed authority” because Facebook granted MaxBounty access to the Facebook website.
This case is significant because it is one of the first cases to apply Nosal’s holding that the violation of computer-use policies constitutes “exceeding authorized access” under the CFAA. As discussed in our prior blog, Nosal provides employers in the Ninth Circuit with a clear CFAA remedy against dishonest employees who exceed their authorized access of their employers’ computer systems. Facebook fortifies that protection and encourages employers to take proactive steps with well written computer-use policies and procedures.