The U.S. Circuit Courts of Appeals are currently split over how broadly the Computer Fraud and Abuse Act (“CFAA”) should be interpreted. A recent decision out of the Eastern District of Michigan highlights this split and examines the ways in which the courts have interpreted the statute before deciding to adopt a narrow interpretation of civil liability under the CFAA.
On May 14, 2012, Judge Marianne O. Battani of the Eastern District of Michigan decided the case of Ajuba International , LLC v. Saharia. As a condition of his employment, Mr. Saharia, the defendant, signed an employment agreement with the plaintiffs, along with a non-compete agreement prohibiting him from competing with Ajuba International or soliciting any of its employees. Once the agreement expired, Saharia entered into a new agreement with Ajuba International’s subsidiary, Ajuba India. Under the terms of this agreement, Saharia acted as Ajuba India’s president. Unbeknownst to the plaintiffs, however, at the same time, Saharia had established his own company, AGS India, to compete directly with their company. Allegedly, Saharia then hired multiple key management personnel from AGS India, interfered with the plaintiffs’ business relationships to advance his own interests, and misappropriated trade secrets and other confidential information. The plaintiffs sued in federal court alleging a number of causes of actions, including a violation of the CFAA.
The dispute between the parties over whether a CFAA violation actually occurred highlights an ongoing circuit split over the statute’s prohibition of unauthorized use. Under the CFAA (18 U.S.C. §1030(a)(5)(c)), it is a crime for a current or former employee to intentionally access a protected computer issued or owned by their employer “without authorization” or in a manner that “exceeds authorized access” leading to damage and loss. However, how the phrases “without authorization” and “exceeds authorized access” are interpreted varies between the circuits.
Some courts, including the Ninth Circuit, have construed the terms of the statute in a narrow manner. In LVRC Holdings L.L.C. v. Brekka, the court found that an employee’s misuse or misappropriation of an employer’s confidential or proprietary information is not “without authorization” as long as the employer has given permission to the employee to access this information. Similarly, federal district courts in the Southern District of New York and the District of Arizona, adopted narrow approaches in Orbit One Communications v. Numerex and Shamrock Foods Co v. Gast, respectively. In both cases, the courts held that the CFAA prohibits improper access of computer information, but did not prohibit misuse or misappropriation. As such, once an employee receives authorization to access the employer’s computer, he or she does not violate the CFAA if he proceeds to subsequently use that information improperly.
By contrast, other courts, including the First, Eleventh, Fifth and Seventh Circuit, have interpreted the CFAA more broadly, finding that it prohibits violations of an employer’s computer use restrictions, or a breach of the employee’s duty of loyalty to the employer, which stems from the agency doctrine. Under this approach, “an employee accesses a computer without authorization whenever, without the employer’s knowledge, acquires an interest that is adverse to that of his employer or is guilty of a serious breach of loyalty.” Guest-Tek Interactive Entm’t, Inc. v. Pullen, 665 F. Supp. 2d 42, 45 (D. Mass. 2009).
In examining this particular case, Judge Battani found that the Sixth Circuit yet to address the meaning of either “without authorization” or “exceeds authorized access” within an employment context, however, in other contexts, the court had taken the narrow approach. Similarly, two separate district courts within the Sixth Circuit had both confronted the circuit split, and each had adopted the narrow approach. As such, Judge Battani chose to adopt the narrow approach in this case, finding that even if misappropriation occurred, because the initial access was authorized, it was not in violation of the CFAA.
Judge Battani relied on three main principles in adopting the narrower interpretation of the CFAA: first, the legislative history was consistent with such a finding; second, the statutory canon of avoiding absurd results and the rule of lenity find in favor of such a holding; finally, the plain meaning of the statute compels a narrow interpretation. Similarly, the court’s holding suggests that the broader interpretation is not based on statutory authority suggesting that misappropriation is included under the CFAA, nor is there any reason to suggest that Congress intended to interpret the CFAA so broadly as to convert a violation of the duty of loyalty into a federal offense.
The Solicitor General is presently deciding whether to seek Supreme Court review of the Ninth Circuit’s decision in U.S. v. Nosal, which reached a similar result as Judge Battani in Ajuba International , LLC v. Saharia.