A U.S. District Court in Michigan recently granted partial summary judgment in favor of two individuals who were sued by their former employer, Dana Ltd., for violating the Computer Fraud and Abuse Act, 18 U.S.C. §1030 et seq.
The individuals admitted that, prior to their departure from Dana but after accepting employment with a competitor, they accessed and copied numerous Dana files and then erased or obliterated the files they had copied. Notwithstanding contrary authority, the court held that the CFAA only prohibits unauthorized access to an employer’s confidential data, regardless of motive, and the employees had the right to access Dana’s secret information. The CFAA also prohibits unauthorized alteration of computerized data, but the judge ruled that Dana failed to prove that it permanently lost significant information. Further, it was held that only officers and directors have a fiduciary duty to their employer, and these employees were neither officers nor directors. Dana Ltd. v. American Axle & Mfg. Holdings, Inc., Case No. 1:10-CV-450 (E.D.Mich., June 29, 2012).
Reviewing inconsistent federal court decisions as to whether the CFAA is violated by an employee who, though authorized to access confidential information, does so for personal reasons, the court sided with the opinions emphasizing that the statute addresses only unauthorized access and says nothing about an employee’s motive. Additionally, the court said leniency toward employees is required since the CFAA is primarily a criminal statute. Thus, the ruling on summary judgment was favorable to the employees. The ruling is also consistent with another Michigan district’s court decision on the issue that we previously blogged on.
The CFAA also prohibits unauthorized alteration of information stored in a computer. However, Dana backed up its files. It also allowed and/or required employees to delete or destroy duplicate copies of documents taken and not returned, and arguably that is what the individuals did. Moreover, the individuals denied destroying, and Dana had no evidence that they destroyed, either original files or information of importance.
Dana was successful in defeating summary judgment motions directed to its allegations that the individuals breached their confidentiality agreements and misappropriated Dana’s trade secrets, and that their new employer committed unfair competition and tortious interference. Contested issues of material facts prevented a pre-trial determination of these claims.
Sooner or later (unless Congress intervenes first), the U.S. Supreme Court will have to resolve the split among federal appellate courts regarding the CFAA’s scope — that is, whether an employee’s authorization to access the employer’s computer system automatically terminates when the system is used to injure the employer or contrary to computer usage policies. The Fifth, Seventh, and Eleventh Circuits have found liability under those theories. One wonders what the Supremes will make of it all and whether they will again overturn their friends from the Ninth Circuit.