A designer and marketer of stereophonic technology for presenting 3-D imaging on a computer screen recently sued some ex-employees in a California federal court for allegedly violating the federal Computer Fraud and Abuse Act (CFAA), among other claims. At some point, the ex-employees allegedly downloaded their former employer’s confidential computer code and provided it to their new employer, a competitor. The defendants moved to dismiss on the grounds that there was no allegation as to exactly how or when the ex-employees obtained the code. In response to the motion, the plaintiff said it would need discovery in order to ascertain that information.
The court granted the motion and dismissed the complaint for failure to plead “facts giving rise to a valid claim under the CFAA.” The plaintiff was allowed 30 days “to amend, keeping in mind Rule 11 [the federal civil procedure sanctions rule], if Plaintiff is able to plead facts giving rise to a valid CFAA claim.” Metabyte, Inc. v. Nvidia Corp., Case No. 12-0044 SC (N.D. Cal., Apr. 22, 2013).
The CFAA prohibits “access[ing] a computer without authorization or exceed[ing] authorized access.” Some federal courts, such as the Ninth Circuit Court of Appeals, interpret that phrase narrowly and typically only find a violation if the “access” occurs by someone who was not authorized to use that computer or in excess of that authorization. See, e.g., U.S. v. Nosal, 676 F.3d 854 (2012) (en banc) and LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (2009).
Some other federal courts, including the Seventh Circuit Court of Appeals, disagree. They hold that, under the CFAA, use of a computer to misappropriate is unlawful even though the user was authorized to access the computer for lawful purposes. See, e.g., International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2008).
In addition to charging the individual defendants with violation of the CFAA, Metabyte accused Nvidia of violating the California Unfair Competition Law (UCL). Nvidia moved to dismiss the claim on the ground that it was pre-empted by the U.S. Copyright Act because Metabyte simply accused Nvidia of selling copies of products for which Metabyte had a copyright. The court agreed and dismissed that claim with prejudice.
Metabyte pled some causes of action besides those based on the CFAA and the UCL. For example, Metabyte claimed copyright infringement, breach of contract, and misappropriation of trade secrets. With respect to the CFAA claim, however, there is little likelihood that within a period as short as 30 days Metabyte will be able to learn sufficient relevant facts to adequately support an allegation of hacking or other actionable conduct. In the future, plaintiffs averring CFAA violations for misappropriation of confidential information by use of a computer, but uncertain exactly how or when the defendant obtained the information and/or access to the computer, would be well advised to carefully consider whether the federal circuit in which they plan to sue permit such claims.