shutterstock_170169599Last summer was a busy time for legislators in Massachusetts mulling over non-compete reform. As we reported here and here, several competing bills were in play as the legislative session drew to a close, including a compromise bill that was passed in the state Senate but ultimately failed to advance in the House. You may even recall that then-Governor Deval Patrick introduced a bill that would have banned all non-compete agreements in Massachusetts, with a few very limited exceptions, which also failed to go anywhere. In keeping with what appears to have become a perennial tradition in Massachusetts, the legislative session ended with a whimper, at least with respect to non-compete reform, although Governor Patrick introduced a watered-down version after the legislative session ended, which also stalled.

Fast forward nearly a year, and the subject of non-compete reform (and the adoption of the Uniform Trade Secrets Act, which was also a hot topic last year) is largely absent from the halls of the statehouse, with none of the pending bills having even made it to a committee hearing. Many see this relative silence as a function of Governor Charlie Baker’s (presumed) more moderate stance on non-competes as compared to his predecessor, who was a staunch advocate of doing away with non-competes altogether. Indeed, much like his fellow candidates at the time, Governor Baker was relatively tight-lipped during his campaign on the topic of non-competes.

As reported by Massachusetts Lawyers Weekly (password required), Governor Baker has made two appointments recently that have observers pondering whether he is in fact opposed to non-compete reform. First, shortly after the election, Governor Baker appointed attorney Andrew P. Botti to his transition team subcommittee on jobs and the economy. Botti has been an outspoken critic of then-Governor Patrick’s bill proposing to ban non-competes in the Commonwealth, largely on behalf of the Smaller Business Association of New England.

More recently, and perhaps more significantly, in April, Governor Baker appointed Paul T. Dacier, the executive vice president and general counsel of EMC Corporation, to be the chairman of Baker’s Judicial Nominating Commission. EMC has earned a reputation as being a strong supporter of non-compete agreements, and as those familiar with some of the leading non-compete cases in Massachusetts know, EMC has frequently sought to enforce its non-compete agreements in the courts. Some have speculated that Governor Baker’s appointment of Dacier is a sign that the governor is directly opposed to non-compete reform.

Not surprisingly, those in Governor Baker’s camp have denied that these appointments have any hidden meaning, with Botti pointing to Governor Baker’s desire to tackle more urgent issues, such as the performance of the MBTA during this year’s record-breaking winter and the state budget. Even supporters of non-compete reform, such as Representative Lori Ehrlich, have largely attributed the lack of progress to disagreements between the state House of Representatives and Senate regarding committee rules, not lack of support from the Governor’s Office. However, Rep. Ehrlich did note that Dacier’s appointment “is certainly a concern.”

So, as we head into the dog days of summer (most welcome after the winter), it appears that non-compete reform is not at the top of the legislative agenda in Massachusetts. As always, we will keep you informed of any significant developments.

Top_tier_firmsThe 2015 edition of The Legal 500 United States recommends Seyfarth Shaw’s Trade Secrets group as one of the best in the country.

Nationally, our Trade Secrets practice retained its position in Tier 2. For the second year in a row, our practice has been named to the shortlist for best trade secrets practice in the U.S., and we are very pleased to report that Seyfarth is one of four firms shortlisted for 2015 Law Firm Award for Trade Secrets Litigation. We expect the award winner to be announced on Wednesday, June 10th.

Based on feedback from corporate counsel, two Seyfarth partners, Michael D. Wexler and Jason P. Stiehl were recommended in the editorial.

The Legal 500 United States is an independent guide providing comprehensive coverage on legal services and is widely referenced for its definitive judgment of law firm capabilities. The Legal 500 United States Awards 2015 is a new concept in recognizing and rewarding the best in-house and private practice teams and individuals over the past 12 months. The awards are given to the elite legal practitioners, based on comprehensive research into the U.S. legal market.

WebinarOn Tuesday, June 23, 2015 at 12:00 p.m. Central, Robert Milligan, James McNairy and Joshua Salinas will present the fifth installment in our 2015 Trade Secrets Webinar Series. They will focus on recent legal developments in California trade secret and non-compete law and how it is similar to and diverse from other jurisdictions, including: a discussion of the California Uniform Trade Secrets Act, the interplay between trade secret law and Business and Professions Code Section 16600, which codifies California’s general prohibition of employee non-compete agreements, and recent case developments regarding non-compete agreements and trade secret investigations. The panel will discuss how these latest developments impact counseling, litigation and deals involving California companies.

Summary of Topics:

  • Defining and understanding trade secrets in California, including recent legal developments regarding the protection of ideas and confidential information
  • California’s public policy against employee non-compete provisions and recent cases addressing non-compete, non-solicitation, and no hire agreements
  • Effectively protecting trade secrets and conducting trade secret investigations
  • Recent cases regarding alleged bad faith prosecution of trade secret claims
  • How forum selection, choice of law and arbitration clauses may affect non-compete and non-disclosure agreements
  • Effectively utilizing non-compete and other restrictive covenants in business deals in California

Our panel consists of attorneys with extensive experience advising clients on trade secret and non-compete issues, including litigating trade secret cases, drafting protection agreements, conducting trade secret audits and drafting/challenging non-compete provisions.

Registration

There is no cost to attend this program, however, registration is required.

register

If you have any questions, please contact events@seyfarth.com.

*CLE Credit for this webinar has been awarded in the following states: CA, IL, NJ and NY. CLE Credit is pending for GA, TX and VA. Please note that in order to receive full credit for attending this webinar, the registrant must be present for the entire session.

shutterstock_224796712By: Ofer Lion, Douglas M. Mancino, and Christian Canas

Unwelcome news for charities concerned with donor confidentiality

A recent court ruling1 upheld the position of the California Attorney General (AG) requiring that charities located or operating in California provide a copy of their unredacted Form 990 Schedule B, including the names, addresses and contribution amounts for all donors listed.  While the AG has indicated that the information will not be made publicly available, the ruling is unwelcome news for charities concerned about protecting donors’ identities.  The collection of sensitive donor information from charities appears to be a growing trend by state Attorneys General.  Affected charities, including out-of-state charities soliciting or otherwise operating in California should review their donor confidentiality policies and disclosures to ensure that their donors are aware of such requirements.

Regulation of Charities Located or Operating in California

Most California charities and certain out-of-state charities are required to register and file an annual report (Form RRF-1) with the AG’s Registry of Charitable Trusts.  Religious organizations, educational institutions, hospitals and health care service plans are exempt from this registration and reporting.

A copy of the charity’s annual return (Form 990) must be included with the annual report.  The AG recently began treating annual reports submitted without Schedule B (or with a redacted Schedule B) as incomplete.  Failure to file a complete report generally results in penalties, fees and the loss of California income tax exemption.

Several states, including New York, have a similar filing requirement.  Both the California and New York AGs note that their policy is not to disclose Schedule B to the public.  However, there is no guarantee that their disclosure policies will not change in the future and it is unclear if the donor information, once in the possession of a state’s AG, would be subject to a request for disclosure under that state’s public records act.

Schedule B – Donor Disclosure

Schedule B to the Form 990 is used to disclose to the IRS the reporting organization’s significant donors (generally those who contribute over $5,000 in cash or property), including their names, addresses, and contribution amounts.  Tax-exempt organizations are generally required to make available for public inspection and copying their three most recent annual returns, including copies of all schedules, attachments and supporting documents filed with these returns.  Most such returns are posted and publicly available at no cost on third-party websites, such as Guidestar.org.

However, except for private foundations (Form 990-PF filers) and section 527 political organizations, public disclosure of the names and addresses of contributors set forth on Schedule B generally is not required, and the Schedules B of those organizations typically do not appear when posted online.

The Center for Competitive Politics, a Virginia nonprofit registered with the California AG, challenged the AG’s unredacted Schedule B filing requirement.  It argued that the disclosure violates its and its supporters’ First Amendment rights to freedom of association and that certain nondisclosure rules under federal law preempt the state requirement.

The Ninth Circuit affirmed an earlier decision to deny the Center’s motion for a preliminary injunction, rejecting the Center’s arguments and concluding that the disclosure requirement bears a substantial relation to a sufficiently important government interest and is facially constitutional.2

However, the Court left open the possibility that the Center could show a reasonable probability that the compelled disclosure of its contributors’ names will subject them to threats, harassment or reprisals that would warrant relief on an “as-applied” challenge.  Such a challenge, Americans for Prosperity Foundation v. Harris,3 is pending in the Ninth Circuit.  So, the Court may soon carve such an exception out of California’s filing requirement, or not.

Out-of-State Charities with a California Presence Subject to Disclosure

Out-of-state corporations that are (1) “doing business” in California for charitable purposes or (2) “holding property” in California for such purposes are subject to the AG’s registration and filing requirements, as well as a whole host of other regulations generally applicable to California charities.4

“Doing business” is not a defined term, but generally requires that a corporation conduct some systematic or ongoing activity in California.  The AG has issued limited examples of activities that, if conducted in the state, would constitute doing business in California, including: (1) soliciting donations by mail, by advertisements in publications, or by any other means from outside of California, (2) holding board or membership meetings, (3) maintaining an office, (4) having officers or employees who perform work, and/or (5) conducting charitable programs.  Grantmaking in California, by itself, generally is not considered doing business in California.

The second basis for subjecting an out-of-state charity to the reporting and registration requirements is “holding property” in California for charitable purposes.  Unfortunately, the AG’s office has not issued guidance on the distinction between holding property for charitable purposes and holding property for investment or other non-charitable purposes other than a brief statement on its website that maintaining “financial accounts or investments at an office of a financial institution located in California” does not constitute doing business in California.

Out-of-state charities that may meet the above requirements and are not currently registered with the AG’s Registry of Charitable Trusts may wish to consider contacting local counsel for advice regarding their California operations to avoid or minimize potential penalties.

Conclusion

The recent Center for Competitive Politics decision exemplifies what we expect to be a growing trend by state Attorneys General to demand sensitive donor information from charities operating or soliciting in those states.  Charities should continue to heed the Schedule B instructions and not include Schedule B in filings with states that do not require it, as those states may inadvertently disclose the charity’s donor information to the public.5

___________________________

1 Center for Competitive Politics v. Harris, No. 14-15978 (9th Cir. May 1, 2015).

2 On May 15, 2015, the Center filed with the U.S. Supreme Court (Justice Kennedy) an application for an injunction to block the disclosure pending the filing and disposition of a petition for a writ of certiorari. In a setback to the Center, the application was denied without prejudice to renewal in light of any further developments.

3 Americans for Prosperity Foundation v. Harris, No. 2: 14-cv-09448-R-FFM (C.D. Cal. Feb. 23, 2015).

4 For a detailed discussion of California requirements that extend to out-of-state charities, see Mancino, “California Regulation of Out-of-State Charities,” 17 Taxation of Exempts 6 (May/June 2006).

5 Schedule B, Page 5 (General Instructions: Public Inspection), available at http://www.irs.gov/pub/irs-pdf/f990ezb.pdf.

shutterstock_134112389As we have frequently reported in this blog, social media privacy issues increasingly permeate the workplace.  For example, earlier this year, Montana and Virginia joined a growing number of states in enacting laws restricting employer access to the social media accounts of applicants and employees.  With Governor Dannell Malloy’s approval of similar legislation in Connecticut on May 21, the Constitution State has now become the latest state to follow this trend.

Connecticut’s law (Public Act 15-6) becomes effective October 1, 2015 and is generally similar to social media privacy laws enacted in other states.  Under the new Connecticut law, employers may not:

  • Request or require that an employee or applicant provide such employer with a user name and password, password or any other authentication means for accessing a personal online account;
  • Request or require that an employee or applicant authenticate or access a personal online account in the presence of such employer;
  • Require that an employee or applicant invite such employer or accept an invitation from the employer to join a group affiliated with any personal online account of the employee or applicant; or
  • Fail or refuse to hire any applicant as a result of his or her refusal to (A) provide such employer with a user name and password, password or any other authentication means for accessing a personal online account, (B) authenticate or access a personal online account in the presence of such employer, or (C) invite such employer or accept an invitation from the employer to join a group affiliated with any personal online account of the applicant.
  • In addition, like social media privacy laws in other states, the new Connecticut law has an anti-retaliation provision stating that employers may not “discharge, discipline, discriminate against, retaliate against or otherwise penalize any employee who (A) refuses to provide such employer with a user name and password, password or any other authentication means for accessing his or her personal online account, (B) refuses to authenticate or access a personal online account in the presence of such employer, (C) refuses to invite such employer or accept an invitation from the employer to join a group affiliated with any personal online account of the employee, or (D) files, or causes to be filed, any complaint, whether verbally or in writing, with a public or private body or court concerning such employer’s violation of [the law].”
  • The new law authorizes aggrieved employees and applicants to file complaints with the Connecticut Labor Commissioner, who is required to conduct an investigation and may hold an evidentiary hearing.  Remedies and penalties for violation of the statute include recovery of attorneys’ fees and costs by the aggrieved employee or applicant, back pay, rehiring or reinstatement, reestablishment of employee benefits, and civil penalties.
  • Despite the somewhat onerous penalties that employers can face for violations of the statute, the new law does contain some important exceptions.  Under the statute, employers are not prevented from:
  • Conducting an investigation for the purpose of ensuring compliance with applicable state or federal laws, regulatory requirements or prohibitions against work-related employee misconduct based on the receipt of specific information about activity on an employee or applicant’s personal online account,
  • Conducting an investigation based on the receipt of specific information about an employee or applicant’s unauthorized transfer of the employer’s proprietary information, confidential information or financial data to or from a personal online account operated by an employee, applicant or other source;
  • Monitoring, reviewing, accessing or blocking electronic data stored on an electronic communications device paid for, in whole or in part, by an employer, or traveling through or stored on an employer’s network, in compliance with state and federal law; or
  • Complying with the requirements of state or federal statutes, rules or regulations, case law or rules of self-regulatory organizations.

As other states join the growing chorus of states enacting social media privacy laws, we will continue to report of the latest developments.  In the meantime, employers should review their policies and procedures to ensure that they are up-to-date with the latest legislative enactments.

shutterstock_186292982In Illinois federal court, a plaintiff alleged aspects of their LinkedIn group were trade secrets misappropriated by the defendant. The defendant moved to dismiss for failure to state a claim. The court denied the motion in part and granted in part, ruling that portions of social media groups may be protectable under the state’s trade secret law. CDM Media USA, Inc. v. Simms, Case No. 14-cv-9111 (N.D. Il., Mar. 25, 2015) (Shah, J.).

Summary of the case. This case concerns the ownership rights to private social media groups. The plaintiff, CDM Media USA, created a private LinkedIn group for CIOs and other IT executives interested in CDM events. The defendant, Robert Simms, was the point person for this group while he was employed at CDM. When Simms resigned from CDM, he allegedly refused to return the group’s membership list and communications to CDM and later allegedly used the materials to compete against CDM by attempting to solicit CDM’s current and potential customers and vendors. CDM filed suit alleging, among other things, violation of the Illinois Trade Secrets Act. Simms filed a motion to dismiss for failure to state a claim. The court denied the motion with respect to the group’s membership list but granted the motion with respect to “confidential information” contained in the group.

Legal standards under the Illinois Trade Secrets Act. A claim under the Illinois Trade Secrets Act requires the plaintiff allege (1) they have a trade secret (2) that was misappropriated (3) using the defendant’s business. “Trade secret” under the act requires the information sought to be protection derive economic value from its secrecy and that the information be subject to reasonable efforts of secrecy and confidentiality.

The Court’s ruling. Regarding the group’s membership list, the Court denied the motion to dismiss stating there was too little known about the contents, etc. of the group at the present stage of litigation to rule on the issue as a matter of law, without further factual inquiry. However, the Court granted the motion to dismiss regarding the “confidential information” contained in the group stating CDM’s blanket allegations, i.e., that the LinkedIn group contained confidential information, were insufficient. According to the Court, the plaintiff must allege certain messages or classes of messages contain trade secrets and what it is about the messages that satisfy the trade secrets definition.

Takeaways. Whether or not membership lists of private social media groups are protectable under Illinois trade secret law will likely depend on the privacy/confidentiality measures employed to protect to information and whether the information economic value from its secrecy. Regardless, it is safe to say that in no circumstances will a public group’s membership list be protectable because they lack a fundamental tenet of trade secret law, i.e., the information must be “secret.” Moreover, information contained within a private social media group, such as messages, may be protectable. However, for protection to exist, information within the group desired to be protected must be identified with some specificity and have independent economic value. For more on this topic, please join us for today’s webinar Employee Social Networking: Protecting Your Trade Secrets in Social Media

shutterstock_272870042By Adam Vergne and Chuck Walters

Following a national trend, Montana and Virginia have become the nineteenth and twentieth states to enact laws restricting employer access to the social media accounts of applicants and employees.[1]

Virginia’s law, which takes effect on July 1, 2015, prohibits requesting (or requiring) the disclosure of usernames and/or passwords to an individual’s social media account.  In addition, the law prohibits any requirement to change privacy settings or add a manager to the “friend” or contact list associated with a particular social media account.  In addition to prohibiting the disclosure of usernames and passwords, under Montana’s new law, which took effect April 23, 2015, an employer is prohibited from requiring the disclosure of any information associated with a social media account or requesting an employee or applicant access a social media account in the presence of the employer.  As is common with such legislation, both statutes contain an anti-retaliation provision that prohibits an employer from taking any adverse actions against individual that exercise his or her rights under the law.

Notably, these statutes apply only to personal social media accounts meaning accounts opened on behalf or at the request of the employer are not protected. Employers are also still free to view information contained in personal social media accounts that is publically available.  Virginia’s law also includes an exception that permits employers to request login information if the employer has a “reasonable belief” the account is “relevant” to a “formal investigation or related proceeding” concerning the violation of a federal, state, or local law.

As the legal landscape associated with social media accounts continues to evolve, employers should review their policies and procedures to ensure compliance with all relevant statutory provisions.

[1] In 2012, Maryland became the first state to enact social media privacy legislation.  Since that time, Arkansas, California, Colorado, Illinois, Louisiana, Michigan, Nevada, New Hampshire, New Jersey, New Mexico, Oklahoma, Oregon, Rhode Island, Tennessee, Utah, Washington, and Wisconsin have enacted similar legislation.

A non-competition covenant prohibited employees of Adhesives Research (AR), a company based in Pennsylvania, from performshutterstock_129702905ing services for a competitor of AR anywhere in the world for two years after termination. Newsom, AR’s western U.S. manager of medical products, worked out of her home in California. When she quit and joined another adhesives manufacturer, AR sued and moved for entry of a preliminary injunction. The court denied the motion.

Status of the case. The covenant contained a Pennsylvania choice of law provision and mandated that litigation be filed in that state. Responding to the motion, Newsom argued that Pennsylvania law was inapplicable and asserted that California law applied. It is less friendly to employers. The court concluded that the worldwide geographic scope was overbroad under both states’ legal principles, that blue penciling was impermissible because of AR’s unclean hands in attempting to enforce an oppressive covenant, and that in any event the new employer did not compete with AR. Adhesives Research, Inc. v. Newsom, Civ. No. 1:15-CV-0326 (M.D. Pa., Apr. 13, 2015) (Caldwell, J.).

The parties. AR makes adhesives used in medical, pharmaceutical, electronics, and other industries. Its headquarters are in Glen Rock, PA, but it sells adhesives all over the world. They are purchased as raw materials and used by customers in making their final products. Except for a few days each year spent at corporate headquarters for meetings and training, Newsom worked from home but communicated frequently with AR in Glen Rock.

The non-compete. In 2012, AR required all of its employees, including Newsom, to sign a non-compete agreement. It prohibited performance of:

“any services similar to the services performed by [the employee] during his employment with [AR], for . . . any business . . . that develops, manufactures or sells any products that compete in kind with . . . any products manufactured, sold or under development by [AR] . . . in any area of the world in which such products are sold by [AR].”

The agreement, which contained a Pennsylvania choice of law provision, included a consent to litigation exclusively in a federal or state court in Pennsylvania and a waiver of a claim or defense that the forum was inconvenient.

Newsom’s resignation from AR, and her new employment. Newsom resigned from AR and went to work for Scapa Tapes, a manufacturer of bonding and adhesive products, as a sales executive for the western United States. Unlike AR, Scapa does not sell raw adhesives. Rather, it uses the adhesives in making the other products it sells.
Unenforceability under California and Pennsylvania law. Newsom maintained that California law controls the non-compete covenant as against her even though it specifies application of Pennsylvania law. Without deciding, Judge Caldwell concluded that the covenant is unenforceable under either state’s laws.

California. A California statute provides that, with exceptions not applicable here, contractual employee non-compete clauses are void.

Pennsylvania. Courts in Pennsylvania require that restrictions in an employment agreement’s non-competition clause must be “roughly consonant” with the employee’s duties and must not be unduly burdensome. According to Judge Caldwell, a worldwide ban on Newsom’s employment by an AR competitor “is not limited to an area reasonably necessary to protect” AR. He also held that the ban results in a severe hardship to her. Moreover, he concluded that AR had engaged in oppressive overreaching by applying an unlimited geographic scope to an employee whose territory only included one-half of this country, and he ruled that AR had unclean hands. Although Pennsylvania permits blue penciling of unreasonably broad contractual restrictions in some circumstances, the judge stated that AR’s unclean hands here preclude the exercise of such judicial discretion in its favor.

The non-competition clause. Judge Caldwell held that AR and Scapia are not competitors. AR manufactures adhesive rolls which it sells to customers for use in their products. By contrast, Scapia does not sell adhesive rolls but, rather, makes and sells goods which contain adhesives. He ruled that the restraint against working for a company that manufactures or sells “any products that compete in kind” with AR’s products is overbroad because no prudent prospective employer engaged in a business even remotely similar to AR’s would take a chance on hiring a former AR employee.

Takeaways. Employers with workers in more than a single state, who are required to sign a one-size-fits-all non-compete, non-solicitation and/or confidentiality template, run a significant risk that it will not be enforceable in at least some jurisdictions. In addition, inclusion of provisions more protective than necessary jeopardize enforceability. For help in drafting enforceable restrictive employment covenants, consult an experienced trade secrets attorney.

WebinarOn Thursday, May 28, 2015 at 12:00 p.m. Central, in the fourth installment of our 2015 Trade Secret Webinars, Seyfarth attorneys John Tomaszewski, Eric Barton and Joshua Salinas will address the relationship between trade secrets, social media, and privacy.

The Seyfarth panel will specifically address the following topics:

  • Defining, understanding, and protecting trade secrets in social media, including a deeper dive into how courts are interpreting ownership of social media accounts and whether social media sites constitute property and preventing trade secret misappropriation or distribution through social media channels.
  • Discussing the National Labor Relations Board’s treatment of employer social media policies, whether it applies to you, and what steps should be taken to avoid potential penalties for violating NLRB rulings.
  • Analyzing judicial treatment of ownership of social media handles, pages, and accounts, and how developing internal company policy and/or contracts can obviate expensive litigation.
  • Discussion and analysis of recent and proposed employee privacy legislation, and how it may impact policies dictating mandatory turnover of social networking passwords and employee privacy concerns.
  • Addressing cyberbullying in social media by employees, particularly where there is a disclosure of trade secrets or confidential information.

register

If you have any questions, please contact events@seyfarth.com.

Registration: there is no cost to attend this program, however, registration is required.

*CLE Credit for this webinar has been awarded in the following states: CA, IL, NJ and NY. CLE Credit is pending for GA, TX and VA. Please note that in order to receive full credit for attending this webinar, the registrant must be present for the entire session.

shutterstock_176119643The parties in a Computer Fraud and Abuse Act case moved for partial summary judgment. Among the issues were whether the plaintiff had incurred the requisite $5,000 in qualifying losses, and whether the complaint was time-barred. The motions were denied, but the court had to do a lot of explaining. Quantlab Technologies Ltd. v. Godlevsky, Case No. 4:09-CV-4039 (S.D.Tex., Apr. 14, 2015) (Ellison, J.).

Status of the case. Judge Ellison ruled that the CFAA damages threshold was met. He held that (a) the value of time spent in an internal investigation could be aggregated with (b) sums paid to two consultants to investigate the intrusions and to assist in the prosecution of resulting litigation. He also decided that the statute of limitations began to run when the plaintiff first learned of the supposed CFAA violations, even though the identity of the perpetrator was unknown. And he ruled that claims against an individual whose alleged wrongdoing was mentioned in the body of the initial CFAA count filed in 2009, but who was not named as a defendant in that count until a third amended complaint was filed in 2014, related back to the 2009 filing.

The alleged violations. Quantlab is a financial research firm that claimed to have valuable trade secrets relating to high frequency stock trading programs. In September 2007, six months after the company terminated its employee Kuharsky, Quantlab discovered that its computer network apparently had been accessed without authorization on four separate occasions between March and August 2007. An internal probe indicated that he was the culprit.

Additional investigation prior to filing the complaint, In 2008, Quantlab retained network security consulting firm Grey Hat to ascertain whether Kuharsky could gain future unauthorized access. No conclusions were reached. Later, Quantlab concluded that he had not accessed the company’s files after all. Rather, it was his friend Andreev, a Quantlab employee, who acted at Kuharsky’s behest and used Kuharsky’s home computer.

The pleadings. Quantlab’s original CFAA count named Kuharsky as a defendant. Quantlab employee Maravina was not named as a defendant, but she was described as a “sleeper mole” who had assisted Kuharsky in stealing trade secrets and confidential information. She was added as a CFAA defendant in the third amended complaint.

Calculating qualifying losses.

  1. Qualifying losses relating to Kuharsky. Quantlab calculated that its internal investigation in 2007 took 10-12 hours and cost the company $2,500-3,000. That sum was not enough, however, to satisfy the $5,000 requirement for bringing a CFAA lawsuit. Gray Hat billed the company $13,400 in 2008 for consulting services, but Kuharsky contended that those services did not include investigation of the supposed computer incursion. The court accepted as true the sworn declaration of Quantlab’s CEO that Gray Hat was hired in response to Kuharsky’s actions. Thus, the requisite qualifying loss total was deemed established.
  2. Qualifying losses relating to Maravina. After the complaint was filed, Quantlab hired consulting firm Pathway Forensics and asserted that payment of its $31,900 bill constituted qualifying losses. Maravina insisted that Pathway’s assignments concerned litigation, not investigating her role in the 2007 events. Quantlab maintained, however, that the lawsuit work was not included in that bill. The court concluded that since Pathway may have contributed to Quantlab’s 2014 decision to add Maravina as a defendant, $5,000 in damages was demonstrated. The court said it was unnecessary to rule on the question of whether all expenses incurred investigating several persons’ intrusions can be used in computing the amount of losses attributable to each person’s involvement.

Statute of limitations.

  1. Kuharsky. Quantlab moved for summary judgment against Kuharsky. He asserted that the two-year statute of limitations began to run in September 2007. Quantlab argued that it had two years from early 2008 when the company first learned that Andreev, not Kuharsky, had accessed the network. The court said that the motion could not be granted because no evidence had been presented regarding the material question of whether Andreev was authorized to access the network from Kuharsky’s home.
  2. Maravina. Seven years elapsed between the intrusions in 2007 and the first time Maravina was named as a CFAA defendant. She asserted a statute of limitations defense. The court reiterated that the original CFAA count called her a “sleeper mole” and said she was “on notice that the lawsuit concerned the same conduct that now underpins the CFAA claim against her.” So, that claim was held to relate back to the 2009 litigation commencement date. Although not mentioned in its recent ruling, an earlier written decision on other motions in the same case stated that she was a named defendant (but not in the CFAA count) in the original complaint, and the court added that she was Kuharsky’s wife.

Takeaways. CFAA litigation can be very complex. For example, judges have not consistently ruled on the two primary issues involved in Quantlab: (a) the meaning of the statutory requirement of a “loss . . . of at least $5,000,” and (b) the date the statute of limitations regarding a CFAA violation begins to run. Moreover, judicial interpretations of the statutory phrases “without authorization” and “exceeding authorized access” as they relate to prohibited contact with a computer network are sharply divided. Some courts hold that those phrases refer only to hacking by an outsider. Other jurists say the statute also is directed at persons who make unauthorized use of their employer’s computer. Both a prospective plaintiff considering filing a CFAA claim, and a defendant who is or may be named, should consult experienced counsel.