A Utah federal judge recently held that a jury’s compensatory damages award of $2.92 million for misappropriating trade secrets was supported by the evidence and was not excessive. Because the jury found by clear and convincing evidence that the misappropriation was willful and malicious, the court added $1.46 in exemplary damages. The total verdict: $4.38

According to a recent Arizona federal court decision, (a) an employee who had the right to access his employer’s confidential emails did not violate the federal Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, by downloading 300 such documents to his personal computer and sharing them with a recently terminated employee; (b)

By Robert Milligan and Jessica Mendelson

With the NBA basketball season almost upon us, a high profile legal battle between an aspiring NBA sports agent and his former agency continues to heat up in Los Angeles federal court. The case involves some interesting non-compete, trade secret, and privacy issues.

In April 2012, we first alerted

By Robert Milligan and Jeffrey Oh

In its order denying defendants’ motion to dismiss in SBM Site Services, LLC v. Garrett, et al., Case No. 10-cv-00385, a Colorado federal court identified a circuit split over the interpretation of “unauthorized access” under the Computer Fraud and Abuse Act and then found a former employer had stated a CFAA claim against a former executive and his new employer regardless of the different circuit interpretations based upon his post-termination computer activities. The case is significant because it provides employers with authority that the CFAA should apply in cases where an employee steals or destroys company data on a company computer after his or her termination.

Pertinent Allegations

In its ruling, the court laid out the pertinent allegations which it accepted as true for purpose of ruling on defendants’ motion.  According to the complaint, defendant John Garrett, formerly the Senior Vice President/Chief Business Development Officer at SBM, a janitorial, recycling, and moving services company, worked remotely from home using two desktop computers and two laptop computers provided to him by SBM.  He used these SBM-provided devices to remotely access SBM’s computer system.  Prior to his move to Able, a direct competitor of SBM, Garrett allegedly had his administrative assistant download numerous SBM files from its network, had them burned to a cd, and then had them sent to him. 

According to the amended complaint, on January 4, 2010 Garrett informally notified SBM that he was resigning effective January 22, 2010.  SBM then informed Garrett that he would need to return all SBM property, including computers, records and other confidential information, before his departure.  After failing to return the company computers at an initial meeting on January 26, 2010, SBM scheduled another meeting for January 29, 2010 to collect the items.  Garrett allegedly canceled this second meeting and did not return the last of his company computers until February 16, 2010, over two weeks after starting his new job at Able.  Garrett began his employment with Able on January 28, 2010 and SBM alleges that Garrett loaded SBM’s confidential information onto a laptop provided to him by Able.   Upon examination of the returned laptop, SBM allegedly found that the hard drive had been encrypted to prevent access in addition to being “intentionally erased.”  SBM asserted several claims against Garrett and Able, including violation of the CFAA.

CFAA and Circuit Split

As with most cases where the CFAA is invoked, the question of what constitutes unauthorized access is central to the arguments made by both sides.  Section 1030(a)(5)(C) of the CFAA makes it unlawful to “intentionally access[] a protected computer without authorization and as a result of such conduct, cause[] damage and loss.” Garrett argued that because he was authorized to access the laptop while he was employed by SBM, he cannot have accessed the laptop without authorization. 

The court acknowledged that the Tenth Circuit has yet to address what constitutes “unauthorized access” for purposes of the CFAA. The court analyzed differing interpretations of the provision made by the Seventh and Ninth Circuits.

In its interpretation of what constitutes “unauthorized access,” the Seventh Circuit applied agency principles in International Airport Centers, LLC v. Citrin to determine that an employee’s access was unauthorized from the moment he decided to quit and had undertaken actions in violation of his duty of loyalty to his employer.  According to the decision, access is only authorized within the agency relationship between employer and employee.  This agency relationship relies on loyalty as well as transparency, and violating the duty of loyalty, or failing to disclose adverse interests, voids the agency relationship. Under the Seventh Circuit’s approach, whether access to a computer was “unauthorized” depends upon the status of the agency relationship between the employer and employee.

The Colorado federal court noted that the Ninth Circuit has taken a more restrictive view of what constitutes “unauthorized access” for purposes of the CFAA. In LVRC Holdings LLC v. Brekka, the Ninth Circuit determined that “authorization” depends on actions taken by the employer and “[i]f the employer has not rescinded the defendant’s right to use the computer, the defendant would have no reason to know that making personal use of the company computer in breach of a state law fiduciary duty to an employer would constitute a criminal violation of the CFAA.”  In other words, unless an employer rescinds an employee’s right to use or access a computer, the employee arguably has authorized access to all systems and files within the scope of their position.  Thus, the onus is on the employer to end an employee’s right to access by explicitly informing them of such.  It is notable that the Colorado federal court’s decision does not address the exceeds authorized access section of the CFAA, which provides an alternative theory of liability under the CFAA. An en banc panel of the Ninth Circuit is presently considering that section in U.S. v. Nosal and will issue a decision soon.


Continue Reading Colorado Federal Court Rules That Former Employer Stated A Claim Against Former Executive and His New Employer Under The Computer Fraud Abuse and Act Regardless Of Differing Circuit Interpretations Of The Act

By Scott Schaefers

On February 6, 2012, a federal court in Oakland, California denied the popular Facebook application “Farmville” operator’s (Zynga, Inc.) motion to dismiss several claims brought by the inventor of “myFarm” (SocialApps, LLC, or “SA”)) for alleged theft of the source code, game images, and “concepts and features” used in the myFarm app. The

In Eastman Chemical Company, v. Alphapet Inc., et al., Civ. Action No. 09-971-LPS-CJB 2011 U.S. Dist. LEXIS 127757 (Dist. DE) (November 4, 2011) (unpublished) Plaintiff Eastman Chemical Company ("Eastman" or "Plaintiff’) filed an amended complaint alleging patent infringement, breach of contract and trade secret misappropriation.  Plaintiff alleged that former Eastman employees at the direction

An article published yesterday in the Gonzaga Law Review presents an interesting analysis of trade secret litigation in state courts. Authors David S. Alming, Darin W. Snyder, Michael Sapoznikow, Whitney E. McCollum, and Jill Weader published the follow-up article to their article last year concerning trade secret litigation in federal courts. According to the new