The CFAA And Employee Computer Access

Can an employee appropriate his employer’s files for personal benefit while employed?  The Court of Appeals for the 5th Circuit thinks so… Well at least in the context of the Computer Fraud and Abuse Act.  This act is about exceeding authorized access.  If the employee has authorized access but chooses to use that access to benefit himself, it may not be a CFAA issue (there are probably better causes of actions that a competent lawyer may assert… Taking information from an employer shouldn’t be that “consequence free”!).  Aside from the obvious criticism of Plaintiff’s counsel strategy, here is the relevant part of the opinion:

Hunn contends that Lack violated the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, by using his work computer to transfer the AutoCAD files to his home computer with the intent of using those files for his personal benefit. The district court granted summary judgment to Lack on this claim, and we find no error. As an initial matter, Hunn never explains which subsection of § 1030 he alleges Lack violated. Compare, e.g., § 1030(a)(2)(C) (HN8 “Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer . . . .”), with § 1030(a)(4) (HN9 “Whoever[,] knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value . . . .”). In any event, Hunn’s claim necessarily fails because Lack did not “exceed[] authorized access” to Hunn’s computers. Hunn concedes that Lack, while employed by Hunn, had permission to send AutoCAD files to his home computer and to work on plans while at home. When Lack sent the AutoCAD files to his friend for conversion to the 2006 version [23] of AutoCAD, Lack was still employed by Hunn and, according to the district court, was “still under the impression that he would be allowed to continue working at Hunn Designs on the projects he had been assigned.” In addition, the district court found that Lack’s “intentions in converting the files on October 9 were not for the purpose of leaving his employment with Hunn.” These findings were not clearly erroneous. See Orduna, 913 F.2d at 1154 (“The credibility determination of witnesses . . . is peculiarly within the province of the district court.”). Thus, because Lack did not exceed authorized access, he did not violate the Computer Fraud and Abuse Act.

This is one of the cases that begs the question… Who is your lawyer? So, get a lawyer who understands CFAA and read the rest of the opinion here.

Leave a Reply

Your email address will not be published. Required fields are marked *