Scope of CFAA
In U.S. v. Nosal, the scope of liability under the Computer Fraud and Abuse Act (CFAA) was at issue. The CFAA was primarily enacted to combat the problem of computer hacking. However, employers have been applying the CFAA to instances where employees have authorized access to company information but have misused the information. In Nosal, an ex-employee set up a competing business with his former employer. In doing so, the ex-employee recruited current employees and persuaded them to access company information and transmit confidential company information to him. The employer authorized the employees to have access to the information but prohibited them from using the information for improper purposes.
Criminal proceedings were instituted under the CFAA based on a contention that the current employees exceeded authorized access. Hence the issue is whether the CFAA should be limited to targeting hackers or whether the CFAA should also be applied to those who access a company computer with authorization but then misuse the information.
Disagreement between the circuit courts
The 11th Circuit, 5th Circuit and the 7th Circuit have broadly construed the CFAA to find criminal violations based on corporate computer use restrictions or violation of the duty of loyalty. However, the Ninth Circuit, in Nosal, has departed from the holding of its sister courts.
Ninth Circuit narrows applicability of CFAA
The Nosal case was decided en banc by all judges of the Ninth Circuit, rather than the normal panel of 3 judges. Only two of the 11 judges dissented from the majority opinion.
I invite you to contact me with your patent questions at (949) 433-0900 or [email protected]. Please feel free to forward this article to your friends. As an Orange County Patent Attorney, I serve Orange County, Irvine, Los Angeles, San Diego and surrounding cities.