Chip Cooper is a leading intellectual property, software, and Internet attorney who's advised software and online businesses nationwide for Chip's 25+ years. Visit Chip's http://www.digicontracts.com site and download his FREE newsletter and Special Reports: "Determine Which Legal Documents Your Website Really Needs (With Sample Agreements)", "Draft Your Own Privacy Policy", and "Write Your Own Website Marketing Copy -- Legally".
Employers have typically used several legal theories in actions against disloyal former employees -- copyright infringement for copying copyrighted code, trade secret misappropriation where the employee misuses or discloses confidential information or trade secrets, and possibly breach on a non-competition covenant.
Now, there's another theory derived from the federal Computer Fraud And Abuse Act -- a claim based on unauthorized access to the employer's computers or network. Do these claims actually hold up in court, and what can employers do to lay a foundation for a successful claim in the future?
The Computer Fraud And Abuse Act (CFAA)
Originally, the CFAA was intended to focus on hacking into US Government and financial industry computers and networks. However, since its passage the scope of the CFAA has been broadened and extended several times:
1984 - civil remedies added (extends coverage from just federal prosecutors to private litigants with private lawsuits); 1996 - broadened to cover "protected computers" (any computer in interstate commerce, i.e. connected to the Internet); and 2001 - broadened to cover any computer outside the United States that communicates within the United States.
Two elements must be proved to establish a violation of the CFAA:
* intentional access of a protected computer without authorization (or which exceeds authorized access);
* which causes damage of at least $5,000.
The term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled to obtain or alter. This is tailor-made for employers to use against disloyal employees who access a computer for improper purposes.
Early CFAA Cases Against Disloyal Employees
Early civil cases against disloyal employees focused on the "exceed authorization" element in the context of former employees who accessed a former employer's databases for purposes of competing in a new venture.
One good example of such a case is EF Cultural Travel BV v. Explorica, Inc., a 2001 case in the 1st Circuit Court of Appeals. In EF Cultural Travel, the employer claimed that the former employee breached a confidentiality agreement by accessing and scraping the employer's site for pricing information. The employer prevailed.
Later CFAA Cases
On the issue of "exceed authorization", some later cases have allowed recovery against disloyal employees on the basis that the employee's conduct conflicted with a company policy, and therefore exceeded authorization. Other courts have held for the former employees, provided that their access was "authorized" at an earlier time, but later became unauthorized after employment teminated. So, the law is not yet settled on the meaning of "exceed authorization".
Two 2008 cases, American Family Mutual Insurance Co. v. Rickman and Cohen v. Gulfstream Training Academy found for the employee based on the failure of the employer to prevail on the damages issue. In both cases, the employees had accessed their former employer's computer system and copied files. In the American Family case, the court held that to recover the employer must establish damage to a computer system or interruption to a computer service. In the Cohen case, the court similarly held that the employer must show loss or damage related to an interruption of service.
Conclusion
The earlier cases under the CFAA against disloyal employees were virtual slam dunks for employers. The damages element was relatively easy to prove and courts were lenient regarding the interpretation of "unauthorized access".
Later cases are split on the issue of "unauthorized access", and they also have raised the bar for employers regarding the damage element.
Despite recent decisions favoring employees, the CFAA remains a viable tool for employers to use against disloyal employees. Given the split of authority regarding "unauthorized access", employers are advised to draft clauses into their confidentiality agreements with employees that clearly define what access is authorized and what is unauthorized, and the precise time when authorized access becomes unauthorized). Such a clause may be very persuasive in a civil case under the CFAA later.
Now, there's another theory derived from the federal Computer Fraud And Abuse Act -- a claim based on unauthorized access to the employer's computers or network. Do these claims actually hold up in court, and what can employers do to lay a foundation for a successful claim in the future?
The Computer Fraud And Abuse Act (CFAA)
Originally, the CFAA was intended to focus on hacking into US Government and financial industry computers and networks. However, since its passage the scope of the CFAA has been broadened and extended several times:
1984 - civil remedies added (extends coverage from just federal prosecutors to private litigants with private lawsuits); 1996 - broadened to cover "protected computers" (any computer in interstate commerce, i.e. connected to the Internet); and 2001 - broadened to cover any computer outside the United States that communicates within the United States.
Two elements must be proved to establish a violation of the CFAA:
* intentional access of a protected computer without authorization (or which exceeds authorized access);
* which causes damage of at least $5,000.
The term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled to obtain or alter. This is tailor-made for employers to use against disloyal employees who access a computer for improper purposes.
Early CFAA Cases Against Disloyal Employees
Early civil cases against disloyal employees focused on the "exceed authorization" element in the context of former employees who accessed a former employer's databases for purposes of competing in a new venture.
One good example of such a case is EF Cultural Travel BV v. Explorica, Inc., a 2001 case in the 1st Circuit Court of Appeals. In EF Cultural Travel, the employer claimed that the former employee breached a confidentiality agreement by accessing and scraping the employer's site for pricing information. The employer prevailed.
Later CFAA Cases
On the issue of "exceed authorization", some later cases have allowed recovery against disloyal employees on the basis that the employee's conduct conflicted with a company policy, and therefore exceeded authorization. Other courts have held for the former employees, provided that their access was "authorized" at an earlier time, but later became unauthorized after employment teminated. So, the law is not yet settled on the meaning of "exceed authorization".
Two 2008 cases, American Family Mutual Insurance Co. v. Rickman and Cohen v. Gulfstream Training Academy found for the employee based on the failure of the employer to prevail on the damages issue. In both cases, the employees had accessed their former employer's computer system and copied files. In the American Family case, the court held that to recover the employer must establish damage to a computer system or interruption to a computer service. In the Cohen case, the court similarly held that the employer must show loss or damage related to an interruption of service.
Conclusion
The earlier cases under the CFAA against disloyal employees were virtual slam dunks for employers. The damages element was relatively easy to prove and courts were lenient regarding the interpretation of "unauthorized access".
Later cases are split on the issue of "unauthorized access", and they also have raised the bar for employers regarding the damage element.
Despite recent decisions favoring employees, the CFAA remains a viable tool for employers to use against disloyal employees. Given the split of authority regarding "unauthorized access", employers are advised to draft clauses into their confidentiality agreements with employees that clearly define what access is authorized and what is unauthorized, and the precise time when authorized access becomes unauthorized). Such a clause may be very persuasive in a civil case under the CFAA later.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Your Privacy Policy: Can it Improve Your Conversion Rates? You Bet!
- Your Privacy Policy: Plan Ahead or Your Opt-in and Customer Lists May be in Jeopardy
- What's Behind Google's Requirement For AdSense Users To Modify Privacy Policies?
- Ecommerce Sites: Beware of 3rd Party Cookies - are Google Analytics Users in Privacy Breach?
- Website Behavioral Ads May be Cool But Beware of Privacy Concerns
- Intellectual Property: Why "borrowing" Web Content is a Really Bad Idea
- 2009 Resolution -- Give Your Site a 10-point Legal Check-up
- SaaS And Ecommerce Businesses -- Are You Liable For Failure To Bind Your Service Providers?
Online Coupons and Deals
By: jamiehanson | 02/12/2009Online shopping has always been a smart choice amongst millions of Internet users these days. The convenience and comfort of online shopping has attracted shopping freaks from every corner of the world.
Why Are So Many People Working At Home With Network Marketing?
By: Mal Keenan | 02/12/2009With the economy being as bad as it has been there are more and more people looking to work from home. Most people are looking to work from home with network marketing. There are many reasons that they want to work out of the comfort of their own home with network marketing. Knowing what these reasons are will help you decide if this is a smart idea for you. Learn what these reasons are now.
Website Request For Proposal (RFP)-Invaluable
By: Vann Baker | 02/12/2009Why do website projects fail or fall short of expectations? Many businesses have the experience of their last website project taking far too long to complete, going over budget and in the end just did not measure up to expectations. It's easy to blame the website developer who did the work, but...
Redesigning Your Website For Success
By: Vann Baker | 02/12/2009What exactly is website "redesign" and why is it necessary? Re-designing a website is often thought of as being more of a graphic design process-taking an older website and give it a totally new look so visitors and customers will take notice, or perhaps adding more content to the website so...
5 Tips For Website Project Success
By: Vann Baker | 02/12/2009Many website projects actually fail before they even get started. This is not intentional, but with technology-driven projects, it is easy to get derailed before the train is out of the station. However, by following guidelines below, you can find the right technology partner for your project, save time and money, and...
PRIVATE VIDEO SHARING
By: prachi upadhyay | 02/12/2009For the people who stay far from their families or the people who work offshore for their employees located at different places, it is very difficult to exchange or transfer certain data like huge file containing snaps, or projects or may be even videos.
One of the Largest Social Networking Site Orkut was Started to Find a Girl
By: Rocky Saggoo | 02/12/2009This is the story of Orkut (one of the largest social networking site) and its CEO BUYUKKOTEN .
Business Marketing: Do Banners Still Work Or Is Article Marketing Taking Over?
By: Paul Wise | 02/12/2009Business owners are constantly looking for new ways to market their business. It used to be banner advertising was the way to go, but is it still the case? or has article marketing taken over?
Cliffsnotes for Online Marketers To Avoid FTC Liability From Affiliates and Resellers
By: Chip Cooper | 14/11/2009 | InternetDo you recruit bloggers and other intermediaries to write testimonials and endorsements (think affiliates or resellers)? If the answer is "yes", the FTC says you're liable if they fail to disclose a material connection to you or misrepresent your product or service. This Cliffsnotes-style article cuts through the mis-information and legaleze, providing online marketers with clear cut guidelines to avoid liability.
CliffsNotes For Bloggers To Avoid The FTC's $11,00 Fine For Endorsements
By: Chip Cooper | 26/10/2009 | InternetIf you've already read - and clearly understand - the 81-page FTC Guides for the use of Endorsements then read no further. However, if you're a blogger, and you're not quite sure about how to decipher the legaleze or how to comply with the Guides, then this article may be for you... particularly if you're more than a little concerned about avoiding the $11,00 fine for non-compliance.
3 Critical Things Blog Site Webmasters Need To Know About The FTC's New Blog Regs
By: Chip Cooper | 14/10/2009 | InternetIn recognition of the increasing influence of social media online, the Federal Trade Commission (FTC) on October 5, 2009, for the first time since 1980, issued new regulations governing online testimonials and endorsements by bloggers. If you operate a blog site, your exposure to legal liability may have increased exponentially.
Do You Own Your SaaS Website? Part 2 - Have You Considered Pre-Existing Elements?
By: Chip Cooper | 14/09/2009 | InternetBack in the day, most websites were developed completely from scratch; determining ownership was relatively easy. These days, the typical website bundles pre-existing elements. If you have any interest in selling your SaaS website in the future, you must not only secure clean ownership regarding the intellectual property, but also you must acquire all of the necessary use rights for the pre-existing elements licensed in.
Do You Own Your SaaS Website? Part 1: 5 Copyright Myths Debunked
By: Chip Cooper | 26/08/2009 | InternetYour SaaS website represents an important investment. It may produce income for you - maybe even a lot of income... either now or in the future. What if someone made you an offer to buy your website - an offer you can't refuse? Do you really own your website and all of its components? Could you transfer clear ownership to the buyer? Or does the deal fall through because, upon close examination, you really don't own it - or key parts of it?
New Consumer Tracking Rules Make it Easier to Flunk Website Legal Compliance
By: Chip Cooper | 12/08/2009 | InternetLet's suppose you want to track behavioral data indicating how users use your website. You provide a notice of your tracking plan in your end user license agreement accompanying the tracking software, and also in your privacy policy. Should you feel confident that you've covered all the bases in terms of website legal compliance? "No", says the Federal Trade Commission, as it issued new rules in the Sears.com settlement.
5 Rules Your SaaS Website Should Follow to Avoid Claims For False Advertising
By: Chip Cooper | 27/07/2009 | InternetMany Internet entrepreneurs are lulled into sleep regarding potential liability for false advertising on their websites. They don't serve banner ads or engage in pay-per-click advertising - and because of this, they incorrectly believe they are exempt from rules regarding false advertising. Nothing could be more incorrect - and more dangerous in terms of exposure to legal liability.