The United States Court of Appeals for the Fourth Circuit has sided with the Ninth Circuit recently holding that the Computer Fraud and Abuse Act prohibitions against unauthorized access to computers are not implicated when an employee used his valid access to employer’s computer network to download confidential business information that he later used while working for a competitor.
Prior to his departure from his former employer, the defendant downloaded proprietary information from the plaintiff’s network which he allegedly used to win a contract for business. The plaintiff filed a civil lawsuit against defendant, alleging, among other things, that he violated the CFAA when he downloaded its proprietary information. Specifically, the plaintiff alleged that its policy prohibited employees from downloading confidential and proprietary information to a personal computer.
The Fourth Circuit distinguished (for purposes of the CFAA) between the use of company information and accessing that information. However, the court declined to adopt Seventh Circuit’s reading of the CFAA that an employee loses lawful authority to access an employer’s computer network if the access violates the employee’s fiduciary duty of loyalty to the employer. The Fifth and Eleventh Circuit have also found that the CFAA may be invoked whenever an employee exceeds authorized access.
Acknowledging that “two schools of thought exist”, the Court rather bluntly stated that the Seventh Circuit’s reading was a “non-sequitor” in the case before it held that “we adopt a narrow reading of the terms ‘without authorization’ and ‘exceeds authorized access’and hold that they apply only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access.”