Two new developments this past year have made it easier for employers to sue employees in federal court for stealing data from company computers. The most recent is the U.S. Court of Appeals for the Ninth Circuit’s July decision in U.S. v. Nosal interpreting what it means to access a company computer “without authorization” under the Computer Fraud and Abuse Act (CFAA), the federal computer criminal statute. 18 U.S.C. 1030. The other development is the May amendment to the Economic Espionage Act (EEA), the federal criminal trade secrets act, permitting companies to file a federal civil action against individuals who steal the company’s competitively sensitive data. 18 U.S.C. 1831, et. seq.
Ransomware. It’s a data security buzzword that has caught on among civilians and businesses. And it’s real. It threatens system security and costs victims plenty. But what is ransomware? Why is it more of a threat than typical cyber viruses and infections? What do you do to keep yourself immune from ransomware? If affected, what are your options?
In December, a divided panel of the U.S. Court of Appeals for the Second Circuit in U.S. v. Valle interpreted the Computer Fraud and Abuse Act to exclude employees who access their employer’s computers. The upshot is that if you are an employee in the Second Circuit and steal data from your employer to commit identity theft or to provide it to a competitor, you cannot be prosecuted by the Department of Justice or sued by your employer under the CFAA.
In all jurisdictions the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, the federal computer crime statute, applies to former employees who steal data from the company computer, but in two federal circuits it does not apply when the theft occurs during employment. The difference in jurisdictions is significant to employers because the CFAA provides a civil remedy for damages and injunctive relief for a company that “suffers damage or loss” by reason of a violation of the CFAA. 18 U.S.C. 1030(g).
Last year the U.S. Court of Appeals for the Ninth Circuit in U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012), disagreed with certain of its sister circuits and narrowly interpret-ed what it means to access the company computer “without authorization,” effec-tively eliminating a company’s ability in that jurisdiction to use the CFAA against current employees. This column will review the conflicting interpretations of the CFAA that distinguishes between current and former employees and the strategies and options companies can employ to navigate this conflict.
On December 15, 2011, the 9th Circuit Court of Appeals heard argument en banc in U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011), reh’g en banc granted (Oct. 27, 2011). As expected, the oral argument focused on the meaning of unauthorized access under the Computer Fraud and Abuse Act. The issue is whether an… Read More
Four separate circuit court rulings this year enhanced the ability of businesses to use Computer Fraud and Abuse Act. To print or view this article as a pdf go to: link By Nick Akerman Four recent decisions handed down by four different federal courts of appeals during the past year have, in combination, greatly… Read More
On October 27, 2011, the 9th Circuit Court of Appeals ordered that U.S. v. Nosal be reheard en banc by all of the Appeals Court judges and that the “three-judge panel opinion [in U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011)] shall not be cited as precedent by or to any court of the… Read More
The Eight Circuit Court of Appeals upheld the criminal conviction of Sandra Teague for accessing President Obama’s data in the National Student Loan Data System during her employment at a government contractor for the Department of Education. U.S. v, Teague, 646 F.3d 1119 (8th Cir. 2011). She was indicted and convicted by a jury for… Read More
The New York Times recently reported that the UK telephone hacking scandal could result in News Corp. and its executives being charged in the United States with criminal violations of the Foreign Corrupt Practices Act, Title 15, U.S.C. § 78m, the Electronic Communications Privacy Act, 18 U.S.C. § 2511, and the Telephone Records and Privacy… Read More
In California, Washington, Oregon, Alaska, Montana, Arizona, Nevada and Idaho – states covered by the 9th Circuit Court of Appeals — the answer as of yesterday is an emphatic “YES.” In U.S. v. Nosal, 2011 WL 1585600 (9th Cir. April 28, 2011) the court clarified its decision in LVRC Holdings LLC v. Brekka, 581 F.3d… Read More