DC and Iowa District Courts Take Opposing Views as to Whether Employees Are Liable Under the Computer Fraud and Abuse Act

In American Family Mutual Insurance Co. v. Hollander, 2010 WL 2851639 *1 (N.D. Iowa, July 20, 2010) the court denied the defendant employee’s motion for summary judgment on the Computer Fraud and Abuse (“CFAA”) claim. The plaintiff claimed Hollander, “anticipating terminating his relationship with plaintiff, accessed and used plaintiff’s computer database to aid himself in competing with plaintiff.” Id. The court held “that a defendant may act “without authorization” or “exceed authorized access” even when he has permission to access the protected computer, but then uses that information in a manner inconsistent with the plaintiffs interests, where the defendant intended to use that information in that manner at the time of access.” Id.

About a week later a District of Columbia federal district court in Lewis-Burke Associates LLC v. Widder, 2010 WL 2926161 *3-*5 (D.C. July 28, 2010) followed LVRC Holdings LLC v. Brekka, 581 F.2d 1127, 1131 (9th Cir. 2009) to hold that an employee who stole confidential and proprietary information from the company computer could not be sued for violating the CFAA because, as an employee, he had the right to access the company computer. The court stated that it was “persuaded by the Brekka line of cases, which have recently gained critical mass.” Id. This “critical mass” to which the court referred consisted of three reported cases. Only one of these cases, ReMedPar, Inc. v. AllParts Medical, LLC, 683 F.Suupp.2d 605, 611 (M.D. Tenn. 2010), a district court opinion from the Sixth Circuit, stands on its own.

The second of these cases, Nat’l City Bank, N.A. v. Republic Mortgage Home Loans, LLC, 2010 WL 959925, *2 (W.D. Wash. Mar.12, 2010), is in the 9th Circuit, and had no option but to follow the precedent of the 9th Circuit’s decision in Brekka. The third federal district court opinion, Bell Aerospace Servs., Inc. v. U.S. Aero Servs., Inc., 690 F. Supp.2d 1267, 1272 (M.D. Ala. 2010) is from the 11th Circuit. That opinion, however, ignores its own Circuit’s holding in U.S. v. Salum, 257 Fed. Appx, 225, 230-31 (11th Cir. 2007). Salum upheld a criminal conviction for a violation of the CFAA finding that there was sufficient evidence for the jury to conclude that Salum, a Montgomery police officer, had accessed the Police Department’s computer “without authorization” because at the time he accessed the computer, he knew that he was accessing the computer “for an improper purpose,” i.e. to provide a private investigator with information from the FBI’s criminal record database.

In sum, these two recent district court decisions underscore the need for the Supreme Court to provide guidance on the CFAA’s meaning of lack of authorized access.