Publications: Court looks at Computer Fraud and Abuse Act

As employment lawyers these days know, employees leaving their jobs sometimes do the darnedest things.

They take with them confidential customer lists. They download pricing information to personal e‐mail accounts. They use sophisticated swiping software to cover their tracks. Sometimes they even use ball‐peen hammers to literally smash their employer’s hard drives to bits.

Employee mobility, even in and perhaps especially because of a down economy, in recent years gave rise to a virtual tidal wave of employment‐related litigation involving noncompetition and nonsolicitation agreements. Components in many of these cases are tort claims aimed at rectifying the sorts of abuses described above.

A recent noteworthy case from the federal district court here in Chicago highlights these battles that will continue to be fought on this front. E.R. James Real Estate Services, LLC, et al. v. Steve Spinell, et al. No. 11C4476 (Oct. 26, 2011).

In Spinell, a group of employees, including Jeanne Martini, departed their employers, a group of related real estate companies, to found their own competing business. They allegedly stole clients, took physical files, deleted incriminating e‐mails and “sabotaged” their company computers.

The employer group sued, bringing multiple claims under both federal and state law. One of the more compelling claims is under the federal Computer Fraud and Abuse Act (CFAA), 18 U.S.C. §1030. The companies claimed that, in violation of the CFAA, the wayward employees wrongfully deleted e‐mails and other computer files that belonged to the employers.

The employees, pursuant to Federal Rule of Civil Procedure 12(b)(6), moved to dismiss, inter alia, the CFAA claim, especially as it applied to Martini. They argued that Martini, who used her own personal computer for work, could not be guilty under the CFAA.

The district court first set out the CFAA’s elements. An aggrieved party, it wrote, must allege (1) damage or loss; (2) caused by; (3) a violation of one of the CFAA’s substantive provisions; and (4) conduct involving one of the CFAA’s listed factors. The court further noted that the employers’ claim required the employers to demonstrate damages in excess of $5,000 in one year.

According to the court, the employers were alleging that Martini and the others had “knowingly caused the transmissions of a program, information, code or command, and as a result of such conduct, intentionally caused damage, without authorization, to a protected computer” and had “intentionally accessed a protected computer without authorization, and as a result of such conduct, caused damage and loss.”

The employees in their motion focused on the “unauthorized access” requirement as it related to Martini. In their view, it was impossible for Martini to have “unauthorized access” because Martini used her own computer for work. The employers, they argued, lost nothing when she left with her personal computer.

The district court, in considering this argument, acknowledged that some courts have concluded that use of a personal computer, as opposed to the employer’s computer, cannot support a CFAA unauthorized access claim, citing the 2006 decision in Keystone Fruit Marketing, Inc. v. Brownfield, 2006 WL 1873800 (E.D.Wash. July 6, 2006).

However, stated the court, §1030(a)(5)(A) prohibits only damaging, not accessing, a computer without authorization.

The CFAA’s definition of “protected computer” fails to specify whose computer must be damaged or accessed. Under these circumstances, the court ruled, the real estate companies might be able to plead a case under the CFAA by demonstrating that Martini “impermissably destroyed files or other data belonging to them,” even if she used her own personal computer.

Finding that the real estate companies had not pled facts sufficient to establish such a claim, the court dismissed the claim against Martini but without prejudice.

The employees also requested dismissal of the CFAA claim because the companies had requested their attorneys’ fees. In reviewing this request, the court assumed that the request for attorneys’ fees was improper. However, it noted that at least one court recently held that attorneys’ fees pertaining to the investigation of a possible CFAA violation may be recoverable, citing Animators at Law, Inc. v. Capital Legal Solutions, LLC , 2011 WL 2022540 (E.D. Va. May 10, 2011).

Given that it had no information about how and when the real estate companies’ legal fees accrued, the district court was unwilling to, on a motion to dismiss, toss the claim or strike the request for legal fees.

Lessons?

For attorneys counseling departing employees, the responsibility is to caution those clients to not impermissably remove or destroy the employer’s property, by electronic means or otherwise, and even if the information is stored on the employee’s own personal computer.

For attorneys representing the harmed employer, Spinell adds yet another arrow to the quiver in what will continue to be a contentious theatre.

Reprinted with permission from Chicago Daily Law Bulletin.