Common scenario: Employee plans to resign from employer and join competitor. Prior to resigning, employee uses his company computer to access confidential and proprietary information and then sends the information to his personal e-mail account to use for the benefit of his new employer. Employer sues former employee for misappropriation and other state law claims, and seeks federal jurisdiction by asserting a claim under the Computer Fraud and Abuse Act (“CFAA”).

Dilemma: Does CFAA state a claim when the employee had permission to “access” the computer and company documents, but not “use” it for an improper purpose such as to benefit a new employer?

Just last week, the U.S. Court of Appeals for the Fourth Circuit entered the fray over the scope of liability under CFAA, and sided with the Ninth Circuit in adopting a narrow reading of the statute. In WEC Carolina Energy Solutions v. Willie Miller; Emily Kelley; ARC Energy Services, Inc., a former employee of WEC allegedly downloaded confidential information while still employed by WEC but prior to his resignation to work for a competitor, and then used that information unlawfully to compete against WEC on behalf of his new employer. WEC claimed that the former employee’s unauthorized “use” of its computers to gain access to proprietary information violated CFAA’s “without authorization” or “exceeds authorized access” provisions. The trial court dismissed the complaint for failing to state a claim under CFAA, and the Fourth Circuit affirmed.

In affirming the dismissal, the Court adopted “a narrow reading of the terms ‘without authorization’ and ‘exceeds authorized access’ and held that they apply only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which is authorized to access.” The Fourth Circuit further rejected any CFAA liability grounded on an agency theory, noting that such a theory for liability has far-reaching effects unintended by Congress.

The Fourth Circuit joins the Ninth Circuit in its narrow reading of the CFAA, in contrast to the more expansive view held by a majority of the other circuit courts of appeals, including the Seventh Circuit. With the courts of appeals split on this critical issue of liability under CFAA, it will eventually be up to the U.S. Supreme Court to declare once and for all whether an employee’s improper use and access of confidential and proprietary information is unlawful. Notably, it is likely that the Ninth Circuit’s en banc opinion in United States v. Nosal, will be the first case to reach the Supreme Court on CFAA’s jurisdictional reach, although the government’s deadline to file its petition has been extended until September 7, 2012. Often in cases alleging misappropriation of trade secrets, CFAA provides the only avenue for federal court jurisdiction. Thus, whether employers will be able to rely on this statute as an additional claim (and path into federal court) against rogue employees departing for competitors remain to be seen.

In the meantime, employers should carefully review their computer use policies to determine whether the policies could be used effectively to limit unauthorized access and use. In addition, knowing the state of the law in your state will be critical to know whether a CFAA claim would be a viable litigation strategy or a roadblock to federal court jurisdiction when proceeding with a misappropriation of trade secrets claim against an employee.

Back to Trade Secrets & Employee Mobility Blog

Search This Blog

Blog Editors

Related Services



Jump to Page


Sign up to receive an email notification when new Trade Secrets & Employee Mobility posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.