Friday, February 6, 2009
Purloined Data In Wedding Expo Case Won't Support Computer Fraud Claim (Bridal Expo v. Van Florestein)
With federal courts taking diametrically opposing positions on the reach of the federal Computer Fraud and Abuse Act, it should not be long before the Supreme Court steps in to clarify exactly what type of unfair competition this law actually protects.
As I have written before, courts are split in terms of whether misuse of confidential business data is included within the statutory definition of "damages." Another issue dividing courts concerns what type of employee conduct exceeds "authorized access" to a protected computer for purposes of what is known as an (a)(4) claim.
Under Section 1030(a)(4), an aggrieved employer may pursue a claim for unauthorized access of a protected computer with the intent to defraud. Courts are split over what type of computer access is unauthorized within the meaning of the statute.
The facts of a recent case involving the wedding exposition industry illustrate the legal tension perfectly. Two employees of Bridal Expo, who had announced their departure from the company, were escorted out of their place of employment at 4:30 p.m. on their last day of work. Their boss took their keys. However, later that evening, they returned and began using one of Bridal Expo's computers.
Their boss asked them why they returned, and each claimed she had "more work to do" before leaving. One employee stated she was sending farewell by e-mail to vendors and employees. Importantly, their boss was aware they had returned and that the employees were using work computers.
Eventually, it was clear that the two employees had established a competing wedding expo company, Wedding Showcase, and the employees admitted that upon returning to work after being escorted out, they downloaded a vendor list, brides list, inventory list, company forms, and payment spreadsheet. The forensic analysis of the computer cost $13,000. The defendants' new company used the vendor list and database to mail advertisements to vendors for a new wedding showcase in the Houston area.
After losing a state court injunction proceeding, the plaintiff non-suited the case and refiled in federal court, adding - among other things - a claim under Section 1030(a)(4) of the CFAA for unauthorized access to a protected computer with intent to defraud. The court, noting the tension in the case law, denied a second injunction motion and dismissed the CFAA claim outright.
The court declined to follow the agency theory case law developed in the Seventh Circuit and others, which basically says that when an employee violates an agreement or his duty of loyalty he is no longer a true agent of the employer and exceeds any access previously granted to him. Other courts have viewed this reasoning with a healthy dose of skepticism.
The court in Bridal Expo took the more conservative, literal approach in declining to extend the CFAA's reach under an (a)(4) claim. It would not equate "authorization" with any duty of loyalty. Important to the court's ruling were the following factors:
(1) no confidentiality agreement between the employees and Bridal Expo;
(2) the employees were authorized to use the computers in this manner; and
(3) the supervisor saw them working on the computers after they had been escorted out of the office and did not complain about it.
The last factor may have been the most important. Had the defendants' snuck in to the office, and had their use of a work computer been completely unknown to a supervisor, the court might have had a basis for keeping the (a)(4) claim alive.
Court: United States District Court for the Southern District of Texas
Opinion Date: 2/3/09
Cite: Bridal Expo, Inc. v. Van Florestein, 2009 U.S. Dist. LEXIS 7388 (S.D. Tex. Feb. 3, 2009)