Wednesday, May 13, 2009
Wisconsin District Court Follows Citrin in Allowing Computer Fraud Claim to Proceed (Dental Health Products v. Ringo)
The increasing federalization of trade secrets claim in Illinois is a direct result of the Seventh Circuit's 2006 decision in Int'l Airport Centers, LLC v. Citrin. That case, which broadly interpreted the Computer Fraud and Abuse Act, provided a wide open pathway for employers to bootstrap trade secrets actions into federal CFAA claims as long as some act of misappropriation involved computers. These days, virtually all trade secrets claims involve the downloading of data.
The gist of Citrin is the notion that an employee loses his authorization to access protected computers once he violates his duty of loyalty and acquires an interest adverse to his then-employer. Because each CFAA claim mandates a plaintiff to show a defendant accessed a protected computer "without authorization" or in a manner that "exceeds" the employee's authorization, Citrin allows an employer to convert a trade secrets claim into one under the CFAA if the employee downloads or copies company business information before he quits and leaves to compete.
The case of Dental Health Products v. Ringo applied Citrin to an employee competition case that reads like many others. Ringo, a former salesman for a dental supply company, allegedly copied his entire work hard-drive onto an external drive while he was still employed and while he was actively competing for accounts on behalf of a different entity. Presumably, Ringo intended to use this information on behalf of a competing firm. After DHP filed suit, Ringo tried to dismiss the CFAA claim, arguing his access to the computer at the time of the relevant events was authorized.
The district court relied on Citrin to deny Ringo's motion to dismiss. DHP asserted Ringo's conduct violated the three most common provisions of the CFAA that apply to employee competition claims: (a)(2), (a)(4) and (a)(5).
The (a)(2) claim, or the "theft of data" theory, requires an employer only to show the employee improperly accessed a computer to obtain information. That information need not be a trade secret, or even lesser-protected "confidential information." Under Citrin, the court upheld the claim with ease.
The (a)(4) claim is the "intent to defraud" provision, and again the court ruled DHP stated a cause of action. Importantly, a plaintiff need not allege fraud with particularity under this section. For purposes of Federal Rule 9(b), an (a)(4) claim is not a traditional fraud claim and plaintiffs need only allege that the information was taken through dishonest means.
Finally, the court upheld the (a)(5) claim. That provision generally requires a plaintiff to demonstrate unauthorized access to a computer that results in damage. A key question that Citrin seemed to resolve, but on which other courts have been significantly divided, is whether information that is merely copied results in "damage." Clearly, deleted information would seem to meet that definition, but data that is copied stands on a different footing.
The court in Ringo struggled a bit with the allegations made by DHP, but ultimately concluded DHP stated a cause of action. Once a practitioner cuts through the maze of confusing terms utilized in the CFAA, and its haphazardly organized provisions, it is fairly clear the breadth of each section allows plaintiffs to bring a broad range of claims in competition cases involving the taking of electronically stored information. In the Seventh Circuit, this is far easier than in other jurisdictions where the issue of "authorization" is more defendant-friendly.
Court: United States District Court for the Eastern District of Wisconsin
Opinion Date: 4/20/09
Cite: Dental Health Products, Inc. v. Ringo, 2009 U.S. Dist. LEXIS 38328 (E.D. Wis. Apr. 20, 2009)