+1 212 318 2000
Europe, Middle East, & Africa
+44 20 7330 7500
+65 6212 1000
This post is the seventh in a series of predictions from legal and business experts about the directions cyberlaw policy might take in 2013, solicited by editors of BNA's Electronic Commerce & Law Report during the closing weeks of 2012. We asked that the remarks be brief -- something along the lines of a Twitter "tweet" or an elevator pitch. Over 100 attorneys, law professors, online business executives, policy advocates and other cyberlaw experts responded, producing 307 separate assessments, predictions, or just plain complaints regarding any of the many legal subject areas that affect online businesses.
The 1986 Computer Fraud and Abuse Act, 18 U.S.C. 1030, is a powerful weapon against outside hackers who access computer networks without authorization to commit a crime or take anything of value from the network. The CFAA has both criminal and civil enforcement mechanisms; importantly, it provides for injunctive relief as well as damages. However, the effectiveness of the CFAA against company insiders, particularly departing employees, was significantly cut back by a pair of circuit-level decisions in 2012: United States v. Nosal from the en banc Ninth Circuit and WEC Carolina Energy Solutions LLC v. Miller from the Fourth Circuit.
In Nosal, the en banc Ninth held that employers and website hosts cannot, by contractually limiting how individuals may use information stored on their networks, define acceptable limits of access “authorization” under the Computer Fraud and Abuse Act. Several months later, in WEC Carolina Energy Solutions, the Fourth Circuit ruled that a company employee did not violate the Computer Fraud and Abuse Act's prohibitions against unauthorized access or access in excess of authorization when he downloaded confidential information from his employer's computer network and later used that information in a competing business. The court reasoned that the CFAA prohibits unauthorized access to computer networks, not subsequent unauthorized uses of information acquired at a time when an employee had authority to access the employer's network.
The Nosal and WEC Carolina Energy Solutions rulings created circuit splits with earlier, employer-favorable rulings in United States v. John, 597 F.3d 263 (5th Cir. 2010), United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010), International Airport Centers LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006), United States v. Teague, 646 F.3d 1119 (8th Cir. 2011), giving hope that the U.S. Supreme Court could be persuaded to take one of these cases.
No such luck. The U.S. Solicitor General declined to file a cert petition in Nosal. And two days ago, on Jan. 2, 2013, the Supreme Court dashed the hopes expressed by several attorneys below by dismissing the cert petition in WEC Carolina Energy Solutions at the parties' request.
So, in the Ninth and Fourth Circuits, employers are left with contract and state-law misappropriation remedies. As the Zynga v. Patmore case shows, employers can win with these state-law remedies.
The experts' views (submitted in December 2012):
A pending cert petition in WEC Carolina Energy Solutions LLC v. Miller gives the U.S. Supreme Court a chance to weigh in on whether the CFAA applies to workers who use office computers outside the scope of their employers' computer use policy, a question affecting anyone who uses a computer at work. Neel Chatterjee, Partner, Orrick Herrington & Sutcliffe LLP, Silicon Valley.
The Ninth Circuit's decision in U.S. v. Nosal was a game changer for employers attempting to protect against data theft by insiders under the Computer Fraud and Abuse Act. Robert B. Milligan, @tradesecretslaw, Partner, Seyfarth Shaw LLP, Los Angeles.
The 1986 Computer Fraud and Abuse Act is painfully outdated and is constantly being reinterpreted by several circuit courts of appeal. It could be argued that based on broad interpretation of the act employees use of a workplace computer to access Social Media sites could potentially be criminalized. 2013 may be the year this almost three decade old act could be (or should be) revised to reflect the current digital landscape more realistically. Darren Enta, BrandProtect, Ontario, Canada.
Recent Zynga v. Patmore case highlights that employers must be vigilant in ensuring that former employees don't take company data and store it in personal online data repositories like Dropbox. Robert B. Milligan, @tradesecretslaw, Partner, Seyfarth Shaw LLP, Los Angeles.
Will they or won't they? Will the U.S. Supreme Court grant the petition for review in WEC Carolina v. Miller and resolve the circuit split over the application of the Computer Fraud and Abuse Act regarding employee data theft? Robert B. Milligan, @tradesecretslaw, Partner, Seyfarth Shaw LLP, Los Angeles.
Follow me on Twitter at @tjotoole.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).