Cyberlaw Predictions: High Court Dismissal of WEC Carolina Energy Solutions Petition Will Sting

This post is the seventh in a series of predictions from legal and business experts about the directions cyberlaw policy might take in 2013, solicited by editors of BNA's Electronic Commerce & Law Report during the closing weeks of 2012. We asked that the remarks be brief -- something along the lines of a Twitter "tweet" or an elevator pitch. Over 100 attorneys, law professors, online business executives, policy advocates and other cyberlaw experts responded, producing 307 separate assessments, predictions, or just plain complaints regarding any of the many legal subject areas that affect online businesses.

The 1986 Computer Fraud and Abuse Act, 18 U.S.C. 1030, is a powerful weapon against outside hackers who access computer networks without authorization to commit a crime or take anything of value from the network. The CFAA has both criminal and civil enforcement mechanisms; importantly, it provides for injunctive relief as well as damages. However, the effectiveness of the CFAA against company insiders, particularly departing employees, was significantly cut back by a pair of circuit-level decisions in 2012: United States v. Nosal from the en banc Ninth Circuit and WEC Carolina Energy Solutions LLC v. Miller from the Fourth Circuit.

us supreme court

In Nosal, the en banc Ninth held that employers and website hosts cannot, by contractually limiting how individuals may use information stored on their networks, define acceptable limits of access “authorization” under the Computer Fraud and Abuse Act. Several months later, in WEC Carolina Energy Solutions, the Fourth Circuit ruled that a company employee did not violate the Computer Fraud and Abuse Act's prohibitions against unauthorized access or access in excess of authorization when he downloaded confidential information from his employer's computer network and later used that information in a competing business. The court reasoned that the CFAA prohibits unauthorized access to computer networks, not subsequent unauthorized uses of information acquired at a time when an employee had authority to access the employer's network.

The Nosal and WEC Carolina Energy Solutions rulings created circuit splits with earlier, employer-favorable rulings in United States v. John, 597 F.3d 263 (5th Cir. 2010), United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010), International Airport Centers LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006), United States v. Teague, 646 F.3d 1119 (8th Cir. 2011), giving hope that the U.S. Supreme Court could be persuaded to take one of these cases.

No such luck. The U.S. Solicitor General declined to file a cert petition in Nosal. And two days ago, on Jan. 2, 2013, the Supreme Court dashed the hopes expressed by several attorneys below by dismissing the cert petition in WEC Carolina Energy Solutions at the parties' request.

So, in the Ninth and Fourth Circuits, employers are left with contract and state-law misappropriation remedies. As the Zynga v. Patmore case shows, employers can win with these state-law remedies.

The experts' views (submitted in December 2012):

A pending cert petition in WEC Carolina Energy Solutions LLC v. Miller gives the U.S. Supreme Court a chance to weigh in on whether the CFAA applies to workers who use office computers outside the scope of their employers' computer use policy, a question affecting anyone who uses a computer at work. Neel Chatterjee, Partner, Orrick Herrington & Sutcliffe LLP, Silicon Valley.

The Ninth Circuit's decision in U.S. v. Nosal was a game changer for employers attempting to protect against data theft by insiders under the Computer Fraud and Abuse Act. Robert B. Milligan, @tradesecretslaw, Partner, Seyfarth Shaw LLP, Los Angeles.

The 1986 Computer Fraud and Abuse Act is painfully outdated and is constantly being reinterpreted by several circuit courts of appeal. It could be argued that based on broad interpretation of the act employees use of a workplace computer to access Social Media sites could potentially be criminalized. 2013 may be the year this almost three decade old act could be (or should be) revised to reflect the current digital landscape more realistically. Darren Enta, BrandProtect, Ontario, Canada.

Recent Zynga v. Patmore case highlights that employers must be vigilant in ensuring that former employees don't take company data and store it in personal online data repositories like Dropbox. Robert B. Milligan, @tradesecretslaw, Partner, Seyfarth Shaw LLP, Los Angeles.

Will they or won't they? Will the U.S. Supreme Court grant the petition for review in WEC Carolina v. Miller and resolve the circuit split over the application of the Computer Fraud and Abuse Act regarding employee data theft? Robert B. Milligan, @tradesecretslaw, Partner, Seyfarth Shaw LLP, Los Angeles.

(photo credit: dbking on flickr)


Follow @tjotoole on Twitter Follow me on Twitter at @tjotoole.