The Fourth Circuit has become the most recent Federal Court of Appeals to take a stance on the scope of the “without authorization” language of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. Following the Ninth Circuit’s recent en banc decision in Nosal, the Fourth Circuit concluded that the CFAA does not apply where an employee is authorized to access a company computer system but is not authorized to use the information he accessed in the manner in which it was used (against the employer’s interest). The ruling narrows the scope of the CFAA, a statute that is often used to obtain jurisdiction in federal courts by plaintiffs asserting trade secret misappropriation or other state law-based claims.
In WEC Carolina Energy Solutions, LLC v. Miller, No 11-1201, July 26, 2012, the Fourth Circuit upheld the trial court’s dismissal of the plaintiff’s CFAA claim. Defendant Miller had downloaded his employer’s files onto his personal computer before resigning and used them in a presentation made on behalf of a competitor to a potential WEC customer. WEC claimed that because company policies did not permit the downloading of confidential and proprietary information to a personal computer, and because Miller had breached his fiduciary duties, Miller either lost all authorization to access the information or exceeded his authorization, both of which are violations under the CFAA. The Fourth Circuit held that in the absence of a restriction of access to the company’s computers, the alleged acts did not violate the CFAA. The Court rejected the view held by the Seventh Circuit that by violating the duty of loyalty to an employer, the employee’s agency relationship is terminated and the employee consequently loses any authority to access company computers. The Court also declined to adopt the Ninth Circuit interpretation of the CFAA, which they considered a harsher approach that could lead to unwarranted criminal liability. Ultimately, the Court held that improper use of information validly accessed from a computer does not violate the CFAA.