Fourth Circuit Refuses To Apply Computer Fraud And Abuse Act To Employee’s Theft Of Trade Secrets

September 6, 2012

Recently, in WEC Carolina Energy Solutions LLC, v. Willie Miller, et al., the U.S. Court of Appeals for the Fourth Circuit held that an employee’s misappropriation of his employer’s trade secrets is not a violation of the federal Computer Fraud and Abuse Act (“CFAA”).  By adopting a narrow interpretation of the CFAA, the Court contributed to a deepening split among the federal appellate courts regarding the proper construction of the Act.

The CFAA was passed by Congress in 1986 to address computer crime.  Today, it remains principally a criminal statute designed to combat computer hacking, although it does allow injured private parties to sue for compensatory damages and injunctive relief.

The WEC case involved a civil action brought by WEC against its former employee and Project Director, Mike Miller.  When Miller worked at WEC, he was authorized to access confidential and trade secret documents stored on the company’s computer servers, including WEC’s price terms and technical capabilities.  According to WEC’s corporate policies, however, Miller was prohibited from downloading that confidential information to his personal computer or otherwise using the information without authorization.

WEC alleged that, before resigning from WEC, Miller downloaded confidential documents to a personal computer.  WEC further claimed that Miller later used that confidential information when making a presentation to a potential WEC customer on behalf of a competitor.  After that customer awarded two projects to the competitor, WEC filed suit against Miller, asserting violations of several state statutes as well as the CFAA.

After the trial court dismissed WEC’s CFAA claim, WEC appealed to the Fourth Circuit, which affirmed.  The Fourth Circuit first noted that while the CFAA permits a private party to bring a claim for violations of the Act, it is “primarily a criminal statute designed to combat hacking.”  The Court further observed that because the CFAA has both civil and criminal application, its interpretation of the statutory language would apply uniformly in both contexts.  Therefore, the Court stated that it would apply the “rule of lenity” applicable to criminal statutes and strictly construe the CFAA’s provisions.

The issue before the Fourth Circuit in WEC was the scope of the terms “without authorization” and “exceeds authorized access.”  The Court had to determine “whether these terms extend to violations of policies regarding the use of a computer or information on a computer to which a defendant otherwise has access.”  The Court opted for a narrow reading of these terms, and limited their application “to situations where an individual accesses a computer or information on a computer without permission.”  The Fourth Circuit reasoned that its construction 1) was consistent with the Act’s primary objective, which is to combat hacking – and not to rein in rogue employees – and 2) was appropriate under the rule of lenity as applied to the construction of criminal statutes.  Accordingly, the Court held that the CFAA does not “provide a remedy for misappropriation of trade secrets or violation of a use policy where authorization has not been rescinded,” and dismissed WEC’s suit.

In adopting a narrow interpretation of the CFAA, the Fourth Circuit followed in the footsteps of the Ninth Circuit Court of Appeals, but broke from the broader interpretation embraced by the Fifth, Seventh, and Eleventh Circuits, which have held that the CFAA covers employee violations of corporate computer use restrictions.  The WEC decision deepens the Circuit split, and increases the need for a clear answer from the Supreme Court concerning the breadth of conduct subject to criminal prosecution under the CFAA.

News & Events

Related News

Marc Raspanti and Pamela Coyle Brecht’s WOLEP Presentation Released
November 28, 2023
Marc Raspanti and Pamela Coyle Brecht‘s presentation “A Practitioner’s Guide to American Whistleblower Programs” is now available through World Online Lawyers With Excellent Practice (WOLEP). Read More
Lourdes Sánchez Ridge appointed Chair of the Allegheny County Bar Association Professional Ethics Committee
November 27, 2023
Pietragallo is pleased to announce that Lourdes Sánchez Ridge has been appointed Chair of the Allegheny County Bar Association’s Professional Ethics Committee. Read More

Upcoming Events

Scott Coffina to speak at Police Assisted Addiction and Recovery Initiative 2023 National Law Enforcement Summit
December 4, 2023
Pietragallo partner Scott Coffina will present “How to Run an Effective and Ethical Diversion Program” at the Police Assisted Addiction and Recovery Initiative (PAARI) 2023 National Law Enforcement Summit held in Boston, MA on December 4-5, 2023. Read More
Michael Morse to present at the American Bar Association’s 21st Annual Washington Health Law Summit
December 11, 2023
Pietragallo partner Michael Morse will be presenting at the American Bar Association’s 21st Annual Washington Health Law Summit, on December 11-12, 2023 in Washington D.C.. Read More
View More News & Events