When an organization discovers that a departing worker has misappropriated facts about the usage of a computer, there can be a remedy beneath the Computer Fraud and Abuse Act (CFAA). In many cases, personnel who misappropriate records using a computer expose themselves to potential civil and criminal legal responsibility under the CFAA.
The Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act offers employers a civil purpose of the movement against a worker who “deliberately accesses a pc without authorization or exceeds authorized get entry to” and obtains or misuses certain statistics received from the pc. 18 U.S.C. § 1030. While the CFAA defines the word “exceeds authorized get right of entry to,” it does now not outline “with authorization” or “without authorization.” These phrases had been interpreted in another way by using the various circuits, causing the reach of the CFAA to differ by means of jurisdiction.
Some federal Circuit Courts of Appeal construe the Computer Fraud and Abuse Act narrowly, holding that a business enterprise should display that the worker had specially passed explicit limitations on getting right of entry to. Other circuits construe the CFAA extra expansively, protecting that an employee’s authority to get right of entry to records mechanically terminates whilst the employee paperwork the purpose to leave his company and is consequently no longer a “loyal” agent.
In United States v. Rodriguez, 628 F.3d 1258 (eleventh Cir. 2010), the 11th Circuit aligned with the narrower method, albeit in a manner that also outcomes in a fairly broad interpretation of the CFAA. In Rodriguez, a TeleService representative of the Social Security Administration (SSA), became prosecuted underneath the CFAA for gaining access to non-public records of 17 extraordinary individuals for non-commercial enterprise motives. The defendant challenged his conviction, arguing that because he accessed handiest databases that he turned into legal to apply, he did now not violate the statute. The Eleventh Circuit rejected his argument, noting the SSA had a policy which stated that personnel may additionally only get right of entry to private information in the route of assisting individuals with questions regarding their social protection. Therefore, the defendant violated the CFAA with the aid of exceeding his authority to get right of entry to the government computer by using acquiring private information for a nonbusiness cause.
The Eleventh Circuit had an event to check its stance at the CFAA recently in Maye v. the United States, 2019 WL 1858211 (April 25, 2019). In Maye, the defendant accessed the National Crime Information Center federal database to investigate and reap statistics about his co-defendant’s fans. Not quite, he was best authorized to get right of entry to this database for law enforcement purposes, and he had been educated for that reason. Because he was now not legal to access the database for this purpose, he turned into determined to have violated the CFAA.
Maye’s habeas corpus demanding situations following his conviction was unsuccessful. After he had finished his duration of incarceration, Maye filed some other petition tough his conviction. This time he argued that the underlying indictment did not country a claim for a violation of the CFAA. The district court docket rejected his argument, and he appealed to the eleventh Circuit.
The 11th Circuit determined that Maye’s petition was foreclosed by using U.S. V. Rodriguez. Under the “previous precedent rule”, because the Rodriguez court docket was the first panel to interpret the definition of “exceeds legal access” beneath the CFAA, all next panels of the 11th Circuit are sure with the aid of Rodriguez until the first panel’s conserving is overruled by way of the 11th Circuit sitting en banc or via the Supreme Court. Applying Rodriguez, the eleventh Circuit concluded that the indictment plainly said a Computer Fraud and Abuse Act declare and that Maye was therefore now not entitled to remedy from his conviction.
While, like Rodriguez, Maye does now not contain a departing worker that misappropriated statistics, the case continues to be a terrific reminder that, mainly within the 11th Circuit, while an employer discovers that a departing worker has misappropriated information the usage of a pc, there may be a treatment beneath the CFAA.