When an organization discovers that a departing worker has misappropriated facts about using a Computer, there can be a remedy beneath the Computer Fraud and Abuse Act (CFAA). Personnel who steal records using a computer often expose themselves to potential civil and criminal legal responsibility under the CFAA.
The Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act offers employers a civil purpose of the movement against a worker who “deliberately accesses a PC without authorization or exceeds authorized entry to” and obtains or misuses certain statistics received from the PC. 18 U.S.C. § 1030. While the CFAA defines the word “exceeds authorized get right of entry to,” it does now not outline “with authorization” or “without authorization.” These phrases had been interpreted in another way by using the various circuits, causing the reach of the CFAA to differ using jurisdiction.
Some federal Circuit Courts of Appeal narrowly construe the Computer Fraud and Abuse Act, holding that a business enterprise should display that the worker had passed explicit limitations on getting entry rights. Other circuits construe the CFAA extra expansively, protecting that an employee’s authority to get the right of access to records mechanically terminates while the employee paperwork the purpose of leaving his company and is consequently no longer a “loyal” agent.
In the United States v. Rodriguez, 628 F.3d 1258 (eleventh Cir. 2010), the 11th Circuit aligned with the narrower method, albeit in a manner that also outcomes a fairly broad interpretation of the CFAA. In Rodriguez, a TeleService Social Security Administration (SSA) representative, became prosecuted underneath the CFAA for accessing non-public records of 17 extraordinary individuals for non-commercial enterprise motives.
The defendant challenged his conviction, arguing that because he accessed the handiest databases that he turned into legal to apply, he did now not violate the statute.
The Eleventh Circuit rejected his argument, noting the SSA had a policy that stated that personnel might additionally only get the right of entry to private information in assisting individuals with questions regarding their social protection. Therefore, the defendant violated the CFAA by exceeding his authority to get the right of entry to the government computer by acquiring private information for a nonbusiness cause.
The Eleventh Circuit had an event to check its stance at the CFAA recently in Maye v. the United States, 2019 WL 1858211 (April 25, 2019). The defendant accessed Maye’s National Crime Information Center federal database to investigate and reap statistics about his co-defendant’s fans. He was not quite the best authorized to get the right of entry to this database for law enforcement purposes, and he had been educated for that reason.
Because he was now not legally able to access the database for this purpose, he was determined to have violated the CFAA. Maye’s habeas corpus demanding situations following his conviction was unsuccessful. After finishing his incarceration, Maye filed some other petitions for his sentence. This time, he argued that the underlying indictment did not country a claim for a violation of the CFAA.
The district court docket rejected his argument, and he appealed to the Eleventh Circuit. The 11th Circuit determined that Maye’s petition was foreclosed using U.S. V. Rodriguez. Under the “previous precedent rule,” because the Rodriguez court docket was the first panel to interpret the definition of “exceeds legal access” beneath the CFAA, all next panels of the 11th Circuit are sure with the aid of Rodriguez until the first panel’s conserving is overruled by way of the 11th Circuit sitting en banc or via the Supreme Court. Applying Rodriguez, the Eleventh Circuit concluded that the indictment declared a Computer Fraud and Abuse Act. Maye was, therefore, now not entitled to remedy from his conviction.
While, like Rodriguez, Maye does now not contain a departing worker who misappropriated statistics, the case continues to be a terrific reminder that, mainly within the 11th Circuit, while an employer discovers that a departing worker has misappropriated information, the usage of a PC, there may be a treatment beneath the CFAA.