At The National Law Journal, Nick Akerman, a partner at Dorsey & Whitney, has a thorough argument that the Computer Fraud and Abuse Act ("CFAA") should, and likely will, be applied against employees who leave with trade secrets or other proprietary / confidential information for use at their new jobs:
The Computer Fraud and Abuse Act, a federal criminal statute outlawing the theft of data, permits a company that "suffers damage or loss" by reason of a violation of the CFAA, to "maintain a civil action against the violator" for damages and injunctive relief. 18 U.S.C. 1030(g). Since [Pacific Aerospace & Electronics Inc. v. Taylor, 295 F. Supp. 2d 1188, 1196 (E.D. Wash. 2003)], there has developed a body of district court opinions that refuse to apply the CFAA against employees who steal their employer’s data. This article will explain why these opinions are not likely to survive appellate review; it will also provide a strategy to avoid the application of these decisions.
Well worth reading if you come across trade secrets theft in your practice. Akerman may be the most experienced attorney in the country on this developing body of law, and it shows.
I agree with him, but for a more general reason. Since I practice in the Third Circuit (Pennsylvania, New Jersey and Delaware), I’ll focus on the Third Circuit’s most recent opinion on the CFAA:
The District Court focused on the criminal provisions and found it difficult to infer a civil application within the statutory framework and concluded that it could not do so, although the Court did acknowledge that several other courts had determined to the contrary. However, we conclude that not only the relevant case law, but also the plain language of the statute, militate in favor of the availability of a civil remedy, and specifically, the type of injunctive relief sought by the PC plaintiffs.
Numerous courts have recognized that a civil cause of action is apparent from the text of § 1030(g). Although we acknowledge the criminal thrust of the section in general, as it is found in Title 18, there is ample authority for permitting civil actions to proceed based on violations of the section pursuant to the language of § 1030(g). See, e.g., Theofel v. Farey-Jones, 359 F.3d 1066, 1078 (9th Cir. 2003) (‘The civil remedy extends to ‘any person who suffers damage or loss by reason of a violation of this section.”) (emphasis in original); I.M.S. Inquiry Mgmt. Sys., Ltd. v. Berkshire Info. Sys., Inc., 307 F. Supp. 2d 521, 526 (S.D.N.Y. 2004) (stating that § 1030(g) affords civil action for any violation of CFAA). Accordingly, we conclude that civil relief is available under § 1030(g).
P.C. Yonkers, Inc. v. Celebrations the Party & Seasonal Superstore, LLC, 428 F.3d 504, 511 (3d Cir. 2005).
In one sense, the above looks like a straightforward review of a criminal statute which permits a civil remedy. The statute says there’s a remedy, so we’ll enforce it.
In another sense, we’re witnessing a big change in the way Circuit Courts and the Supreme Court interpret federal statutes which provide plaintiffs with civil relief for criminal conduct.
Like the CFAA, The Racketeer Influenced and Corrupt Organizations Act ("RICO") creates a civil remedy for those persons injured by racketeering activities, typically mail or wire fraud. Also like the CFAA, numerous District Courts have contorted the brief text of the RICO Act to enact confusing, complicated barriers to relief without much basis in the Act itself. For example, numerous District Courts required plaintiffs show "first-party reliance" on the alleged mail or wire fraud (rather than merely injury related to the racketeering as a whole) and required that the plaintiff prove the defendants used a formal racketeering structure.
In the past year, the Supreme Court has torn down both of these barriers. See Bridge v. Phoenix Bond & Indem. Co., 128 S. Ct. 2131, 2145 (2008)(eliminating the "reliance" requirement, noting "Whatever the merits of petitioners’ arguments as a policy matter, we are not at liberty to rewrite RICO to reflect their — or our — views of good policy. We have repeatedly refused to adopt narrowing constructions of RICO in order to make it conform to a preconceived notion of what Congress intended to proscribe."); Boyle v. United States, ___ U.S. ____, No. 07-1309, 2009 U.S. LEXIS 4159, at *22–23 (Jun. 8, 2009)(eliminating the "structure" requirement, noting "The fact that RICO has been applied in situations not expressly anticipated by Congress does not demonstrate ambiguity. It demonstrates breadth.”).
Like the RICO Act, the broad text of the CFAA "does not demostrate ambiguity[,] it demonstrates breadth." If the Circuit Courts and the Supreme Court interpret the CFAA the same way they’ve interpreted the RICO Act, we’ll see a lot more of these claims in the future.