In the case of WEC Carolina Energy Solutions LLC v. Miller, employee Miller had access to his employer WEC’s computer files. Miller accessed WEC’s files using his valid log-in rights, but then downloaded information in order to help another company compete against WEC. WEC found out what Miller did and sued him for, among other claims, violation of the federal Computer Fraud and Abuse Act (CFAA).
The CFAA is often invoked by companies to sue employees who steal confidential information for use by competitors. The law applies when someone accesses a computer without authorization, or when someone exceeds the level of authorized access to a computer. So a big question faced by appellate courts in recent years is whether it is a violation of the CFAA if an employee uses his valid access to his employer’s computer files to download confidential information in order to compete against the company.
There is a split among the nation’s federal appellate courts on this issue, with some jurisdictions such as the 7th Circuit saying the above case is a violation of the CFAA because the access by the employee is being done to the company’s detriment, and therefore by definition is not authorized by the company. But Miller’s case arose in the 4th Circuit, which covers Virginia, Maryland, West Virginia and the Carolinas. The 4th Circuit opined that Miller did not violate the CFAA because he had valid log-in rights to WEC’s computer system at the time he logged on to download the confidential information. According to the court, WEC has other tort claims it can bring against Miller, just not a claim under the CFAA.
Given the split among the federal appellate courts on this issue, it is likely to end up before the United States Supreme Court for final resolution, so stay tuned.