The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. §1030, is primarily a criminal statute aimed at computer hacking, but the law also creates a private cause of action in certain narrowly defined circumstances. With the prospect of additional legal remedies and an entrée into federal court, companies are asserting CFAA claims against disloyal employees who have misappropriated company data to use in a competing venture. In recent years, courts have been split about the reach of the CFAA: Is it intended only to cover computer hackers and electronic trespassers, or does it also apply to employees who abuse computer access privileges and misuse company information? While Congress is debating several bills that would clarify the scope of the CFAA, the U.S. Supreme Court has yet to consider the issue, so for now, companies will plead broad CFAA claims against disloyal employees, and trial courts are left to wrestle with the issue.
This article will discuss the CFAA generally and the definition of “unauthorized access” under the statute as it relates to employee misappropriation, as well as the use of novel CFAA theories to seek redress from the transmission of unwanted data to mobile phones and communication systems.
