What Happens When He “Shit-Cans The Laptop”? An Ex-Employee and “Exceeds Access” Under The CFAA

From Professor Susan Brenner at Cyb3rCrim3: Once again, in a dispute between a company and a former employee — The Shit-Canned Laptop — under the  federal Computer Fraud and Abuse Act, the federal district court finds that the narrow interpretation of “exceeds access” is the appropriate understanding of the statute.  The court in  Dresser-Rand Co. v. Jones, 2013 WL 3810859 (2013), recognized a

 

split between what is cast as a broad versus a narrow interpretation of the term `without authorization.’ Under the narrow view, an employee given access to a work computer is authorized to access that computer regardless of his or her intent to misuse information and any policies that regulate the use of information. . . .
Under the broad view, if an employee has access to information on a work computer to perform his or her job, the employee may exceed his or her access misusing the information on the computer, either by severing the agency relationship through disloyal activity, or by violating employer policies and/or confidentiality agreements. . . .

 

The lesson seems to be that, in many such situations, the best option is for the aggrieved company to proceed foremost under trade-secrets and state-law theories, rather than the hybrid criminal/civil structure of the CFAA.