Social Media

Monday, September 10, 2012

Handling of Trade Secrets


Businesses often store proprietary information in automated systems, and it is much easier to pilfer proprietary information.  It can be done with a few keystrokes.  In a commendable burst of foresight, in 1986 Congress saw this problem looming on the horizon and enacted the Computer Fraud and Abuse Act (“CFAA”), 18 USC §1030.  The CFAA was designed principally to prevent outsiders from hacking into computer systems and not to prevent theft by employees.  However, depending on the circumstances, the CFAA can also cover theft by corporate employees.  The statue makes it a crime to intentionally access a computer “without authorization” or to “exceed authorized access” to obtain information on the computer.  The CFAA is a criminal law, and, although the general rule is that criminal laws do not create private causes of action, in the CFAA Congress expressly created a private cause of action, allowing a private party to obtain compensatory damages and injunctive relief.


Recently, the U.S. Court of Appeals for the 4th Circuit decided a case applying the CFAA in a civil action involving an employee’s alleged theft of trade secrets. WEC Carolina Energy Solutions, LLC v. Miller, et al., 4th Cir. No. 11-1201 (26 July 2012).  The defendant, Miller, was an employee of the plaintiff, WEC, and WEC authorized Miller to access WEC’s computers.  WEC alleged that Miller transferred the company’s trade secrets from the company’s computers to a competitor.  WEC alleged, inter alia, that Miller violated the CFAA.  The case presented the following issue: If a company authorizes an employee to access the company’s computers and to access the information on the computers, and if the employee, acting within the scope of his authorization, transfers information to a competitor, does the employee violate the CFAA?  The Court acknowledged that there are two conflicting decisions in other courts reaching opposite conclusions. Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006); United States v. Nosal, 676 F.3d 854 (9th Cir. 2012)(en banc).  

In WEC, the Fourth Circuit Court focused on the “plain language of the statute, seeking first and foremost to implement congressional intent,” saying that the words of the statute should be given their ordinary, contemporary and common meaning.  The Court noted that because the statute has criminal penalties the Court must strictly construe the statue applying the so-called “rule of lenity,” rejecting interpretations not strictly warranted by the text.  The Court concluded that based on the ordinary and common meaning of “authorization,” an employee is authorized access to a computer when the employer approves his admission to that computer.  Thus, an employee accesses a computer without authorization only if he gains admission to that computer without the employer’s approval.  Similarly, the Court concluded that an employee “exceeds authorized access” when he has approval to access the computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access.  For example, if the employee accesses files that are outside the scope of his authorization.  According to the Fourth Circuit, the CFAA does not reach the improper use of information validly accessed.  For example if the employer authorizes the employee to access the information, and the employee then improperly uses the information by transferring the information to a competitor, the employee has not violated the CFAA.

The WEC decision does not leave employers without remedies for the theft of trade secrets.  Employers can still sue for violation of state trade secrets laws, breach of fiduciary duty, and, depending on the facts, fraud.  However, in cases like the WEC case, employers cannot sue for violation of the CFAA.

Author John Polk is Special Counsel at the D.C. regional business law firm of Berenzweig Leonard, LLP.  He can be reached at jpolk@berenzweiglaw.com.

A License to Libel: Virginia Federal Court Extends Immunity under Communications Decency Act


Today, every business knows how important its online reputation is when it comes to attracting new customers.  With businesses becoming increasingly impacted by online review sites, many have taken to the courts in an effort to protect themselves against negative internet postings. One such advertising company, Directory Assistants, Inc. (DAI) sued its competitor, SuperMedia, LLC, two of its sales representatives, and a district sales manager, for allegedly emailing prospective customers with links to negative and allegedly defamatory postings about DAI on consumer websites, such as ripoffreport.com.


In its recent ruling, a Norfolk, Virginia federal court dismissed DAI’s case on the ground that the Communications Decency Act (CDA) shielded SuperMedia from liability. Section 230 of the CDA provides that “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” While many federal courts of appeal, including the Fourth Circuit, have held that the CDA creates broad federal immunity for internet service providers, this was the first Virginia federal case to extend immunity under the CDA to a third party “user” who finds and forwards content posted online. The Court recognized that Congress has granted “anonymous posters on these websites a license to libel people” and that such blanket immunity could have potentially catastrophic consequences for individuals and businesses alike, but concluded that “under the CDA, the Court’s hands are tied.”

Thus, unless Congress amends the CDA, business owners are limited to suits against individuals who actually wrote, created, or developed the allegedly defamatory content. As such, businesses should make every effort to take a proactive approach to improving their online reputation, survey their customers for reviews and honest feedback, and timely respond to any customer grievances.

Author Sara Dajani is an Associate Attorney with the D.C. regional business law firm of Berenzweig Leonard, LLP.  She can be reached at sdajani@berenzweiglaw.com.