Bunny Bytes: Predicting the 10th Circuit

10th crystal ballThere is currently a circuit split over the CFAA and the words “exceeds authorized access,” as I previously discussed in my post Employees + the CFAA = Circuit Split. When a circuit split exists, there is a high likelihood that a petition for writ of certiorari will be granted by the Supreme Court to resolve the dispute among the Federal Circuit Courts of Appeal. Looking forward in a feeble attempt to predict the outcome of the future fate of the CFAA, I decided to start by figuring out which court of appeals SCOTUS tends to agree with the most in a circuit split and see which side of the CFAA chasm they stand on.

Although subject to change with the passing of Justice Scalia, Tom Cummins & Adam Aft have reported in their annual Appellate Review series that in recent court terms, SCOTUS has sided most frequently with the 10th Circuit in resolving a split. After that, they agree second most frequently with the 1st Circuit.

Interestingly, the 10th Circuit has yet to weigh in on the CFAA debate, and the 1st Circuit is on the increasingly unpopular side of the split, pulling for a broad interpretation of “exceeds authorized access” with their decision in EF Cultural Travel BV v. Explorica, Inc. (holding that using a web scraping tool to download all of the content off a competitor’s website “exceeded authorized access”).

Let us take a look at how the lower courts in the 10th Circuit have been interpreting “exceeds authorized access,” and whether the 10th Circuit has denied appeals of those decisions.  Continue reading

Advertisements

Bunny Bytes: Employees + the CFAA = Circuit Split

https://pixabay.com/en/fork-junction-road-caution-forked-32601/In December of 2015, the Second Circuit joined the dispute over whether an employee can be sued under the Computer Fraud and Abuse Act (CFAA) when they use their employer’s computer system in a way that is outside the scope of employment. With the Second Circuit weighing in, seven of the twelve Federal Courts of Appeals have taken up a position in the fight, with four courts on one side of the split and three in opposition. And while the Second Circuit’s interpretation of the disputed part of the CFAA appears sound, the disturbing facts surrounding the case may cause further polarization.

What’s the problem?

The CFAA can be used to prosecute anyone who “intentionally accesses a computer without authorization or exceeds authorized access.” 18 U.S. Code § 1030(a)(2). Under this provision of the statute, several employers have sued their former employees for misappropriating certain information for personal benefit, such as trade secrets or customer contacts. Even though the employee may have had authorized access at the time when they extracted the information, employers argue that authorized access is exceeded when the use of that information falls outside the scope of employment. In other words, the employee may have authorized access for work purposes, but they exceed that authorization when they abuse that access.

Using the CFAA to prosecute former employees in this way makes sense when an employee is surreptitiously collecting confidential information from their current employer with the intent of quitting that job to go work for a competitor. This sort of misappropriation may result in substantial profit loss for the former employer.

However, the same liberal interpretation of the CFAA would also potentially criminalize employees who casually misuse a company computer for personal reasons that is outside the scope of their employment, such as to check their personal email, use social media platforms, or even pay their bills online. The contention among the Circuit courts is whether to employ a broad or narrow interpretation of “exceeding authorized access.”

Continue reading

New Developments: “Cannibal Cop” Decision Deepens Circuit Split On Federal Hacking Statute

from Sam Winston on TRADE SECRET INSIDER:

“Prosecutors and employers take notice — one of the most robust, wide-reaching tools against computer fraud and abuse could be blunted. The Second Circuit recently joined the Fourth and Ninth circuits in narrowly interpreting the Computer Fraud and Abuse Act (CFAA) in United States v. Valle, 807 F.3d 508 (2d Cir. 2015). Valle, an ex-cop, was convicted of using his access to police databases to aid his gruesome plot to kidnap, torture, and eat a woman, but the Second Circuit overturned that conviction based on its reading of the CFAA. While the Valle case made lurid headlines in the New York press, it has further reaching consequences for the CFAA. The decision deepens the circuit split against the First, Fifth, Seventh, and Eleventh circuits, which give prosecutors and employers more room to bring claims under the CFAA with a broader interpretation of the act.” Read more….