Bunny Bytes: The CFAA & Trade Secret Litigation— “Undercutting Employee Mobility: The Computer Fraud and Abuse Act in the Trade Secret Context”

The following is a synopsis of Undercutting Employee Mobility: The Computer Fraud and Abuse Act in the Trade Secret Context by Glenn Schieck.

When “rogue employees” misappropriate trade secrets via computer before leaving to work for a competitor, the victim company currently has the option to pursue civil actions against the employee under either the state’s trade secret statute or the CFAA. Glenn Schieck’s article argues that this “reliance on the CFAA threatens to undercut policy considerations of trade secret law.”

The problem is that the CFAA does not accommodate for competitive markets where employees move freely between companies with an accepted risk of some knowledge being compromised, whereas trade secret law does. This article proposes that the CFAA should be amended “to adopt some limited substantive elements of trade secret law” to avoid companies potentially abusing the statute to circumvent trade secret law when it does not accommodate their means.

Schieck explains how the CFAA came to be used in lieu of trade secret litigation after it was drastically amended in 1996 to include all “protected computer[s],” whereas the CFAA was previously limited to protecting computers of “federal interest.” With this amendment, companies found it easier to bring a claim under the CFAA rather than state trade secret law because the latter requires the plaintiff to show that a trade secret exists, there were reasonable efforts to keep that information ‘secret,’ and that there was wrongful appropriation of the information. In contrast, the CFAA only requires that the plaintiff show wrongful appropriation. In addition to lowering the bar for pleading requirements, the CFAA provides federal jurisdiction, unlike state trade secret law, which allows for certain elements of relief that state level jurisdiction may not provide. The CFAA also may allow some plaintiffs to enforce non-compete clauses in states where they would otherwise be unenforceable. Finally, supplemental jurisdiction enables a plaintiff to bring both CFAA and trade secret claims in tandem, occasionally resulting in double recovery for damages.

Schieck’s article proposes legislative amendments to the CFAA to narrow certain interpretations of the statute to avoid the aforementioned contentions with trade secret law. The main issue raised is the CFAA’s broad use of the word “authorization,” which creates liability when an individual’s use of a computer system is either “without authorization or exceeds authorized access.” For now, liability is created when an authorized user of a computer system breaches a written computer use policy, such as an agency agreement between an employer and employee. Schieck supports proposed reform to the CFAA to include an additional barrier to define a breach, such as a physical barrier or possibly a confidentiality/non-compete agreement. He further suggests the addition of a “reasonable efforts” provision that would prevent frivolous claims to be brought against appropriation of information that is not confidential. With these proposed amendments, Schieck believes that the CFAA could be better managed to avoid subverting the policy goals of trade secret law.

Glenn Schieck is a 2014 JD graduate of Brooklyn Law School and is currently an Associate at Harter Screts & Emery LLP in Rochester, New York.