Lovells LLP
R Mark Halligan and Deanna R Swits
The recent case of Modis v Bardelli9 illustrates the increasingly common practice of litigating trade secret disputes in the US federal courts in conjunction with claims under the US Computer Fraud and Abuse Act (CFAA)10.
In the United States, state law governs claims for misappropriation of trade secrets and breach of a non-disclosure or non-compete agreement. This often leads to frustrating jurisdictional wrangling for plaintiffs who desire the benefits of extraterritorial jurisdiction and national service of process afforded by the US federal courts, but who have difficulty in establishing federal jurisdiction. However, it is now becoming increasingly common for plaintiffs to avoid this problem by tying claims for trade secret misappropriation to claims under the CFAA, which provides federal subject matter jurisdiction.
The CFAA
The CFAA originally was enacted in 1984 as a criminal statute to protect classified information on government and financial institution computers. In the 1990s it was amended to add a private civil cause of action and to apply to any “protected computer” (defined to include any computer used in interstate or foreign commerce, whether in the US or elsewhere).
Because most trade secrets now reside in an electronic environment, the use of the CFAA to combat the theft of trade secrets by disloyal employees is increasing. There have been dozens of cases involving the litigation of trade secret misappropriation claims under the CFAA in recent years, and this trend will continue.
Section 1030(a) of the CFAA enumerates various categories of misconduct but the cases involving departing employees focus on the element of “without authorisation” or “exceeding authorised access.” Recent cases have recognised that the CFAA provides a remedy in the federal courts against disloyal employees who download, transfer or delete trade secret information on company computers or engage in other acts of trade secret misappropriation involving computers.
Shurgard11
In Shurgard, employees accessed the plaintiff’s computer to transmit trade secrets to a new employer they were joining. The district court rejected the argument that these employees had authorised access to Shurgard’s computer system because they were still employed by Shurgard. Instead, the US District Court for the Western District of Washington held that these employees lost their authorisation and were, therefore, “without authorisation” when they accessed Shurgard’s computer system to send confidential information via email to their new employer.
Citrin12
In Citrin, Judge Posner, writing for the Seventh Circuit Court of Appeals, expanded upon the reasoning in Shurgard, analysing the issue of authorisation from an agency theory. The case involved an employee, Mr Citrin, who decided to leave International Airport Centers (IAC) and start up his own competing business. Before leaving, he deleted from his company-issued laptop computer all the data he had collected on potential acquisition targets for IAC. The Seventh Circuit held that Mr Citrin’s authorisation to access the computer terminated when he decided he would delete the data; that decision was a breach of his duty of loyalty to his employer which automatically terminated the agency relationship which, in turn, automatically terminated his authority to access the company-owned laptop computer.
Modis
On 22 January 2008, the US District Court for the District of Connecticut issued its decision in a the case brought by Modis against its former employee, Ms Bardelli, who had joined a competitor company and had accessed and downloaded customer files from Modis before leaving. The court held that an employment agreement restricting her access to Modis’ computers unless “in furtherance of Modis’ Business” was sufficient to establish that she had exceeded her authorised access. The court chose not to discuss whether the defendant had an improper purpose or breached the duty of loyalty – the employment agreement’s prohibition on access was enough.
