« DENTAL IMPLANT COMPANY PAYS COMPETITOR $2M EMPLOYEE RAIDS, TRADE SECRET THEFTS WERE ROOT CAUSES OF LAWSUIT | Main | A TRADE SECRETS PRACTICE WITH EXTRAORDINARY BENCH STRENGTH AND A STRONG SENSE OF ECONOMIC TRENDS »

WHEN TRADE SECRETS ARE SENT BY COMPUTER : FEDERAL LAW OFFERS ANOTHER WEAPON TO COMPANIES SEEKING PROTECTION

The Connecticut Law Tribune
Vol 34, No. 43
David S. Poppick

A former employee, with a few computer keystrokes, sends his employer's confidential, proprietary documents and information from his work computer to his personal home computer before joining a competitor. He faces harsh civil and criminal penalties if the employer sues under the Computer Fraud and Abuse Act, a federal statute that intensifies the arsenal of familiar claims for breach of restrictive covenants and fiduciary duties, misappropriation or unfair competition.
The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, was passed in 1984 to protect classified, financial and credit information on government and financial institution computers ('federal interest computers'). It initially provided only criminal penalties (fines and imprisonment) and only prohibited unauthorized access or hacking into federal interest computers. It did not protect against improper use by authorized users of such computers.
As amended in 1994, the CFAA includes civil remedies (compensatory damages and injunctive and other equitable relief) and expands protection to include damage or loss caused both by outsiders and insiders or other authorized computer users. It also criminalizes certain types of reckless conduct and other intentional acts.

ELEMENTS OF PROOF

The most common civil causes of action under the CFAA are brought under either:
• 18 U.S.C. § 1030(a)(2)(C), which requires a showing that a person "intentionally accessed a computer without authorization or exceeded authorized access and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication;"
• 18 U.S.C. § 1030(a)(4), which requires a showing that a person has "knowingly and with intent to defraud accesses a protected computer without authorization [and thus]...furthers the intended fraud and obtains anything of value;" or
• 18 U.S.C. § 1030(a)(5)(i)(ii), which requires a showing that a person "knowingly causes transmission of a program, information code or command, and as a result of such conduct intentionally causes damage without authorization to a protected computer [or] accesses a protected computer without authorization and caused damage and loss aggregating at least $5,000.00."

TRADE SECRETS CASE

Shurgard Storage Centers Inc. v. Safeguard Self Storage Inc., 119 F. Supp. 2d 1121 (W.D. Wash. 2000), is a leading example of an employee who exceeds his computer authorization and steals his employer's trade secrets and confidential information. Shurgard was an industry leader in self-storage due to its 'sophisticated system of creating market plans, identifying appropriate development sites, and evaluating whether a site will provide a return on an investment.' Id. at 1123. A competitor, Safeguard, began courting a regional development manager employed at Shurgard, Eric Leland. Leland, who had full access to Shurgard's trade secrets, began e-mailing them to Safeguard. Safeguard later hired Leland, and he continued to provide his new employer with Shurgard's confidential business information. Safeguard also lured away other key employees with knowledge of Shurgard's business models and practices.
Shurgard sued under the CFAA. The court held that the disloyal employee's authority to access Shurgard's computers ended when he began acting as an agent of Safeguard, and rejected Safeguard's argument that the CFAA was intended to protect only entities whose information affected the national economy. The court held that the conduct was covered because the information traveled over the Internet and, therefore, was interstate.
The court also held that Shurgard was not required to prove the common law elements of fraud. Rather, Shurgard's allegation that Safeguard had 'participated in dishonest methods to obtain [Shurgard's] secret information' was sufficient.
Additionally, the court ruled that Safeguard's conduct constituted 'damage' under the statute since Safeguard 'allegedly infiltrated [Shurgard's] computer network ... collected and disseminated confidential information.'
Several courts have followed Shurgard for supporting a civil cause of action under 18 U.S.C. § 1030. A CFAA claim also may be pled against a former employee who, without authorization, accesses the employer's file server and deletes, removes or destroys contents that the former employee generated as an employee. Both damage and loss are necessary to state a cause of action under the CFAA.

CONCLUSION

The CFAA supplements the more traditional common law and statutory claims for misappropriation of trade secrets, proprietary and confidential information. It serves as an additional weapon for an employer to use against employees who use computers for unlawful conduct, including the specter of harsh civil and criminal penalties.

David S. Poppick is a member of Epstein Becker & Green P.C. in the firm's Stamford office. He practices in Connecticut and New York and represents national and regional employers in all aspects of labor and employment law and litigation.

Posted by Jon Cavicchi on October 28, 2008 10:03 PM |

About this Blog

Welcome to The Trade Secrets Vault

Search


About

This page contains a single entry from the blog posted on October 28, 2008 10:03 PM.

The previous post in this blog was DENTAL IMPLANT COMPANY PAYS COMPETITOR $2M EMPLOYEE RAIDS, TRADE SECRET THEFTS WERE ROOT CAUSES OF LAWSUIT.

The next post in this blog is A TRADE SECRETS PRACTICE WITH EXTRAORDINARY BENCH STRENGTH AND A STRONG SENSE OF ECONOMIC TRENDS.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]