Employees and the Computer Fraud and Abuse Act (CFAA)

Today, October 5, 2020, starts a new term for the United States Supreme Court shorthanded after Justice Ruth Bader Ginsburg’s recent passing away on September 18, 2020. One of the cases pending before the Supreme Court and scheduled for oral argument on November 30, 2020 is the Van Buren v. United States case. This case involves the Computer Fraud and Abuse Act (CFAA) and employers should take note of how this Act can be used with employees.

Although the CFAA is primarily a criminal statute, there is a provision of the statute that creates a civil cause of action. 18 U.S.C.A. § 1030 (g). It is often used by Employers to sue employees or former employees who access electronic files on work computers. An example would be the Merritt Hawkins & Assocs., LLC v. Gresham case where the Employer brought an action against the employee who resigned and began working for competitor, alleging he violated Computer Fraud and Abuse Act (CFAA) by improperly taking documents from employer's computer on the day before his resignation.

In the Van Buren case, the United States Supreme Court will be considering whether an employee (Van Buren)or other person that was authorized to access certain information for a specific purpose violates that federal law by accessing the information for another purpose beyond the original authorization. Van Buren was a Georgia police officer who the FBI was targeting during a sting operation when he asked a man named Andrew Albo for a loan. During the course of the sting, Albo asked Van Buren to run a license plate on an exotic dancer that he supposedly liked in order to determine if she was an undercover cop. Van Buren agreed to run the computer search in exchange for funds in the approximate amount of $6,000.

Van Buren was charged with the criminal violations of the Computer Fraud and Abuse Act for accessing a computer without authorization and was sentenced to 18 months in prison. Yet, Van Buren argues that he could not have violated the CFAA because he had the authorization to access the database. The 11th Circuit disagreed and held up the conviction but now it is pending before the U.S. Supreme Court. The argument being that if Van Buren had the keys, did he really “break in” to the computer. The Supreme Court’s decision to narrow or broaden this analysis will have an impact on how employers approach the civil cause of action under the CFAA. We will have to wait and see on this one but it should be on an employer’s radar this fall.