The U.S. Ninth Circuit Court of Appeals gave a restrictive reading to the Computer Fraud and Abuse Act (“CFAA”), rejecting its use to remedy violations of a private company’s computer use policies by the company’s employee. United States v. Nosal, No. 10-10038 (April 10, 2012).
The CFAA, 18 U.S.C. § 1030, imposes criminal penalties and civil liability in a variety of circumstances in which one accesses a “protected computer” without authorization or “exceeds authorized access” in doing so. Some courts have held that an employee who has been granted unlimited access to his employer’s computer acts without authorization or exceeds authorized access in violation or the CFAA when he makes an unauthorized use of information obtained from the computer, such as by sending the information to a competitor. In those opinions, the courts determined that an employee’s breach of his employer’s computer use policy, or a violation of the employee’s fiduciary duty to his employer, could invalidate the employee’s previously-granted authorization to access his employer’s computer. See, e.g., United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010); United States v. John, 597 F.3d 263 (5th Cir. 2010); International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006).