Split in Authority re Interpretation of “Without Authorization” in Computer Fraud and Abuse Act (“CFAA”)

In CFAA on September 4, 2010 at 9:08 am
Online Fraud
Image by Don Hankins via Flickr

Law360 has published a useful discussion by Eric Welsh and Sarah Fulton of a split in authority in the interpretation of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030.  The CFAA is a statute that provides for both criminal and civil claims for persons who have “knowingly accessed a computer without authorization or exceeding authorized access, . . .”  Id. § 1030(a)(1).  “In the context of an employee that steals data from a computer, the question under this statute is whether that person’s access to the computer was ‘without authorization’ . . . .[but] in the absence of a clear definition, courts in the United States have struggled to define the circumstance where a person acts ‘without authorization.’”  In the context of employee misappropriation, courts have approached the interpretation of “without authorization” in two ways:

Some courts have interpreted the definition of “without authorization” to include “exceeding authorized access.” With this view, the courts consider the CFAA to reach instances where the employee’s motives become contrary to the goals of the employer. This is viewed as a more flexible application of the CFAA. Alternatively, other courts view acting “without authorization” more rigidly, as being limited to situations where an employee accesses information or files outside the bounds of his job description.

The authors recommend that employers take the following steps to better align themselves with the CFAA’s protections:

  • include clear delineations in the employment handbooks or guidelines of what is or is not permissible access under an employee’s job title
  • immediately upon termination of an employee, halt an employee’s access to company computers.
  • clearly define you computer policies to specify the types of technologies that they encompass
  • explicitly limit the programs and computers that an employee is allowed to access in the scope of his or her employment
  • access to these programs should be explicitly contingent upon employment or an assignment for the benefit of the employer.


Enhanced by Zemanta

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: