Condux International, Inc. v. Haugum, Civil File No. 08-4824 (D. Minn.) 12/15/2008
It is a fact of modern business that, from time to time, employees leave companies and, on their way out, take electronically stored information (electronic files). If the employee, at the time that he accesses and takes the files, is authorized to use the computer system, is he liable under the Computer Fraud & Abuse Act (CFAA) for “unauthorized” access to the files since he was not authorized, of course, to misappropriate the files?
In Condux, the U.S. District Court, D. Minn., (Montgomery, J.) sided with those courts that have adopted a more narrow reading of the federal statute. Essentially, the Court seems to have relied on the fact that the CFAA was passed to prevent computer hacking. The expansion to cover quasi-unauthorized access to computer systems and files, the Court ruled, is unjustified. Similarly, a clause in the statute prohibits acts that cause damage to a protected computer. Again, Judge Montgomery interpreted this narrowly, in contrast to some other courts, and held that misappropriating computer files does not cause “damage” to the system as the term is used in the CFAA.
Things to note: (1) Condux could, of course, appeal. There is no Eighth Circuit law on this. I believe Condux’s odds of success on appeal are low. (2) there are potential state law claims (conversion, misappropriation of trade secrets, tortious interference with contract, for example) and so Condux may well have viable claims, just not federal ones it seems.