AN INSIDE JOB: THE INTERSECTION OF FEDERAL COMPUTER LAW AND TRADE SECRET LAW IN CASES OF INSIDER MISAPPROPRIATION.

AuthorAndrews, Jenna M.
  1. Introduction

    A business's greatest risk to protecting its valuable trade secrets is not outside hackers or competing firms - it is company insiders. (1) Insider misappropriation is a problem that affects all types of businesses from multinational corporations to start-ups. (2) Theft at tributed to employees, partners or other insiders accounts for 90 percent of all trade secret cases. (3) Businesses in information-based industries, such as technology, financial services, insurance, and media are particularly dependent on trade secrets, as they provide them with a competitive advantage in their respective industries and to keep potential competitors from entering the market. (4) For many modern businesses, intellectual properties, such as trade secrets, are their most substantial and valuable assets. (5) For example, a high tech company may have few physical assets, but have billions of dollars in market capitalization based on its intangible assets. (6) Additionally, it is estimated that value of trade secrets owned by publicly traded companies in the United States is 5 trillion dollars. (7) With business value dependent on the security of information assets, it is critical to these firms that laws provide adequate protection for trade secrets against their greatest threat. (8)

    As trade secrets are commonly created, used, and stored on computers, they are not only protected by trade secret law, but potentially by computer law as well. (9) Before the enactment of the Defend Trade Secrets Act of 2016, which provided trade secret owners with a federal civil remedy, companies could bring lawsuits under state trade secret law and under common law causes of action in state courts. (10) In order to gain access to federal courts, trade secret owners pursued claims under the Computer Fraud and Abuse Act ("CFAA") on its own or accessed federal courts through diversity jurisdiction. (11) Employee misappropriation actions brought under the CFAA have been met with skepticism from courts, and there is currently a circuit split regarding the extent to which the CFAA imposes liability in this context. (12) The First, Fifth, Seventh, and Eleventh Circuits have addressed this issue using a broad application of the CFAA, allowing employers to bring claims against employees who have breached a duty of loyalty by using an employer's information assets in a disloyal manner. (13) The Second, Fourth and Ninth Circuits have used a more narrow, "technical" application, limiting employers from bringing misappropriation claims under the CFAA if the employer had granted the employee access to the specific misappropriated information. (14)

    In May of 2016 Congress passed the Defend Trade Secrets Act ("DTSA"), which provides broad protections against trade secret misappropriation and arguably allows employers access to federal courts without reliance on the CFAA. (15) While the extent to which the CFAA provides protection against the misuse of trade secrets by company insiders is unclear, the DTSA will provide an effective alternative to recovery for insider misappropriation. (16)

    Part II of this note examines the Computer Fraud and Abuse Act, focusing on the elements of the statute that mirror trade secret misappropriation. (17) Part II then discusses the controversial circuit split over the interpretation of the CFAA in the insider misappropriation context. (18) Lastly, Part II provides a background on trade secret law and introduces the newly enacted Defend Trade Secret Act. (19) Part III examines several notable cases of insider misappropriation that were brought under the CFAA. (20) Part IV analyzes the two theories of interpreting the CFAA in the disloyal employee context and argues that narrow interpretation is the correct approach. (21) Finally, Part IV evaluates the DTSA as an alternative federal action to the CFAA and ultimately concludes that cases of insider trade secret misappropriation should be brought exclusively under the DTSA. (22)

  2. History

    1. The Computer Fraud and Abuse Act and Trade Secrets

      Mainstream computer use revolutionized business by enhancing productivity, increasing connectivity, and making data mobile and readily available. (23) However, advancements in technology have significantly increased the risk of information theft and misuse. (24) The Computer Fraud and Abuse Act was first enacted as a criminal statute to cover a broad spectrum of computer crimes, particularly hacking and espionage. (25) The CFAA's criminal sanctions have since been expanded from covering government and financial institution computers to covering computers in the private sector. (26) The CFAA was further amended to allow civil actions to be brought by any person who suffers loss from a violation of the CFAA resulting in damages of $5,000 or more. (27) As the protective scope of the statute expanded, the CFAA became a tool for companies to privately litigate the theft of trade secrets and information assets. (28)

      Sections 1030 (a)(2) and 1030(a)(4) of the CFAA mirror trade secret misappropriation in the context of an employee taking proprietary information from their employer through the use of a computer. (29) Section 1030 (a)(2) of the CFAA prohibits the act of (1) intentionally accessing a computer without authorization or by exceeding authorized access, (2) obtaining information from that protected computer, and (3) causing loss in excess of $5,000. (30) Additionally, section 1030(a)(4) prohibits (1) accessing a protected computer without authorization or exceeding authorized access, (2) with intent to defraud, and (3) furthering fraud by obtaining anything with a value in excess of $5,000. (31) These provisions of the CFAA appear to impose broad liability for obtaining valuable information from a computer to which the individual did not have access. (32) Unlike trade secret laws, the CFAA focuses solely on the conduct of the defendant and does not place any qualifying characteristics on the accessed information. (33)

    2. The Circuit Court Split

      Employers have used the civil action available through the CFAA against former employees who have used company computers to take trade secrets or other information assets in order to form their own company or to join a competing firm. (34) However, courts have struggled with application of the CFAA in the disloyal employee context. (35) The vague language of the statute has left Federal Circuits divided over the meaning of "without authorization" and "exceeds authorized access" and whether employees should be held liable for the misuse of their employer's information assets under the CFAA. (36) The First, Fifth, Seventh, and Eleventh Circuits have taken an expansive view of the application of the CFAA in the disloyal employee context. (37) These courts have held that under the CFAA, an action arises when an employee permissibly accesses information on a computer, but uses the information in a manner inconsistent with the employer's policies. (38) The Seventh Circuit adopted an "agency theory" interpretation, holding that an employee's authorization terminates when he acts against the interest of the employer. (39) This theory considers authorization to be defined by the agency relationship between the employer and employee, rather than the technical authorization to access a computer, such as log in credentials. (40) For example, an employer may act against the interests of his employer when he supplies a competing company with a compiled list of his firm's acquisition targets. (41) The broad interpretation applied by these courts is beneficial to employers because it merely requires them to establish that the employee's actions were adverse to the employer in order to show that the employee did not have authorization under the CFAA. (42)

      Conversely, the Second, Fourth and Ninth Circuits have rejected the "agency theory" and applied a narrow interpretation of the CFAA. (43) These courts have considered the legislative history of the CFAA and determined that the law was aimed exclusively at penalizing external data theft, such as hacking. (44) Under the narrow interpretation, unauthorized access occurs when an individual does not have physical or technological access to a computer, such as access to a company laptop or a password to enter into a company network. (45) For example, when a former employee purposefully breaches a firm's internal network after the employee's log in credentials have been revoked and accesses the firm's internal database, he is acting without authorization. (46) These courts have also determined that the violation of a company's use policies, resulting in non-permissive use of information, does not qualify as exceeding authorization under the CFAA. (47) This approach limits employers because it does not impose liability upon a former employee who misuses trade secrets to which he was given access to in the course of his work. (48)

    3. Trade Secret Law

      1. State Trade Secret Law

        Trade secrets are commercially valuable information that provide a competitive advantage by virtue of not being generally known to the public. (49) They can result from years of research and development, time-consuming compilation, and expensive production costs. (50) Unlike other forms of intellectual property, there is no formal procedure for obtaining and registering a trade secret; they can only be preserved through litigation. (51) Prior to the enactment of a federal trade secret law, civil relief for trade secret misappropriation was available exclusively under common law and state law. (52)

        Forty-seven states have adopted a version of the Uniform Trade Secret Act (UTSA), providing a unified standard for qualifying trade secrets and establishing misappropriation. (53)

        In trade secret litigation under the UTSA, the first consideration is whether the information at issue meets the definition of a trade secret, first evaluating if the information derives economic value. (54)...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT