Either Way You Say it, It’s Unauthorized: Mass. Federal District Court Declines to Dismiss Computer Fraud and Abuse Act (CFAA) Claim
Monday, December 9, 2013
Computer Fraud and Abuse Act
Print Mail Download i

On November 12, 2013, A court in the U.S. District Court for the District of Massachusetts issued a decision concerning the ongoing debate about the meaning of “exceeding authorized access” under the Computer Fraud and Abuse Act. Moca Systems, Inc. v. Bernier, No. 13-10738-LTS (D. Mass. Nov. 12, 2013). MOCA Systems, Inc. filed suit against its former CEO and his newly formed company, Penley Systems, LLC, claiming Bernier improperly accessed MOCA’s computer systems to obtain confidential information and trade secrets for use at his new company.

computer fraud and abuse act litigation Massachusetts

MOCA alleged that within days of his termination, Bernier entered MOCA’s office, took a company-owned computer, downloaded MOCA’s trade secrets and confidential information, and then deleted a significant amount of information in an attempt to cover his tracks.

As this blog has previously noted, federal appellate courts are currently split on the interpretation of the term “exceeds authorized access” under the CFAA, and whether the term should be interpreted narrowly or broadly.  “Exceeds authorized access” is defined by the CFAA to mean, “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled to so obtain or alter.”   The phrase “without authorization” is not defined by the statute, however, and courts are currently divided on whether the phrase should be interpreted broadly or narrowly.

The court concluded that MOCA’s allegations supported a claim that Bernier had accessed the computer “without authorization” under either the narrow or broad reading of the CFAA, and denied Bernier’s motion to dismiss.  Declining to weigh in on the split in authority, the court noted:

Resolution of the pending motion, however, does not require the Court to determine which line of cases is better-reasoned, since the allegations in this Complaint differ materially from these cases and suffice under either standard.

In situations such as this, when an employer suspects foul play and theft of corporate resources, employers should consider making a forensic copy of the computer in question immediately.  Turning the computer on before making a forensic copy can create difficulties in investigating the employee’s activities because it can alter the metadata relating to downloaded and deleted files.

Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

Pregnant Workers Fairness Act Final Regulations Released
by: Joseph J. Lynett , Katharine C. Weber
USCIS Issues Employment Authorization Procedures for Palestinians on Deferred Enforced Departure
by: Forrest G. Read IV
OSHA Proposes Expansion of Workplace Protections for Emergency Responders
by: Courtney M. Malveaux , Melanie L. Paul
Ninth Circuit Holds Warehouse Worker Qualifies as Transportation Worker Under FAA Exemption
by: Scott P. Jang
MSHA Issues Long Awaited Final Silica Rule
by: Karl F. Kumli
Labor Commissioner’s FAQ on Fast Food Minimum Wage
by: Laura A. Pierson-Scheinberg , Benjamin A. Tulis
New Study Shows Gen Z LGBTQIA+ Students, Graduates Value, Seek Out Inclusive Workplaces
by: Teresa Burke Wright
DHS Extends, Redesignates Temporary Protected Status for Ethiopia
by: Forrest G. Read IV
Privacy Versus Cyber – What is the Bigger Risk?
by: Joseph J. Lazzarotti
Top Five Labor Law Developments for March 2024
by: Jonathan J. Spitz , Richard F. Vitarelli

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins