The Fourth Circuit Court of Appeals recently decided that the Computer Fraud and Abuse Act (CFAA) did not provide an employer with recourse against former employees who downloaded information from the company computer. In the case of WEC Carolina Energy Solution, LLC v. Miller, two employees sent company information to their personal computers. They then quit, took jobs with a competitor, and according to the lawsuit, used the information to help the competitor win a contract.
Although the employees’ conduct violated company policy, it did not violate the statute designed to outlaw unauthorized access to protected computers. At the time they downloaded the information, they did not exceed the authorization they had. They did not alter the information, nor did they hack into an area from which they were supposed to be excluded.
The Court recognized the employer’s frustration with the unauthorized use of its proprietary information, but stated that to read the law the way it wanted would have terrible unintended consequences.