In the cross-post from our Noncompete Blog, another CFAA decision is discussed.
Echoing a new theme in the federal district court in Massachusetts, last month Chief Magistrate Judge Leo T. Sorokin refused to dismiss a Computer Fraud and Abuse Act (“CFAA”) claim brought against the former CEO of a company, but did so without prejudice, meaning that the defendants could ask the Court to dismiss the claim again later in the case. Under the CFAA, ”[a] defendant is liable where he or she ‘knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value . . . .” MOCA Systems, Inc. v. Bernier, C.A. No. 13-10738-LTS, 5 (D. Mass. Nov. 12, 2013) (quoting 18 U.S.C. sec. 1030(e)(6)). As Judge Sorokin noted, courts are divided on the meaning of “exceeds authorized access” and “without authorization” in the statute, something I have written about extensively elsewhere on this blog. Some courts interpret these phrases narrowly, meaning that a defendant actually has to “hack” into another’s computer system to be liable, while others interpret the law more broadly and permit liability when a defendant violates a contract with his or her employer by accessing certain information and using it for a prohibited purpose (such as to compete with the employer).
In this case, Judge Sorokin referred to a decision by Judge Timothy Hillman, another federal judge in Massachusetts, in which Judge Hillman decided not to dismiss a CFAA claim and to wait until summary judgment, a later stage of the case after the parties have taken discovery, to see whether the plaintiff could meet the narrower standard. Michael Rosen and I both discussed that case here. This approach allowed Judge Hillman to avoid deciding whether the narrower or broader interpretation was correct, although Judge Hillman found the narrower interpretation “preferable.” Judge Sorokin took a somewhat similar approach. Although he found that the allegations of the complaint in his case fit even the narrower CFAA standard, he denied the motion to dismiss without prejudice, which means that the defendants can ask the court to dismiss the complaint later should the actual evidence show that they did not “hack” to meet the narrower standard. Such a motion likely would require Judge Sorokin to decide whether the narrower or broader interpretation is correct. This new, “wait and see” approach that Judge Hillman and now Judge Sorokin have taken with respect to the CFAA shows just how controversial the CFAA really is, and how judges are beginning to avoid that controversy whenever they can.