Employer Loses again with Accusation of Computer Theft

September 21, 2009 (PLANSPONSOR.com) - A federal appellate court has upheld a lower court ruling that a Nevada residential addiction treatment center did not prove a former employee violated federal computer piracy laws after leaving the company.

The 9 th U.S. Circuit Court of Appeals asserted in an opinion written by Circuit Judge Sandra S. Ikuta that LVRC Holdings failed to put forward enough evidence that former employee Christopher Brekka had run afoul of the Computer Fraud and Abuse Act (CFAA). The appellate panel agreed with U.S. District Judge Kent J. Dawson of the U.S. District Court for the District of Nevada that LVRC’s evidence was too weak to survive Brekka’s request that the company’s lawsuit be thrown out.

LVRC had first filed a report with the FBI, alleging that Brekka had unlawfully logged into LVRC’s Web site. The employer then filed the federal court suit, alleging that Brekka violated the CFAA when he emailed LVRC documents to himself in September 2003 and when he continued to access the Web site after he left LVRC.

The 9 th Circuit ruled that:

  • Because Brekka was authorized to use LVRC’s computers while he was employed at LVRC, he did not access a computer “without authorization” in violation of§ 1030(a)(2) or § 1030(a)(4) when he emailed documents to himself and to his wife prior to leaving LVRC.
  • The e-mailing of the documents “exceed authorized access,” under the CFAA because Brekka was entitled to obtain the documents.

The CFAA prohibits a number of different computer crimes, the majority of which involve accessing computers without authorization or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data.   LVRC brought suit under the provision of the statute that allows private parties to sue for actions against them.

The 9th Circuit ruling is available here .