Alert
Protecting Trade Secrets Using Computer Fraud and Abuse Act
Read Time: 3 minsThe Computer Fraud and Abuse Act is a federal statute that allows plaintiffs to recover damages arising out of unauthorized computer access. The statute applies to computers used in interstate or foreign commerce or communication and protects against the use of unauthorized access to intentionally transmit information. This act applies to lending institutions and other businesses.
Because modern business practice requires that virtually every computer is used in interstate commerce or communication, and because computers are ubiquitous in today’s workplace, the Act has a remarkably broad scope. This broad scope has enabled the Act to become a useful tool in litigation.
Under its broadest provisions, the Computer Fraud and Abuse Act allows for a private lawsuit against a person who transmits information from a “protected computer” and causes “damage” and “loss” without authorization or in breach of his authorization.
A protected computer includes a computer “which is used in interstate or foreign commerce or communication.”
A damage is “any impairment to the integrity or availability of data, a program, a system, or information.”
A loss is “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” The Act only applies to losses of at least $5,000.
Though Congress first passed the Act in 1984, the Act was only a criminal statute at the time. The Act did not allow for civil lawsuits until 1994. Since then, the Act’s dramatic rise in the area of trade secret litigation has reflected the rise of computers in business. Where a financial institution has reason to believe an employee or third party has violated the Act it may have civil remedies.
The case of Shurguard Storage Centers, Inc. v. Safeguard Self Storage, Inc. provides the prototypical example of the Act in a trade secret case.[1] Shurguard and Safeguard were competitors in the self-storage business. Shurguard alleged that it had trade secrets in its system of creating market plans, identifying appropriate development sites, and evaluating whether a site will provide a high return on investment. Safeguard engaged in a pattern of hiring Shurguard employees who were privy to Shurguard’s information. At least one of these Shurguard employees—while employed by Shurguard and without permission—sent e-mails to Safeguard containing Shurguard’s trade secrets. Shurguard alleged claims of trade secret misappropriation, conversion, unfair competition, tortious interference, and violation of the Act.
The court refused to dismiss Shurguard’s claim under the Act. First, although the employee had authorization to access the Shurguard information when he sent it, that authorization ended when he acquired adverse interests “or if he is otherwise guilty of a serious breach of loyalty to the principal.” Second, although the Shurguard information was not deleted or altered from Shurguard’s system, the information’s “integrity” was damaged when the employee compromised the information’s protected state.
The Act allows for recovery of economic damages. One court has read “economic damages” broadly and held that it includes loss of business and business goodwill. Regardless of the amount of economic or compensatory damages, there must be a threshold requirement of at least $5,000 in “loss.” Another court has concluded that the threshold “loss” does not include lost business opportunity unless it is attributable to an interruption in service.
Often, the most contested battleground in a trade secret misappropriation case is whether a trade secret exists. A trade secret that is not really secret can cause the misappropriation claim to fail and possibly drag other claims down with it. An appealing feature of a lawsuit under the Act is that it does not require that the transmitted information be a trade secret at all. There is no restriction as to the nature of the information transmitted, only that the transmission occurred without authorization. Because a claim under the Act is unburdened by the trade secret issue, it is a useful arrow in the plaintiff’s quiver in a trade secret lawsuit.
Another feature some litigants may find attractive is that a claim under the Act provides a key to the federal courthouse. While opinions regarding the merits of state versus federal courts are as numerous as the lawyers offering them, those who prefer the federal courts may find the Act very helpful.
The Computer Fraud and Abuse Act’s private remedies may not increase or decrease the total dollar amount recoverable in a case. However, a violation of the Act can be easier to prove and keep the door open to damages when other claims are hard to prove. Additionally, the Act can be used to bring a question of federal law into what would otherwise be a state law matter.
——————————————————————————–
[1] 119 F. Supp. 2d 1121 (W.D. Wash. 2000).p