Employee-Hacker Legislative Task Force

Robert Kain

Chair

Joel Rothman

First Vice Chair

Larry Kunin

Second Vice Chair

Computer Abuse and Data Recovery Act, Fla. Stat. 668.801

CADRA Case Update August 2017

 

Employee Hacker - CADRA Legislative Task Force

Purposes and Goals:
1. To monitor case law involving Florida’s Computer Abuse and Data Recovery Act
("CADRA"), Fla. Stat. 668.801 and further developments of Florida's Computer Crimes Act, Fla.
Stat. § 815.01 et seq., and the Federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030.
2. To support the Business Law Section’s promotion of fair and reasonable protection of
business interests involving computer related theft, both from insiders (employees, officers and
directors and others contractually associated with the business) and outsiders (persons and
entities unconnected with the business.
3. Monitor further developments and the split in federal circuit appeals courts in connection
with the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030.
a. No-CFAA Violation When Employee Hacks Employer Data: United States v.
Nosal, 676 F.3d 854 (9th Cir. 2012)(en banc)(CFAA does not cover a disloyal
employee or an insider that takes computer data during his employment and uses
it in an anti-competitive manner after leaving the company); WEC Carolina
Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012)(after resigning, the
ex-employee used the data taken prior to his resignation in an anti-competitive
manner).
b. CFAA Violation When Employee Hacks Employer Data: Brown Jordan Int'l
Inc. v. Carmile, 846 F.3d 1167 (11 Cir., Jan. 25, 2017)(high level manager, with
an “honorary” title of president, while employed by a furniture manufacturer,
violated the CFAA when he accessed, without authorization, other employee
email accounts with a generic password (“password1"), further the court held that
the cost of investigation alone was enough to meet the CFAA’s $5,000 damage
threshold and the statute did not require damage to the electronic data or an
interruption of data services due to the manager’s actions); Int'l Airport Centers,
L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2006)(after resigning, the ex-employee
used the data in an anti-competitive manner and violated the Act); EF Cultural
Travel BV v. Explorica, Inc., 274 F.3d 577, 578-79 (1st Cir. 200l)(an employment
agreement establishes the parameters of unauthorized access); and United States v.
John, 597 F.3d 263 (5th Cir. 2010)( disloyal employee violated statute even
though she rightfully had access to the computer data, but then gave the data to
cohorts who incurred fraudulent credit card charges).

Sponsors