In a 6 to 3 ruling, the United States Supreme Court has limited the scope of the Computer Fraud and Abuse Act or CFAA.
Background on the CFAA
First, some background on the law: The CFAA was signed into law in 1986. It’s real purpose was to prevent hackers from breaking into secured computer systems. There is a classic 80’s movie called War Games. In War Games, Matthew Broderick hacks into a military supercomputer and almost starts World War III. That is what the CFAA was really all about. The CFAA is both a criminal and civil statute.
Authorized Users and Unauthorized Access
There is a clear distinction between someone hacking into a computer system for nefarious purposes and someone downloading too many academic articles from JSTOR. But the feds did not care. They indicted Swartz for wire fraud and violations of the CFAA. Facing economic ruin and 30+ years in jail, Swartz committed suicide.
The Supreme Court’s Ruling: A (Sort of) Bright Line
Mindful that CFAA had been misused and abused to punish all sorts of relatively innocent computer conduct, the Court attempted to create a bright line: Gates up or gates down. If someone is authorized to enter a particular computer or a particular database within a computer, and they do so, that is not a violation of the CFAA. Rather than considering what the person does with the data or why they accessed the data, the Court focused solely on whether or not they had authorized access to that universe of data.
Does this help clarify the law and rein in abuse of the CFAA? Yes. Does it completely resolve the issue? No. Of course not.
Unfortunately, we have yet to learn our lesson. I say this because Florida just passed the updated Combatting Corporate Espionage in Florida Act. This is basically the CFAA debacle 2.0, but at the Florida level. This new Florida law creates a new 2nd degree felony (15 years in jail) for “trafficking in trade secrets”. Given the long history of corporate plaintiffs in Florida filing frivolous trade secret cases, I expect an uptick in criminal prosecutions of departing employees who, e.g., forwarded themselves some documents or took the mythical “customer list” (of customers that anybody can find on Google in 10 minutes).
Jonathan Pollard is a Florida attorney who litigates complex and high stakes non-compete and trade secret cases. He has appeared in or on The New York Times, Wall Street Journal, PBS NewsHour, Law360, Litigation Commentary & Review, IP WatchDog, Inc. Magazine and more. His Fort Lauderdale office can be reached at 954-332-2380.