By Brent A. Cossrow
Not long ago, the 11th Circuit Court of Appeals in Atlanta upheld the conviction of an employee under the Computer Fraud & Abuse Act in United States v. Roberto Rodriguez.
In that case, the 11th Circuit took on the question of whether an employee “exceeds authorized access” under the CFAA by accessing information on a computer in a manner contrary to an employer’s written policies. The answer according to the 11th Circuit: Yes.
This week, the U.S. Court of Appeals for the 6th Circuit in Cincinnati weighed in on the debate without offering much insight into its thought process. In United States v. Batti, the 6th Circuit upheld a conviction under the CFAA of an information technology employee, Luay Batti, accused of stealing confidential data from and using his employer’s computers.
According to the appellate court’s decision, Batti accessed his employer’s computer systems and copied confidential electronically stored information belonging to the Chief Executive Officer. The electronically stored information contained information regarding executive compensation, financial data and strategic business plans.
On appeal, the court only addressed the issues of whether the United States proved that the value of the data stolen by Batti exceeded $5,000 and whether the district court had committed reversible error in awarding restitution to to Batti’s employer in the amount of $47,565.
In ruling that favors the employer and affirms Batti’s conviction, the appellate court did not squarely address the crux of the ongoing debate about whether a current employee who has permission to use a company’s computers can violate the CFAA. For more on that debate as addressed by other courts, click here.
While side stepping the hot button issue under the CFAA, the appellate court stated that Batti accessed his employer’s computers and copied its files without authorization. While this could be interpreted as signaling the 6th Circuit’s agreement with those courts that find the CFAA applies to employee’s who access computers during the scope of their employment, there is room to wonder because the appellate court noted that Batti also accessed his employer’s computers at least 21 times after his employment terminated.
Consequently, the Batti opinion contains mixed signals on the issue of what constitutes “authorized” access by employees. A copy of the 6th Circuit’s opinion in Batti is available here.
This was originally published on Fisher & Phillips Non-Compete and Trade Secrets blog.
“How much do you think the way we need managers/leaders to "realize" what you talk about is because of the . . . ”
— ENJOYWorkWith.Me on Employee Loyalty? No, It’s Not Dead – It Just Changed Hands, 2 hours ago
“This is the great 21st century challenge for HR, management, and anyone concerned with the long term viability of the . . . ”
— Keisha Jackson on Employee Loyalty? No, It’s Not Dead – It Just Changed Hands, 10 hours ago
“Great point! What else will they want control over?!”
— Eric Gaydos on Relax – You’ll Never, Ever be Asked For a Facebook Password, 11 hours ago
“Derek, great piece. My own work also suggests that recognition is a top driver of employee engagement and loyalty (along . . . ”
— Kevin Kruse on Employee Loyalty? No, It’s Not Dead – It Just Changed Hands, 12 hours ago
“How very true. The positive impact of a leader admitting mistakes (as long as it's not all the time) and allowing others . . . ”
— jonbaker on 3 Steps to Help You Own Up When You Make The Big Mistake, 15 hours ago