HR News & Trends, Legal Issues

Court: Using Facebook at Work Does Not Violate Computer Fraud Act

FacebookLarge_3

By Michael R. Greco

The debate rages on concerning the scope and extent of the federal Computer Fraud & Abuse Act.

In simple terms, the CFAA makes it unlawful to access a protected computer without authorization (or in excess of one’s authorization) and to damage the computer or obtain information that one is not entitled to obtain. Originally a criminal statute, the CFAA also provides for a civil claim if certain conditions are met.

Courts have long debated whether the statute applies in the context of an alleged faithless employee who accesses an employer’s information contained on a computer for an improper competitive purpose. Regardless of the varied judicial opinions addressing this point, the United States District Court for the Middle District of Florida recently rejected as “dubious” a somewhat novel argument that an employee violated the CFAA by accessing Facebook and her personal email at work.

Background of the case

In Wendi Lee v. PMSI, Inc., Lee sued her former employer, PMSI, for pregnancy discrimination. PMSI counterclaimed under the CFAA stating that Lee engaged in “excessive internet usage” and “visit[ed] personal websites such as Facebook and monitor[ed] and [sent] personal email through her Verizon web mail account.”

In its opinion dismissing the CFAA claim, the Court began by noting the CFAA is originally a criminal statute designed to target hackers who access computers to steal information. The Court noted that some courts have permitted CFAA claims against employees who send an employer’s trade secrets or proprietary information via email. Lee citing Shurgard Storage Centers v. Safeguard Self Storage (W.D. Wash. 2000).

Notwithstanding these cases, the Court concluded that “[b]oth the letter and spirit of the CFAA convey that the statute is not intended to cover an employee who uses the internet instead of working.”

The Court’s conclusion was based on more than it’s impression of the purpose underlying the CFAA. The Court examined the statute and observed that a CFAA violation occurs if a defendent damages a computer or obtains information to which the employee is not entitled. In this case, PMSI failed to allege that Lee somehow damaged its computers or accessed its information.

Debate over CFAA will likely continue

The Court also recognized that a civil claim under the CFAA only exists if the alleged wrongful conduct causes a loss to one or more persons during a one-year period aggregating at least $5,000 in value. Despite PMSI’s creative argument, the Court held that the “statute does not contemplate ‘lost productivity’ of an employee” as the type of loss required to sustain a CFAA claim.

No doubt, the debate over the scope and applicability of the CFAA will continue to unfold in courts across the country. Employers will continue to use the CFAA as a tool to protect their confidential and trade secret information, and eventually, the Supreme Court or Congress will likely address the split of opinion.

Wherever the line may be drawn eventually, for now, at least, the line has not been so broadly drawn as to apply the statute to employees who spend too much time on the internet at work. Employers who seek to address this problem should do so through appropriately tailored written policies and careful implementation.

This was originally published on Fisher & Phillips Non-Compete and Trade Secrets blog.

Mike Greco is a partner in the Philadelphia office of the law firm Fisher & Phillips. He litigates and provides counseling nationwide to employers concerning legal claims and issues arising from the movement of employees between competitor firms. Mike has prosecuted and defended more than 300 employee defection and recruitment matters, obtaining and defeating injunctive relief in at least 27 different state and federal courts. Contact him at mgreco@laborlawyers.com.