Warning about the Computer Fraud and Abuse Act

Employers use a federal fraud law to intimidate employees

Employers sometimes use the Computer Fraud and Abuse Act (“CFAA”) to intimidate employees into dropping their employment discrimination claims.

When the law was originally passed in 1984 as the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, it was intended to protect classified, financial and credit information on government and financial institution computers (“federal interest computers”). At that time, because it only prohibited unauthorized access or hacking, it did not protect against improper use by authorized users. However, the CFAA was substantially broadened by amendments in 1994, 1996 and in 2001 by the Patriot Act.

Now, employers can, and commonly do, use the CFAA to threaten to bring or to bring the following types of claims against an employee under the Act:

  1. The employee “intentionally” accessed a computer “without authorization” or “exceeded authorized access” and obtained information from any “protected computer” and the conduct involved an interstate or foreign communication.
  2. The employee “knowingly and with intent to defraud” accessed a “protected computer” “without authorization” and thus has furthered the intended fraudulent conduct and obtained “anything of value.”
  3. The employee “knowingly” caused transmission of a program, information, code or command and, as a result, “intentionally” caused damage “without authorization” to a “protected computer,” or “intentionally” accessed a “protected computer” “without authorization,” and caused damage and “loss” aggregating at an amount stated in the law.

Do not exceed your authority in using your employer’s computer system

In order to avoid threats of litigation under CFAA, be careful not to: (1) access your employer’s computer system if you are no longer employed; or (2) exceed your authorization in accessing your employer’s computer system if you are currently employed.

The same caution applies with respect to the removal of confidential and/or proprietary trade secret information.