Anti-Hacker Legislation May Now Help Employers

By John Lowe

Employers have a new arrow in their quiver to protect against the improper dissemination of confidential and proprietary information. This arrow may prove especially helpful in punishing employees who access company information prior to leaving the employer for the employer's competitor and in punishing the competitor if it benefits from the improper conduct.

Congress originally passed the Computer Fraud and Abuse Act in 1984 to protect confidential information in government and financial industry computers from "hackers." Through amendments in 1994 and 1996, however, Congress greatly expanded the Act's reach; it now applies to almost anyone who intentionally and without authorization accesses financial information or anything worth more than $5,000.00. Those found guilty of a violation face criminal fines and imprisonment up to 20 years. Most importantly, the Act provides monetary and injunctive relief for anyone who "suffers damage or loss by reason of a violation."

Two recent opinions have applied the Act to protect employers. In Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc., 119 F.Supp.2d 1121 (W.D. Wash. 2000), the plaintiff sued a former employee's new employer, arguing that the former employee violated the Act when he e-mailed the plaintiff's trade secrets and proprietary information to the new employer. The federal district court for the Western District of Washington overruled the new employer's motion to dismiss, holding: (1) the Act does not merely apply to a "hacker" but also to the former employee because he breached his duty of loyalty to his employer and began acting as the agent for the defendant; and, (2) the term "fraud" within the Act simply means "wrongdoing," and does not require proof of the common law elements of fraud.

In United States v. Middleton, 231 F.3d 1207 (9th Cir. 2000), the Ninth Circuit Court of Appeals upheld the criminal conviction of an employer's former computer administrator who quit his job and then hacked into the employer's system, changed passwords, altered the computer's registry, and deleted the employer's entire billing system and two databases.

While the recent amendments are broad, the current scarcity of decisions interpreting them makes their breadth and application unclear. These two recent decisions, however, give employers strong arguments in negotiations and suits with unfaithful former employees, and competitors who employ them.