E-Mailing Work Home Can Be a Violation of Computer Fraud and Abuse Act

A law suit brought under the Computer Fraud and Abuse Act ("CFAA") against an employee who e-mailed files containing proprietary or confidential information to his home after he gave notice of resignation may proceed, ruled an Arkansas judge in Nilfisk-Advance, Inc. v. Mitchell (2006 WL 827073 (W.D. Ark.). The plaintiff brought suit alleging that Mitchell e-mailed files containing trade secrets to his home with the intent to convey the information to Nilfisk's competitors. Mitchell moved to dismiss, arguing that he had access to the files and, accordingly, there was no cause of action under the CFAA. Judge Hendren, acknowledging the availability of a civil remedy in what is, essentially, a criminal statute, denied the motion. While it was conceded that Mitchell had authorized access, Nilfisk took the creative position that Mitchell "exceeded any authorization he had" when he e-mailed the files home "with the alleged purpose of misappropriating the information contained in them. The court agreed.

This is a decision which is bound to generate a lot of discussion. Should employees who have given notice cease to e-mail work to home computers? Intent is almost always proven circumstantially, and one of the most compelling circumstances is the temporal relationship between acts -- here the notice to resign and the e-mailing of the files. It is doubtful that this decision will have a chilling effect on telecommuters and those who work from home, as most employers would be well-advised to limit an employee's access to proprietary information once that employee has given notice. But one may also ask whether this decision will stretch the already-elastic bounds of a statute some have called "cyber-RICO." Stay tuned!

Ken Rashbaum

4:16 PM