Trade Secrets Theft by Former Employee Results in a Criminal Conviction Under the Federal Computer Fraud and Abuse Act but Still Leaves Uncertainty Over the Scope of the Act

In United States v. Nosal, a federal jury in California convicted a former employee of Korn/Ferry for violating the Computer Fraud and Abuse Act (“CFAA”). The evidence showed that the defendant directed his co-conspirators within the firm to use a borrowed password to gain access to trade secrets to be used in establishing their own business. The use of the borrowed password was critical to the successful prosecution under the CFAA because earlier in the case the Ninth Circuit Court of Appeals issued an opinion that narrowly interpreted the statute to prohibit only “unauthorized procurement or alteration of information, not its misuse or misappropriation.” The significant aspect of the Ninth Circuit’s interpretation of the CFAA in Nosal is the Court’s conclusion that a violation of the statute does not occur merely because an employee initially uses his authorized access to obtain his employer’s proprietary information even if he does so with the intent to misappropriate it. Presumably, had Nosal’s co-conspirators who accessed the computerized information in question been able to do so using their own passwords, there would have been no “unauthorized procurement” in violation of the CFAA.