LVRC Holdings, LLC (LVRC) filed suit in federal district court against its former employee, Christopher Brekka, his wife, and related businesses alleging that Brekka violated the Computer ?Fraud ?and ?Abuse ?Act ?(CFAA), ?18 U.S.C. ? 1030, by accessing LVRC?s computer ?without authorization,? both while Brekka was employed and after he left the company.?? ?The district court granted summary judgment in favor of the defendants, and they appealed.
Plaintiff was hired to oversee a number of marketing aspects of it residential treatment facility, which included conducting internet marketing programs and interacting with the company?s internet access consultant.?? Plaintiff was assigned a company computer.
Plaintiff emailed to his personal computer documents he obtained or created in connection with his work.? ?These documents included a financial statement for the company, LVRC?s marketing budget, admission reports for patients at Fountain Ridge, notes he took from a meeting with another Nevada mental health provider, and a master admissions report, which included the names of past and current patients.? ?After receiving authorization, he logged onto the company website and downloaded statistical information gathered by the website consultant. In September 2003, the Plaintiff stopped working for? ?the? ?Defendant.???? ?He? ?left? ?his? ?company computer? at? work? without? deleting? any information.?? The employer brought an action in federal court, alleging that Plaintiff violated the CFAA when he emailed company documents to himself in September 2003 and when he continued to access the website after he left.
The?? CFAA?? prohibits?? a?? number?? of?? different computer crimes, the majority of which involve accessing computers without authorization or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data. See 18 U.S.C. ? 1030(a)(1)-(7) (2004). ?The statute also creates a cause of action in favor of persons injured by such crimes.
After listing the elements of the claim, the Court concluded that, under the terms of the statute, authorization? to? use? a? computer? does? not? cease when an employee uses a computer contrary to the employer?s interest. ?Under the terms of the statute, ?when an employer authorizes an employee to use a company computer subject to certain limitations, the employee remains authorized to use the computer even if the employee violates those limitations.? ?(Emphasis added). ??[W]e hold that a person uses a computer ?without authorization? . . . when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone?s computer without any permission), or when the employer has rescinded permission? ?to? ?access? ?the? ?computer? ?and?? the defendant uses the computer anyway.? The? Court? also? concluded? that? there? was? not enough evidence upon which a reasonable jury could find that Plaintiff violated the CFAA after he left the company.
LVRC Holdings, LLC v. Brekka, —F.3d– (9th Cir. Sep. 15, 2009) (Ikuta, McKeown, Selna (C.D. Cal.)).