Supreme Court May Add New and Improved Tool to Trade Secret Litigators’ Toolboxes

Whether misappropriation is alleged under federal law (the Defend Trade Secrets Act) or state law (a version of the Uniform Trade Secrets Act), misappropriation claims are often paired with other causes of action sounding in tort or contract. For example, in the employment context, misappropriation claims against a former employee are often paired with claims that the employee breached an employment contract, violated fiduciary duties, and engaged in unfair competition.

In the joint venture context, misappropriation claims against a former or proposed partner are often paired with claims of breach of a non-disclosure agreement, tortious interference, and fraud. These additional causes of action can provide additional remedies, as well as fallback positions if the trade secret misappropriation claims prove unsuccessful.

On April 20, 2020, the Supreme Court of the United States agreed to hear an appeal that will resolve a circuit split regarding the scope of the Computer Fraud and Abuse Act (the CFAA), a federal statute that has often been invoked, albeit with mixed success, in trade secret misappropriation cases. Enacted in 1986, the CFAA was designed to combat computer-related crimes. The CFAA imposes criminal liability on any person who “intentionally accesses a computer without authorization” or “exceeds authorized access” and, in doing so, obtains information from any protected computer. The CFAA also provides a civil cause of action for similar conduct. See 18 U.S.C. §§ 1030(a)(2), 1030(a)(4), 1030(a)(5)(B)-(C).

The CFAA was intended to provide a powerful tool for the prosecution of computer-related crimes, and for businesses to protect their intellectual property, including trade secrets. In practice, however, the efficacy of the CFAA has been limited by judicial decisions resulting in a circuit split on the meaning of the statutory language “without authorization” and “exceeds authorized access.” The Second, Fourth, and Ninth Circuits have adopted a narrow interpretation of those terms, and in those circuits, CFAA liability cannot be imposed on a person — such as an employee or former employee — who was granted permission to access information on a computer who subsequently uses that information for an improper purpose. In stark contrast, the First, Fifth, Seventh, and Eleventh Circuits have broadly interpreted “exceeding authorized access” to include using information on a computer in violation of a confidentiality agreement or accessing information on a computer for a purpose prohibited by an employer, regardless of whether the person engaged in those acts was granted permission to access the information.

By granting certiorari in United States v. Van Buren, 940 F.3d 1192 (11th Cir. 2019), the Supreme Court could soon decide this circuit split. In Van Buren, which originated in Florida (part of the Eleventh Circuit), a state police officer was convicted of violating the CFAA when, without permission, he shared information from a database he was authorized to access with a confidential informant. The Eleventh Circuit rejected Van Buren’s argument that he was innocent of computer fraud because he accessed only databases that he was authorized to access (a defense that likely would have prevailed in the Second, Fourth, and Ninth Circuits). The Eleventh Circuit acknowledged the circuit split on the central issue of “unauthorized access” and all but invited the Supreme Court to resolve the split. In his petition to the Supreme Court, the single question presented by Van Buren was whether a person who is authorized to access information on a computer for certain purposes violates Section 1030(a)(2) of the CFAA if he accesses the same information for an improper purpose. The United States unsuccessfully opposed the petition, arguing on several procedural grounds that the case would be “a poor vehicle for resolving any circuit disagreement about the scope of the statutory phrase ‘exceeds authorized access.’”

If the Supreme Court affirms Van Buren’s conviction and adopts the more expansive interpretation of unauthorized access applied in the First, Fifth, Seventh, and Eleventh Circuits, it will be adding a powerful tool to trade secret litigators’ toolboxes. Countless trade secret misappropriation claims arise out of scenarios where an employee (or former employee) accesses a database they had permission to access and then improperly downloads or copies proprietary information for later unauthorized use. Nationwide availability of criminal and civil CFAA liability based on such conduct will not only provide a powerful deterrent to the theft of electronically-stored trade secrets and other proprietary information, but it will also provide a powerful civil cause of action for IP owners to assert against wrongdoers.

CFAA claims are often easier to prove than trade secrets claims because they do not require a plaintiff to establish the reasonableness of the steps taken to safeguard the protected information (a fact-intensive analysis often requiring examination of company policies over prolonged periods of time). The CFAA can thus be used to protect the same interests as trade secrets cases but at lower cost and risk. If the Supreme Court adopts the interpretation of “unauthorized access” currently being applied in the First, Fifth, Seventh, and Eleventh Circuits, expect to see a proliferation of CFAA claims in connection with misappropriation claims under the DTSA and UTSA.