A Primer on the Computer Fraud and Abuse Act

By Adam J. Shafran, Esq.

The Computer Fraud and Abuse Act (“CFAA”) is a federal law that has been appearing in lawsuits brought by employers against their former employees at an ever increasing rate. The CFAA prohibits employees from accessing their employer’s electronic information without authorization, and includes both criminal and civil causes of action. Specifically, the CFAA makes it illegal for an employee to “knowingly and with the intent to defraud, access a protected computer without authorization, or exceed authorized access, and by means of such conduct further the intended fraud and obtain anything of value.”

In Massachusetts to date, there has been a split among judges that have interpreted the law. On the one hand, some judges interpret the CFAA narrowly to only prohibit “hacking,” but on the other hand, some judges have interpreted the CFAA broadly to prohibit an employee’s misuse of an employer’s electronic information, even when the employee was authorized to access it in the first place.

The CFAA is a potentially powerful weapon for employers because a prevailing employer is entitled to be reimbursed by the employee for a forensic review of any computers used by the employee to determine what the employee might have copied or deleted when he separated from employment. In addition to increasing the damages that an employer may recover, the CFAA can also help the former employer in a non-competition case against its former employee by effectively isolating the employee from his or her new employer. While it is common for a new employer to indemnify the employee that it hires in breach of a non-competition clause, it would be far less likely to do so in the face of federal criminal fraud charges under the CFAA.

Ultimately, employers and employees should take two things from potential CFAA suits: 1) employers should clearly define the servers and electronic systems that its employees are permitted to access; and 2) employees should err on the side of caution and only access electronic information that they know they are permitted to access or reach out to the employer to confirm authorization.

Published by
Adam Shafran

Recent Posts

The Meaning of At-Will Employment in Massachusetts

The at-will employment doctrine is a double-edged sword in the workplace, offering both freedom and…

1 week ago

Rudolph Friedmann Wins Martha’s Vineyard Real Estate Dispute

Jon Friedmann obtained a favorable verdict from the Massachusetts Superior Court after a three-day jury-waived…

2 weeks ago

Alex Tsianatelis Quoted in “Landlord’s alleged breach doesn’t justify end of rent payments” in Massachusetts Lawyers Weekly

A Massachusetts court recently decided a case involving a commercial lease agreement dispute, which determined…

1 month ago

Rudolph Friedmann Elevates Alexander Tsianatelis to Partner

Rudolph Friedmann is pleased to announce Alexander Tsianatelis has been named a partner at the…

1 month ago

Court Orders Contractor to Pay Attorney’s Fees Under Massachusetts General Law Chapter 231, § 6F

Jon Friedmann and Casey Sack successfully secured a decision under Massachusetts General Law Chapter 231,…

2 months ago

Good Fences Make Good Neighbors … So Do Clear and Concise Intentions: An Examination of Tools That Give a Party the Right to Control Property They No Longer Own

A selling party owned two adjacent oceanfront homes in a scenic community in Massachusetts. The…

2 months ago