Does the CFAA Apply to Business Partners?

The issue of whether the CFAA applies to business partners was presented to the Washington Court of Appeals and it punted.

In its March 29, 2011 opinion in Wheeler v. Calloway, No. 28734-3-III (Wa. App. 2011), the Washington Court of Appeals was faced with such a scenario. In that case two business partners were in the process of ending their relationship; during that process one of the partners deleted files from a partnership computer.

The other partner asserted a claim under the Computer Fraud and Abuse Act (“CFAA”) arguing that the deletion of the files was a violation of the CFAA. The Court, however, in ruling on a motion for summary judgment, found there were numerous fact issues and also stated,

Furthermore, we do not know whether Congress intended that the simple act of erasing files from an individual computer operated within a dissolved partnership would trigger liability under the CFAA See 18 U.S.C. ss. 1030. We therefore refuse to expand the scope of the CFAA. (Opinion)

The Court’s reasoning was that, in order to have a violation of the CFAA, one’s access to the protected computer must be unauthorized or in excess of authorization, and the court couldn’t decide if a disassociated business partner fit into such a scenario. So it didn’t. In other words, the Court punted and will let some other court, at some other time, determine whether Congress intended for that to be covered by the CFAA.