One court recently found that an employee who wasted work time by using the Internet excessively, including playing on Facebook, did not violate the Computer Fraud and Abuse Act by her less than industrious ways.
The case is Lee v. PMSI, Inc., 2011 WL 1742028 (M.D. Fla. May 6, 2011) and the facts are pretty simple: Lee got fired from her job and sued PMSI, Inc., her former employer, for discrimination against her because she was pregnant. PMSI filed a counterclaim against Lee for violating the Computer Fraud and Abuse Act (sometimes referred to as “CFAA”) because, according to PMSI, she engaged in
“excessive internet usage” and “visit[ed] personal websites such as Facebook and monitor[ed] and [sent] personal email through her Verizon web mail account.”
Lee filed a Motion to Dismiss the CFAA claim and the motion was granted. The court found that, even if the allegations were true and Lee had done all of the things alleged, it would not have been a violation of the Computer Fraud and Abuse Act for two reasons: (1) Neither Lee’s use of the computer and Internet nor her lost productivity constituted a valid “loss” or “damage” necessary to satisfy the minimum $5,000 threshold for a CFAA civil claim; and (2) PMSI had given Lee authorization to use the computer and Internet and that authorization was not rescinded and, though Lee was using those resources for non-work related reasons, in doing so she was only accessing personal websites that she had a right to access and, therefore, “did not access any information that she was ‘not entitled to obtain or alter.'” Id. at *2. What this teaches us is that, at least for some courts, while it may be punishable for other reasons, Facebooking at work is not a crime (or civil violation) under the Computer Fraud and Abuse Act.
Very Important Point To Remember!
The Computer Fraud and Abuse Act is a relatively new law (since the 80s) and is still evolving in many areas. Few areas of the CFAA are “well settled” and that is especially true for the “loss” and “access” issues that were front and center in Lee v. PMSI, Inc. Because of this, it is not unusual for different courts, on different days, based on different facts, to rule in different ways in many of these cases. This is why it is very important for lawyers handling these cases to not only be familiar with the “rules” of these Computer Fraud and Abuse Act cases, but also understand the rationale (thank you Professor Joe Tucker — Contracts I for hammering this lesson home). For clients, it is important to make sure your lawyer does.
- Basic Elements of a Computer Fraud and Abuse Act – “Fraud” Claim (shawnetuma.com)
- Taking of Confidential Info Alone Not “Loss” Under CFAA (shawnetuma.com)
- Ninth Circuit Holds That Violating Any Employer Restriction on Computer Use “Exceeds Authorized Access” (Making It a Federal Crime) (volokh.com)
- 9th Cir: Access of Computer in Violation of Employer’s Use Policy Violates Computer Fraud and Abuse Act — US v. Nosal (ericgoldman.org)
- Bye Bye Brekka – Hello Nosal: Ninth Circuit Warms-up to Intended-Use Theory of “Access” Under the Computer Fraud and Abuse Act (shawnetuma.com)