Custom Hardware Engineering & Consulting, Inc. v. Dowell (E.D. Missouri Jan 23, 2013)

Custom Hardware Engineering & Consulting, Inc. v. Dowell, 918 F. Supp.2d 916 (E.D. Missouri Jan 23, 2013) (8th Cir)

Custom Hardware Engineering (CHE) is a company that provides computer part where maintenance services on many types of computer systems using a remote monitoring technology that it developed which allows its personnel to monitor and troubleshootcomputer systems remotely. CHE is based in Missouri but has employees who work from their homes across thirty-seven states. David York is the President and CEO of CHE. Defendants Dowell, Marcus Smith, Laura Smith, and Pilling were employees of CHE.CHE had contracts with the Defendants that (1) made them fiduciaries and required faithful performance devoting their full time and attention to CHE, (2) required them to return all company property upon termination, and (3) had nondisclosure obligations and noncompetition agreements, including efforts to re-create information from memory.In May of 2008, while working for CHE, Defendants set up Defendant TriPoint, any entity to provide custom solutions and consulting in information technology, and provided services on behalf of TriPoint without obtaining permission from CHE.

CHE has a proprietary program called Star Team. While working for CHE, Defendants used a program called Groove to store CHE’s source code to Star Team.

On October 1, 2008, York sent an e-mail to the Individual Defendants stating that they were not performing their jobs satisfactorily and demanded they either make changes or would be replaced. On February 20, 2009, York set a mandatory meeting with regard to his prior e-mail but prior to the meeting, all of the Individual Defendants attempted to re-sign. York rejected their resignations and terminated them from CHE. They continued to work for TriPoint.

Defendants eventually returned the CHE property, including computers belonging to CHE. CHE search the computers for its source code but was unable to locate it. CHE initiated litigation and obtained an order directing the Defendants to turn over all computers within their possession to forensic-imaging experts for examination. On April 30, 2010, just hours before turning over his computer for imaging, Pilling installed Eraser 6 data-wiping software which makes it impossible to determine what files had been on the computer.

CHE sued Defendants for violating the Computer Fraud and Abuse Act and Defendants moved for summary judgment on the CFAA claim. The allegations underlying the CFAA claim was Defendants’ (1) unauthorized access of its computers to obtain one or more things of value, including but not limited to its computer software, program source code, and other confidential information and trade secrets, and (2) knowingly causing transmission of a program, information, code or command that intentionally caused damage to a protected computer owned by CHE.

In denying Defendants’ motion for summary judgment, the court looked to the Defendants’ employment agreements from which it made the following determinations: (1) the employee’s use of the computer and data was restricted to the period of employment (limited duration); and (2) the employee’s use of the computer and data was restricted to being only for the benefit of employer (intended use). The court found that any access by Defendants after their termination or any access not used for CHE’s benefit would be an unauthorized access. The court also found there was a genuine issue of material fact as to whether Defendants used their access to delete, or render inaccessible, protected information in the form of the source code. Finally, the court found that Defendants’ use of Eraser 6 data-wiping program was sufficient evidence of CHE’s claims to require submission of the CFAA claim to a jury.

Key Takeaways: businesses need to have solid employment agreements or acceptable use policies that restrict (1) the duration for which access is authorized, (2) the intended-use for which access is authorized, and (3) that these restrictions apply to not only the computers but also the data that is accessible from those computers.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s