The CFAA Requires Access of a Computer — Not Just Access to Information

To have a valid CFAA claim, there must be an access to a computer.

The Computer Fraud and Abuse Act is often referred to as an “access crime” because the act that is prohibited is accessing a computer. Misusing information that someone else obtained from a computer is not accessing a computer. Doing so may be wrong for other reasons, but it is not a CFAA violation because it does not entail accessing a computer.

The court in New Show Studios LLC v. Needle, 2014 WL 2988271 (C.D. Cal. June 30, 2014) addressed this issue where a former employee continued to use his former employer’s information after his employment terminated by having people who still worked for the company access information and supply it to him. The court dismissed the CFAA claim because the plaintiff did not plead any access to a computer:

To prevail on a CFAA claim, plaintiffs must establish, among other things, that defendants “intentionally accessed a computer.” LVRC Holdings LLC, 581 F.3d at 1132. But the FAC is devoid of any allegation that the defendants accessed any computer. Instead, the FAC only alleges that Needle “gained access to confidential and sensitive information.” FAC ¶ 37. Accessing plaintiffs’ information, however, is not the same thing as accessing plaintiffs’ computer systems, even if that information was at some point stored on those computers. The Ninth Circuit has specifically cautioned against reading the CFAA as an “expansive misappropriation statute.” Nosal, 676 F.3d at 857; see also id. at 863 (explaining that the “general purpose” of the CFAA “is to punish hacking—the circumvention of technological access barriers—not misappropriation of trade secrets”). If plaintiffs wish to assert a claim under the CFAA, they must plainly allege that defendants’ accessed their computer systems, and explain the basis for those allegations.

This site uses Akismet to reduce spam. Learn how your comment data is processed.