Access Of Computer System With Log-In Credentials Is Not Unlawful “Hacking”


A California federal court in Enki Corporation v. Freedman held that a former employee’s access of the employer’s computer systems through his log-in credentials did not amount to unlawful hacking under either the Computer Fraud and Abuse Act (“CFAA”) or the California Computer Data Access and Fraud Act (“CDAFA”).

Enki Corporation entered into an agreement with Zuora to provide Zuora with certain consulting and IT services, and as part of these services Enki installed a computer resources and performance monitor on Zuora’s network. In order to fulfill its obligations, Enki contracted with one of its former employees, Keith Freedman, to provide certain consulting services to Zuora. Enki subsequently terminated the contract with Freedman after it learned that Freedman had allegedly spread negative stories about Enki and its work product to Zuora, and alleged that prior to the termination of Freedman’s contract, Freedman and Zuora had accessed Enki’s performance monitor without authorization to download Enki’s proprietary information. Enki subsequently sued both Freedman and Zuora for, among other things, violations of federal and state anti-hacking laws (i.e., the CFAA and CDAFA). However, the federal district court dismissed both claims.

With respect to the CFAA claim, the court held that the employer failed to properly allege that the defendants accessed Enki’s computer system “without authorization.” The court noted that the CFAA “regulates access to data, not its use [or misuse] by those entitled to access it” and because both defendants were authorized to access the data in question there was no CFAA violation.

With respect to the CDAFA claim, the court held that a plaintiff must allege that defendants overcame “some technical code or barrier” to state a violation, and that a violation of a terms of use agreement is not sufficient to state a claim under the CDAFA.

With these facts, employers often turn to the CFAA and CDAFA to sue former employees who abscond with information from company computers, particularly when such information does not meet the definition of a protectable trade secret. The Freedman case reveals that such suits continue to face significant hurdles in California.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fenwick & West LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.