Access Of Computer System With Log-In Credentials Is Not Unlawful “Hacking”


A California federal court in Enki Corporation v. Freedman held that a former employee’s access of the employer’s computer systems through his log-in credentials did not amount to unlawful hacking under either the Computer Fraud and Abuse Act (“CFAA”) or the California Computer Data Access and Fraud Act (“CDAFA”).

Enki Corporation entered into an agreement with Zuora to provide Zuora with certain consulting and IT services, and as part of these services Enki installed a computer resources and performance monitor on Zuora’s network. In order to fulfill its obligations, Enki contracted with one of its former employees, Keith Freedman, to provide certain consulting services to Zuora. Enki subsequently terminated the contract with Freedman after it learned that Freedman had allegedly spread negative stories about Enki and its work product to Zuora, and alleged that prior to the termination of Freedman’s contract, Freedman and Zuora had accessed Enki’s performance monitor without authorization to download Enki’s proprietary information. Enki subsequently sued both Freedman and Zuora for, among other things, violations of federal and state anti-hacking laws (i.e., the CFAA and CDAFA). However, the federal district court dismissed both claims.

With respect to the CFAA claim, the court held that the employer failed to properly allege that the defendants accessed Enki’s computer system “without authorization.” The court noted that the CFAA “regulates access to data, not its use [or misuse] by those entitled to access it” and because both defendants were authorized to access the data in question there was no CFAA violation.

With respect to the CDAFA claim, the court held that a plaintiff must allege that defendants overcame “some technical code or barrier” to state a violation, and that a violation of a terms of use agreement is not sufficient to state a claim under the CDAFA.

With these facts, employers often turn to the CFAA and CDAFA to sue former employees who abscond with information from company computers, particularly when such information does not meet the definition of a protectable trade secret. The Freedman case reveals that such suits continue to face significant hurdles in California.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fenwick & West LLP | Attorney Advertising

Written by:


Fenwick & West LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.