On July 26, the U.S. Court of Appeals for the Fourth Circuit became the first circuit to adopt the Ninth Circuit’s holding in U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012), that the Computer Fraud and Abuse Act does not apply to employees who steal data from the company computers. WEC Carolina Energy Solutions LLC v. Miller, 2012 WL 3039213 (4th Cir. July 26, 2012). This case places the Fourth and Ninth circuits in direct conflict with the First, Third, Fifth, Seventh, Eighth and Eleventh circuits, increasing the odds that the U.S. Supreme Court will address this issue at some point.

The CFAA, the federal computer crime statute, allows individuals or companies victimized by violations of the statute to bring a civil action against the perpetrator. U.S.C. 1030(g). For a theft of data a plaintiff must prove that the defendant accessed the computer “without authorization” or exceeded his authorized access. The conflict among the circuits centers on what it means to access a computer without authorization. This article will examine the scope of this issue and the likelihood that the Supreme Court will resolve this conflict in favor of the more expansive meaning of “without authorization.”