Thank You For Submiting Feedback!
United States District Court for the District of New Hampshire
June 29, 2012, Decided; June 29, 2012, Filed
Case No. 10-cv-120-SM
Defendants move the court to reconsider its earlier order denying the parties' cross-motions for summary judgment on plaintiff's claims under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (the "CFAA"). See Order of March 30, 2012 (document no. 138). The motion [*2] is granted in part and denied in part. And, for the reasons discussed, judgment as a matter of law shall be entered in favor of defendants Cheryl Moore and Glenn Littell on count one of the hospital's amended complaint. In all other respects, defendants' motion for reconsideration is denied.
That portion of the CFAA currently at issue provides as follows: "Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer" shall be exposed to both criminal penalties and civil liability. 18 U.S.C. § 1030(a)(2)(C) (emphasis supplied). See also 18 U.S.C. § 1030(g). In their motion for reconsideration, defendants ask the court to resolve a legal question previously identified, but not fully briefed: Whether violating an employer's computer use policy - as opposed to circumventing its computer access restrictions - gives rise to liability under that provision of the CFAA. Defendants urge a narrow construction of the statutory language that would impose liability only when one circumvents computer access restrictions.
Defendants' argument invokes the Ninth Circuit's recent en banc decision in United States v. Nosal, 676 F.3d 854 (9th Cir. 2012), [*3] in which the court held that, "the phrase 'exceeds authorized access' in the CFAA does not extend to violations of use restrictions." Id. at 863. Rather, the court concluded that "the plain language of the CFAA targets the unauthorized procurement or alteration of information, not its misuse or misappropriation." Id. (citation and internal punctuation omitted). See also Orbit One Communications, Inc. v. Numerex Corp., 692 F. Supp. 2d 373, 385 (S.D.N.Y. 2010) ("The plain language of the CFAA supports a narrow reading. The CFAA expressly prohibits improper 'access' of computer information. It does not prohibit misuse or misappropriation. . . . [T]he statute as a whole indicates Congress's intent to prohibit access of a computer without authorization, not an employee's misuse of information that he or she was entitled to access or obtain.").
In other words, the Court of Appeals for the Ninth Circuit concluded that the CFAA does not address the situation in which someone "has unrestricted physical access to a computer, but is limited in the use to which he can put the information." Nosal, 676 F.3d at 857. And, one "exceeds authorized access" under the CFAA if he or she is "authorized to [*4] access only certain data or files but accesses unauthorized data or files - what is colloquially known as 'hacking.'" Id. 1
Full case includes Shepard's, Headnotes, Legal Analytics from Lex Machina, and more.
2012 U.S. Dist. LEXIS 90446 *; 2012 DNH 112
Wentworth-Douglass Hospital, Plaintiff v. Young & Novis Professional Association d/b/a Piscataqua Pathology Associates; Cheryl C. Moore, M.D.; Glenn H. Littell, M.D.; and Thomas Moore, M.D., Defendants
Notice: NOT FOR PUBLICATION
Prior History: Wentworth-Douglass Hosp. v. Young & Novis Prof'l Ass'n, 2012 U.S. Dist. LEXIS 44664 (D.N.H., 2012)
amended complaint, authorization, restrictions, alleges, unauthorized, Defendants', circumvented, violations, employees, accessed, use restriction, confidential, exceeds, storage