957 F. Supp. 2d 610
E.D. Pa.2013Background
- Jones and King were Dresser-Rand managers who, shortly before resigning in Feb 2010, copied thousands of company files from their issued laptops to external drives; those files were later transferred to Global Power computers.
- Wadsworth incorporated Global Power and was its president; Jones and King became employees of Global Power and sent Dresser-Rand documents to Wadsworth, who reviewed/edited some attachments.
- Dresser-Rand had written policies and an on‑login legal notice limiting use of company systems and prohibiting unauthorized disclosure, but did not point to technical access restrictions preventing copying.
- Dresser-Rand sued under the CFAA (18 U.S.C. § 1030(a)(4)) alleging unauthorized or excess access, plus related state claims; defendants moved for partial summary judgment on the CFAA counts.
- The court applied the “narrow” view of CFAA authorization (adopted by the Ninth and Fourth Circuits) and analyzed whether defendants accessed protected computers without authorization or exceeded authorized access.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether Wadsworth "accessed" Dresser‑Rand computers under the CFAA | Wadsworth viewed/edited Dresser‑Rand documents he received and thus is liable because he obtained protected computer information | Wadsworth never accessed Dresser‑Rand computers or network — only viewed attachments on his own system | Court: No CFAA access by Wadsworth; summary judgment for Wadsworth granted |
| Whether Jones and King “exceeded authorized access” by downloading files to external drives | They misused authorized access by copying files in violation of policies and to benefit Global Power, so they exceeded authorization | They had usernames/passwords and employer-approved access to their laptops and no technical restriction on copying; policies regulate use, not access | Court: Under narrow interpretation, they were authorized to access and copy files while employed; CFAA claim fails; summary judgment for Jones and King granted |
| Whether King’s statement that he “shit canned” his laptop supports a CFAA claim for deletion | Deleting files before turnover shows exceeding access and destruction of protected data | No forensic evidence of destroyed files and no contractual/technical limit on deletion; deletion alone doesn’t show exceeding access | Court: Insufficient evidence that deletion exceeded authorized access; no CFAA liability on that basis |
| Whether Global Power is liable under CFAA via agency of Jones/King/Wadsworth | Global Power benefited and is liable because its principals acted for it in accessing/transferring files | No underlying CFAA liability exists for principals, so no basis to impute CFAA liability to Global Power | Court: CFAA claim against Global Power fails because claims against the individuals fail; summary judgment for Global Power granted |
Key Cases Cited
- P.C. Yonkers, Inc. v. Celebrations The Party and Seasonal Superstore, LLC, 428 F.3d 504 (3d Cir.) (elements of §1030(a)(4) laid out)
- U.S. v. Nosal, 676 F.3d 854 (9th Cir. en banc) (narrow interpretation: employer use policies cannot convert permitted access into criminally unauthorized access)
- WEC Carolina Energy Sols., LLC v. Miller, 687 F.3d 199 (4th Cir.) (applies narrow rule to employee copying before resignation)
- LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir.) (employee authorized to access when employer sanctioned admission)
- Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir.) (broader agency/loyalty‑based view — cited as contrasting approach)
- EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir.) (contract/intent‑based limitation on access)
- U.S. v. John, 597 F.3d 263 (5th Cir.) (access used to commit fraud can be unauthorized)
- U.S. v. Rodriguez, 628 F.3d 1258 (11th Cir.) (policy‑based limitation on access upheld)
