WEC Carolina Energy Solutions v. Willie Miller
687 F.3d 199
| 4th Cir. | 2012Background
- Miller resigned from WEC Carolina Energy Solutions in April 2010.
- Twenty days later Miller, at Arc’s direction, downloaded WEC confidential documents and emailed them to his personal email.
- Twenty days after leaving WEC, Miller used the downloaded information to make a presentation for Arc to a prospective WEC customer.
- The customer awarded two projects to Arc; WEC sued Miller, Emily Kelley, and Arc for CFAA and other state-law claims, and the district court dismissed the CFAA claim and declined jurisdiction over the state claims.
- WEC subsequently pursued the state-law claims in South Carolina state court.
- The Fourth Circuit reviews de novo a district court’s Rule 12(b)(6) dismissal.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Scope of CFAA: does policy violation trigger liability? | WEC argues CFAA liability extends to use-policy breaches. | Arc/Miller argue CFAA limits to access, not use policies. | The court adopts a narrow reading; CFAA does not reach use-policy violations. |
| Definition of authorization: when does 'without authorization' apply? | WEC contends access violated by policy breach constitutes unauthorized access. | Defendants contend authorization remains when access is otherwise granted. | Authorization is limited to access without approval; policy use does not create unauthorized access. |
| Exceeds authorized access: does it cover use of information beyond approved access? | WEC argues obtaining/using information beyond authorized scope violates CFAA. | Defendants argue CFAA targets access beyond approved access, not misuse of otherwise accessed information. | Exceeds authorized access applies only to information beyond the authorized access, not misuse of accessed information. |
| Arc liability for Miller and Kelley: can Arc be liable under CFAA? | WEC seeks Arc’s liability as agent for Miller and Kelley. | Arc contends there was no CFAA violation by Miller/Kelley attributable to Arc. | Because Miller/Kelley did not access a computer without authorization or obtain/alter beyond authorized access, Arc is not liable under CFAA. |
Key Cases Cited
- United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc reversal; interpretive debate on 'exceeds authorized access')
- United States v. Nosal, 642 F.3d 781 (9th Cir. 2011) (panel decision cited and reversed)
- Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006) (duty-of-loyalty approach to CFAA scope)
- United States v. Brekka, 581 F.3d 1127 (9th Cir. 2009) (authorizes access defined by employer; use policy not controlling)
- Leocal v. Ashcroft, 543 U.S. 1 (U.S. 2004) (strict construction of criminal statutes)
- Lanier, 520 U.S. 259 (U.S. 1997) (rule of lenity; strict construction applicable to criminal statutes)
- Perrin v. United States, 444 U.S. 37 (U.S. 1979) (interpretation based on ordinary meaning of terms)
- Crandon v. United States, 494 U.S. 152 (U.S. 1990) (textual accuracy in statutory interpretation)
- United States v. Universal C. I. T. Credit Corp., 344 U.S. 218 (U.S. 1952) (canon of avoiding harsh readings when language is unclear)