On March 20, 2015, a California federal court rejected an expansive reading of the Computer Fraud and Abuse Act (“CFAA”) urged by two plaintiff corporations that sought to hold a competitor and two of its directors liable under the CFAA, under an agency theory, for the actions of a former employee who allegedly downloaded and stole the corporations’ confidential trade secrets.

The plaintiffs, Koninklijke Philips N.V. and Philips Lumileds Lighting Company (“Lumileds”) are engaged in the business of Light Emitting Diode (“LED”) technology.  They alleged that Dr. Gangyi Chen, while employed, downloaded Lumileds’ trade secrets and confidential business information onto a portable storage device, then resigned and began working for a competitor in China, Elec-Tech International Co., Ltd. (“ETI”).  Six months after Dr. Chen began at ETI, in an amount of time that plaintiffs called unprecedented in the lighting industry, ETI announced two new high-energy LED lighting products.

The plaintiffs sued in federal court in California, bringing nine state law claims and one federal CFAA claim against various defendants, including Dr. Chen, ETI and two of ETI’s directors.  Plaintiffs’ CFAA allegations were that the defendants exceeded authorized access or otherwise accessed plaintiffs’ computers without authorization.  As against Dr. Chen, the allegations were that he directly accessed the data, but as to the other defendants, the allegations essentially were that Dr. Chen acted as an agent and a conduit through which the other agents gained unauthorized access to plaintiffs’ data.

In the decision in Koninklijke Philips N.V.  v. Elec-Tech International Co., Ltd. (N.D. Cal. March 20, 2015), the Court dismissed the CFAA claim, first holding that that Dr. Chen was authorized to access the information he allegedly stole from Lumileds, and therefore no CFAA claim was stated.  Second, the Court rejected plaintiffs’ indirect access theory of CFAA liability as to the other defendants, neatly summarizing its holding as follows:

If the Court accepted Plaintiffs’ argument here, that the mere pleading of an agency relationship between the insider and an outsider could render the outsider subject to liability under the CFAA, it would effectively federalize all trade secret misappropriation cases where parties use a computer to download sensitive or confidential trade secret information – which would be nearly every trade secret case nowadays, when companies maintain their files electronically rather than in physical cabinets.  Plaintiffs are really making a policy argument better directed to Congress instead of this Court, which must follow the clear direction from the Ninth Circuit as to who can and cannot be held liable under the CFAA.

While there have been efforts in Congress in recent years to pass a law creating a federal claim for trade secret misappropriation, Congress has not done so yet.  Until it does, this decision by the Northern District of California is a useful reminder that plaintiffs considering asserting claims under the “anti-hacking” CFAA must make sure that the facts fall within that statute’s relatively narrow confines.  If they do not, such plaintiffs likely will be limited to state law claims and remedies for trade secret misappropriation and the like, and probably will be constrained to proceed in state court, rather than federal court.

Back to Trade Secrets & Employee Mobility Blog

Search This Blog

Blog Editors

Authors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Trade Secrets & Employee Mobility posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.