“When a former employee uses a customer’s working log-in credentials to access his former employer’s scripts, are he and the customer hackers?” No ruled a federal court which denied that the defendants violated the US Computer Fraud and Abuse Act (CFAA) and California Computer Data Access And Fraud Act (CDAFA).
In January 2013 US Magistrate Judge Paul Grewal (Northern District of California, San Jose) ruled in Enki Corporation v. Freedman et al, that Enki failed to properly allege a violation of the CFAA:
Because Enki’s complaint fails to allege that Defendants had no access rights to Enki’s scripts, and indeed the documents upon which it relies reveal that Defendants had certain access rights, their CFAA claim must be DISMISSED for failure to state a claim.
The claim of violation of the CDAFA was dismissed by Magistrate Judge Grewal since Enki’s complaint failed to allege that the defendants “overcame any technical barrier in order to view and copy its proprietary information.”
However the case is not over since Enki also alleged violation of other California laws and Enki has until February 23, 2014 to amend its complaint to better allege violations of the CFAA and CDAFA.
Computerworld reported courts around the US are not uniform in ruling on violations of the CFAA, so ultimately perhaps the US Supreme will consider the CFAA or Congress may modify the law.