4th Circuit: "Improper use of information validly accessed" is Not a CFAA Violation

If a current employee, who is otherwise authorized to use her employer’s computer systems, uses her access to download trade secrets with the intention of competing against the company, does that employee violate the Computer Fraud and Abuse Act by “exceed[ing] authorized access” to protected computers, or by accessing her company’s computers “without authorization”?

We have a developing circuit split on this question!

One view, invoked by the 7th Circuit in International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006), holds that once an employee breaches the duty of loyalty, that malformed intent terminates all authorization to the employer’s computers, rendering the subsequent act of downloading a CFAA violation.

The opposite view was discussed on this blog earlier this year, when I wrote about the 9th Circuit’s decision in United States v. Nadal, 676 F.3d 854 (9th Cir. 2012).  In Nadal, the 9th Circuit (rather humorously) held that this scenario does not describe a CFAA violation because the employee in this scenario does in fact have a valid authorization to use the company’s computers, and this authorization had never been revoked.  The 9th Circuit held that these prohibitions in CFAA were intended to cover only hacking–i.e., those to gain entry to the company’s systems from the outside (without any authorization at all), or those who poke around from the “inside” by accessing files and folders that are beyond the scope of their authorization.

We have a new Circuit chiming in on this question–the 4th Circuit.  In its new opinion in WEC Carolina Energy Solutions v. Miller, the 4th Circuit has joined the 9th Circuit, holding that employees who download their company’s trade secrets are not, by that act alone, violating CFAA:

With respect to the phrase, “without authorization,” the CFAA does not define “authorization.” Nevertheless, the Oxford English Dictionary defines “authorization” as “formal warrant, or sanction.” Oxford English Dictionary (2d ed. 1989; online version 2012). Regarding the phrase “exceeds authorized access,” the CFAA defines it as follows: “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” [18 U.S.C.] § 1030(e)(6).

Recognizing that the distinction between these terms is arguably minute…, we nevertheless conclude based on the “ordinary, contemporary, common meaning,” see Perrin v. United States, 444 U.S. 37, 42 (1979), of “authorization,” that an employee is authorized to access a computer when his employer approves or sanctions his admission to that computer. Thus, he accesses a computer “without authorization” when he gains admission to a computer without approval. [Citation]. Similarly, we conclude that an employee “exceeds authorized access” when he has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access. See id. Notably, neither of these definitions extends to the improper use of information validly accessed.  [Ed. note: emphasis is mine]

And, for clarity’s sake, the 4th Circuit went out of the way to expressly reject the Seventh Circuit’s “cessation-of-agency” theory – the idea that once the employee breaches the duty of loyalty all authorization is lost:

Such a rule would mean that any employee who checked the latest Facebook posting or sporting event scores in contravention of his employer’s use policy would be subject to the instantaneous cessation of his agency and, as a result, would be left without any authorization to access his employer’s computer systems.

The 9th Circuit’s parade of horribles was far more entertaining, but there is something to be said for brevity.

Image: freedigitalphotos.net

Buying a Company That Uses Noncompetes? Better Read Those Agreements Carefully…

This morning, the Ohio Supreme Court has held, in a long-awaited decision, that noncompetition agreements that lacked assignment and successorship language did indeed transfer “by operation of law” to an LLC that was the product of a series of mergers and similar transactions.

However, it was a pyrrhic victory, since the Supreme Court also held that this LLC could only enforce what it acquired “as written,” and what it had acquired in this instance were worthless covenants that had expired long ago and that by their terms could only be enforced by the original signatory entity.

The case is Acordia of Ohio, LLC v. Fishel.

The noncompetition agreement in question had stated that the employees who signed them could not engage in certain acts of competition “[f]or a period of two years following termination of employment with the company for any reason.” [Ed. note – emphasis is both mine and the Court’s]. Each agreement defined “the company” as being simply the particular company that the employee worked with at the time. None of the agreements had language stating that successors or assignees could enforce them.

The Supreme Court held that the lack of successorship or assignment language in the documents did not preclude the agreements from transferring to the successor entity (affectionately referred to as “the L.L.C.” throughout the Supreme Court’s opinion) “by operation of law”:

Because the statute [Ohio Rev. Code 1701.82] specifies that the new company takes over all the previous company’s assets and property postmerger, it is clear that employee contracts transfer to the resulting company. In this case, the employees’ contracts came under the control of the L.L.C. after it merged with Acordia, Inc. Because the statute specifies that the new company takes over all the previous company’s assets and property postmerger, it is clear that employee contracts transfer to the resulting company. In this case, the employees’ contracts came under the control of the L.L.C. after it merged with Acordia, Inc.

But what, exactly, did this LLC inherit? According to the Supreme Court, not much. It inherited only the ability to enforce the agreements “as written.” And in this case, that amounted to practically nothing.

As noted, the agreements contained no language that contemplated enforcement of the covenants by successors or assignees. Instead, they provided that only the signatory “company” could enforce them. The Supreme Court held that this language meant what it said. The LLC argued that, regardless, it should be able to jump “into the shoes” of the former entity and enforce the covenants based on Ohio corporation law. The Supreme Court said no, since this would “require a rewriting of the agreements”:

the L.L.C. may not enforce the noncompete agreements as if the L.L.C. had stepped into the shoes of the company that originally contracted with the employees. Appellant’s proposed outcome would require a rewriting of the agreements. By their terms, the noncompete agreements are between only the employees and the companies that hired them.

And to twist the knife, the Supreme Court held that even if the agreements had contained language allowing successors or assignees to enforce the noncompetition covenants in addition to the signatory “company,” the covenants had expired. By their terms, all of the covenants had begun to run when employment with the signatory “company” ended, and by necessity, all employment with each of these signatory “companies” had ended when the entities themselves had ceased to exist:

Because the noncompete agreements transferred to the L.L.C. upon completion of the merger, the L.L.C. obtained the right to enforce the agreements as written. In other words, the employees were unable to compete with the L.L.C. for the two years following their termination from the “company” with which they each had signed their respective noncompete agreements.

In this case, the termination, or complete severance of the employer-employee relationship, occurred when the company with which the employee agreed not to compete ceased to exist, an event triggered by merger. The triggering event for Fishel, Freytag, and Taber occurred when Acordia of Cincinnati, Inc. merged with other Ohio companies to become Acordia of Ohio, Inc. in December 1997. Consequently, their noncompete periods expired in December 1999. The triggering event for Diefenbach occurred when Acordia of Ohio, Inc. merged with the L.L.C. in December 2001. Her noncompete period accordingly expired in December 2003. Because the employees’ noncompete January Term, 2012 periods had all expired before their resignations from the L.L.C. and subsequent employment with Neace Lukens, the L.L.C. had no legal right to enforce the noncompete agreements against the employees. [Ed. note – emphasis is mine.]

Whoops.

The lesson here is rather obvious. If your company uses noncompetition agreements (or some similar type of post-employment restriction), best check to make sure that assignees and successors are explicitly given rights of enforcement. You may also want to check to see how your agreements “start the clock” on post-employment restrictions, lest those restrictions expire before the employee is even out the door.

Ohio Court: Employer Not Entitled to Appeal Denial of Preliminary Injunction in Trade Secrets Case

If you sue some former sales employees for absconding with customer information and violating non-solicitation agreements (how dare they!) and then you ask a judge to issue a “preliminary injunction” to stop those former employees in their tracks while your lawsuit is pending, and the judge says “no,” you can appeal, right?

In Ohio, the answer appears to be: not necessarily. Or, that’s the answer according to a new Ohio decision, Wells Fargo Insurance Services USA, Inc. v. Gingrich. (No, not that Gingrich.) Whether or not you get an immediate appeal – or you have to wait until the entire stinking lawsuit is over to appeal – depends on whether or not you can prove

Ohio’s rules will, under certain circumstances, allow for an immmediate appeal from the denial of a motion for preliminary injunction, but one of the requirements that must be met is that the putative appellant must show that he or she “would not be afforded a meaningful or effective remedy by an appeal following final judgment as to all proceedings, issues, claims, and parties in the action.”

And therein lies the problem in the Gingrich case. The appealing party in that case was complaining about three departed former brokers who were soliciting “a very specific discreet [sic] book of business.” (Aside: I think they meant “discrete,” rather than “discreet,” though I have no doubt that the particular customers in question behaved as discreetly as circumstances may have warranted. But I digress…)

Their former managing director claimed that he had “no idea how many” of this customers in this book had already been targeted and also had no clue “what that business will evolve to” in the future.

Not enough, according to the Court. The Court discussed a couple of other earlier Ohio cases where interlocutory appeals had been allowed, but noted that in those other cases, the appealing parties had been able to produce actual evidence of the impending doom they faced absent an appeal. In this case, all that was offered was, for the most part, speculation, which isn’t really evidence of anything, especially since we were still only dealing with a discreet (discrete?) group of customers:

Wells Fargo is only seeking to enjoin Gingrich, Smittle, and Nixon from soliciting business from a limited number of select customers for which they acted as brokers, or, as Wells Fargo stated at the preliminary injunction hearing, “a very specific discreet book of business.” In turn, while its managing director did testify that there was no way to quantify its losses for it has “no idea how many of [these customers] they are calling on today” and are unable to determine “what that business will evolve to,” the lost revenue resulting from the departure of any one these customers is easily calculable by using a standard industry multiplier. As a result, because any losses to Wells Fargo can be remedied by money damages at the conclusion of the case, so too can any losses that it may incur during the pendency of the case.

Ergo, since Wells Fargo could be made whole by a single check, there was no need to bother the Court of Appeals with an interlocutory appeal.

Ohio Court: Client List Was Not a Trade Secret

An Ohio court of appeals has held that a company’s roster of clients was not a trade secret, and for this reason, it has thrown out a preliminary injunction against several former employees of a bookkeeping company who had been accused of misappropriating trade secrets and stealing some of those clients.

Really?  A client list, not a trade secret?

It turns out that all lists of clients are not made equal. Some contain only a naked roster of company names. Others contain a myriad of details about clients that are clearly the fruits of years of interpersonal contacts: names of key contact persons, direct dial numbers, email addresses, names of kids, etc.  It is these latter chestnuts that are the “value in a client list,” according to the Court:

The company typically has spent many hours of labor and interaction to develop the information reflected in [this type of] list, and disclosure to a competitor grants the competitor a tremendous advantage in not having to spend the time and money to develop that same information.

Unfortunately for the plaintiff in this case, its client list was of the former kind–just a list of company names. That’s it.  According to the court, this raw list of client names had insufficient value to warrant any kind of trade secret protection.

There was also the additional problem that the company did little to keep even this bare list a secret:

• The company had “sponsored a social gathering for clients, spouses, and employees,” and in doing so, “made known to all present at least some of the names on its client list”
• The company “allowed the names of clients to be placed on the reception desk where the public had full access to them.”
• The company allowed some clients to “walk unescorted through the office where the names of other clients were displayed” in various locations.
• The company “allowed a tax consulting business in the same building to share client files and to have access to [company] computers. In that regard, the testimony indicated the office door was left open on some Saturdays in tax season, allowing persons to enter the offices where client names were displayed and to attempt access to the receptionist’s computer.”  [Ed. note–wow].

Finally, there was no evidence that the particular former employees in question had taken any list at all.  They testified instead that they simply “remembered the names of some of the clients.”

Add all this up, and the court concluded that the departing employees had not really taken anything (much less anything of value), and that whatever they did take with them in their brains, it was not entitled to trade secret protection.  Trade secrets get protection only when they are, in fact, secrets, and when that secrecy has value.  According to the Court, neither was the case here.

The case is Columbus Bookkeeping & Business Services, Inc. v. Ohio State Bookkeeping, LLC.

1st Circuit: Bad Drafting Renders Noncompetition Agreement Unenforceable

Corporate successorship scenarios have invalidated many noncompetition agreements.  The latest agreements to fall victim to a successorship scenario are the ones at issue in the First Circuit new opinion in OfficeMax, Inc. v. Levesque, 1st Cir No 10-2423.  In OfficeMax, the First Circuit held that a successor employer could not enforce a noncompete because, by its terms, it expired more than a decade earlier.  Whoops:

In the early 1980s, the appellants were employed by a small company called Fitzgerald Office Supplies.  In 1994, Fitzgerald became Loring, Short and Harmon (“LS&H”).  In February 1996, Boise Cascade Office Products Corporation (“BCOP”) purchased all of LS&H’s shares.  In anticipation of the purchase, BCOP asked LS&H to solicit Confidential Information and Noncompetition Agreements … from the appellants….

Among other things. the agreements bound the appellants to refrain from disclosing confidential information or trade secrets acquired during employment at LS&H.  Most important for the purpose of this dispute, Paragraph 4 of the agreements states in relevant part:

“For a period of 12 months after termination of my employment with LS&H, I will not … engage in the sale or distribution of office supplies … within sixty (60) miles of any county in which I performed services for LS&H in the 12 months prior to my termination of employment…” [emphasis in court’s opinion]

The agreements also contained clauses allowing BCOP and its successors to enforce the agreement in the event BCOP acquired LS&H (which it did), and cautoined the appellants that they might be required new agreements in favor of BCOP that were substantially similar.

The First Circuit held that, by the plain language of these noncompetes, the 12-month noncompetition period began running when LS&H ceased to exist in 1996, and expired in 1997, and were thus no longer enforceable:

Paragraph 4 sets “termination of employment with LS&H” as the triggering event for the running of the noncompetition agreement.  Both BCOP and LS&H were aware of the imminence of the share sale, and yet Paragraph 4 refers solely to employment with LS&H, rather than termination of employment with LS&H or any of its successors or assigns.  The plain language of this provision sets the completion of employment with LS&H, and solely LS&H, as the triggering event for the running of the noncompetition period [emphasis in court’s opinion]

To underscore this conclusion, the court also noted that the langauge reminding employees that BCOP might require new noncompetition agreements underscored this conclusion; “if the appellants owed a duty not to compete for one year after their termination from BCOP, there would be no reason for BCOP to seek new noncompetition agreements of ‘substantially the same form’ as the agreements between the employees and LS&H, as BCOP would have all of the same benefits under the contract that LS&H had initially acquired.”

In other words, the noncompetes were poorly drafted, and BCOP (and, by extension, OfficeMax) did not have the contract rights it thought it had.

OH Court: Trial Court Erred by Invalidating Noncompete for Oncologist

An Ohio Court of Appeals (Third Appellate District) has reversed a trial court’s refusal to enforce a covenent not to compete against an oncologist.  The case is Owusu v. Hope Cancer Center, 3d Dist No 1-01-81.

The noncompete in question would have banned Dr. Owusu from working as an oncologist in his former employer’s “primary service area.”  The agreement did not define that phrase, and the trial court had invalidated the noncompete for this reason, finding it to be ambiguous.  The court of appeals reversed, stating that the contract was not ambiguous, because trial court was required to have given heed to industry terms of art when construing the contract’s language, and in this case, the phrase “primary service area” is (apparently) commonly used and has an easily-ascertainable meaning in the hospital industry.

The court of appeals also found that the fact that this covenant not to compete took an oncologist off the shelf did not render it injurious to the public, since there was evidence of an apparent plethora of oncologists in and around Allen County, Ohio.

OH Court: Former Employer Not Entitled to Summary Judgment in Trade Secret, Noncompete Case

An Ohio court of appeals (First Appellate District) has reversed a trial court’s grant of summary judgment to the former employer of a physician, finding that there were genuine issues of material fact regarding whether or not the physician actually used or disclosed trade secrets, and regarding whether or not the physician’s noncompete became void because he had left his employment for “cause.”

The essential problem with what the trial court had done, according to the Court of Appeals, was that it had blown by the physician’s own evidence and testimony and simply accepted the employer’s version of the events as the truth.

Also of note was the fact that the Court of Appeals found that the noncompete itself – which kept a doctor on the shelf – was still reasonable, even though it pertained to a physician.  The noncompete lasted for one year and would have banned the doc from working within 5 miles of his former employer’s hospitals.

The case is Riverhills Healthcare Inc. v. Guo, Ohio App. 1st Dist. No. C-100781.