In two decisions issued last week, the Ninth Circuit and Second Circuit interpreted three different federal statutes – the Computer Fraud and Abuse Act (CFAA), the National Stolen Property Act (NSPA), and the Economic Espionage Act (EEA) – in ways that narrowed federal prosecutors’ ability to charge former employees for stealing proprietary information from their companies.
According to the Ninth Circuit’s decision in United States v. Nosal, — F.3d —, 2012 WL 1176119 (9th Cir. Apr. 10, 2012), an employee does not always violate the CFAA by intentionally infringing his company’s computer-use policy. If an employee was authorized to access the information, and did not gain access through internal hacking, there is no criminal violation of the CFAA regardless of whether the employee misappropriated the information for his own use. Nosal creates a circuit split among the Ninth Circuit on one hand, and the 11th, Fifth, Seventh, and First Circuits on the other. The complete decision, and the written dissent, can be found here.
One day after Nosal, the Second Circuit further narrowed the government’s ability to prosecute trade secret theft. In United States v. Aleynikov, — F.3d —, 2012 WL 1193611 (2d Cir. Apr. 11, 2012), the Second Circuit held that Aleynikov’s conduct was beyond the scope of the NSPA when he misappropriated Goldman Sachs’ proprietary source code for high frequency trading because the source code consisted of “purely intangible property,” and not “goods, wares, merchandise, securities or money.” The court readily acknowledged that its decision might be different if Aleynikov had copied the code on an inexpensive flash drive or CD when he left Goldman. The court also held that Aleynikov’s theft was not an offense under the EEA because the computer source code “was not designed to enter or pass in commerce, or to make something that does.” Accordingly, Aleynikov’s conviction and eight-year prison sentence were overturned.
It is widely anticipated that the Supreme Court will soon weigh in on the contours of these criminal statutes, or that Congress will clarify their scope. Until then, the Department of Justice – at least in the Ninth and Second Circuits – will be unable to use the CFAA, the NSPA, and the EEA to prosecute theft of trade secrets unless the information was obtained by hacking, consisted of more than intangible property, or was designed to enter or pass in commerce.