Arming Employers Against Internal Hackers, the 11th Circuit Clarifies CFAA’s “Loss” Requirement

Carol Mongtgomery of Butler Snow LLP writes:

The Eleventh Circuit ruled last week in a wrongful discharge turned Computer Fraud and Abuse Act (“CFAA”) case, spinning the employee’s case against his employer on its head. The facts of Brown Jordan International, Inc. v. Carmicle stemmed from the employment of Christopher Carmicle by Brown Jordan, a furniture manufacturer. Carmicle was an executive at Brown Jordan, but his relationship with the company deteriorated with the hiring of a new CEO, Gene Moriarty. Moriarty had doubts about Carmicle based on excessive entertainment expenses, and Carmicle, in turn, had doubts about Moriarty’s trust in him.

In the year prior to Carmicle’s termination, Brown Jordan switched to a new email service. This switch (and the corresponding provision of a generic password—Password1—to all employees) was what Carmicle used to investigate his suspicions of Moriarty and others. Over the course of several months, Carmicle repeatedly hacked into the accounts of Brown Jordan employees, including his superiors, and took hundreds of screenshots on his personal iPad.

Read more on JDSupra.

Update: More on this case and opinion from Proskauer, the law firm that represented the employer.

About the author: Dissent