Company may be liable under Computer Fraud and Abuse Act for targeting and directing competitor’s employee to violate the Act

Binary Semantics Limited v. Minitab, Inc., No. 07-1750, 2008 WL 763575 (M.D. Pa. March 20, 2008)

Plaintiff Binary Semantics Limited is a company with expertise in promoting and selling software in India. Defendant Minitab, Inc. is a software development company that for several years had an agreement with Binary whereby Binary would promote and sell Minitab’s software in India. Minitab eventually decided that it would eliminate Binary’s services and sell directly in the Indian market.

Minitab allegedly contacted several of Binary’s employees and induced them to turn over some of Binary’s trade secrets and other information that would help Minitab hold its own in India. One of these Binary employees was a woman named Asha.

Asha

After Asha turned over the information to Minitab, Binary filed suit against Minitab, some of Minitab’s employees, and Asha, alleging, among many other things, violation of the Computer Fraud and Abuse Act, 18 U.S.C. ยง1030 (“CFAA”). Minitab moved to dismiss the CFAA claim pursuant to FRCP 12(b)(6), arguing that none of its employees had violated the Act, but that Binary’s own employee, Asha, had. The court denied the motion to dismiss as to the CFAA claim.

Binary was required to plead four elements under the CFAA: (1) that Minitab accessed a protected computer, (2) without authorization or by exceeding such authorization as was granted, (3) knowingly and with intent to defraud, and (4) as a result furthered the intended fraud and obtained something of value.

In denying the motion to dismiss, the court found that Binary’s allegations were sufficient to state a claim against Minitab, even though it was actually Asha’s conduct that allegedly brought about the offense. Specifically, the complaint alleged that Minitab targeted Asha and that Asha did indeed access a protected computer. Further, the information retrieved eventually made its way to Minitab.

It was not a situation where Minitab merely received the information from a protected computer. Rather, the complaint sufficiently alleged that the unauthorized access was an action undertaken at the direction of Minitab. Therefore, Minitab could be held liable for the conduct.