Computer Fraud Cases

After a two-week trial before United States District Court Judge Edward Chen of the Northern
District of California, David Nosalthe named defendant in the seminal Ninth Circuit
case, United States v. Nosalwas convicted of three counts of violating the Computer Fraud and
Abuse Act ("CFAA").
1
Mr. Nosal's conviction demonstrates that, despite the Ninth Circuit's
narrow interpretation of the "exceeds unauthorized access" element of the CFAA, the CFAA is
still a useful tool to prevent trade secret misuse.
CFAA Allegations Against Nosal

Mr. Nosal's road to trial neatly illustrates the shifting scope of the CFAA. The CFAA imposes both
criminal and civil liability on a person who "intentionally accesses a computer without
authorization" or "exceeds authorized access" in using a computer, thereby obtaining
"information" from a computer that is "used in or affecting interstate or foreign
commerce."
2
The CFAA is often used in civil litigation as a tool in combination with state law
trade secret claims to prevent the misuse of trade secrets and to obtain federal court
jurisdiction over such a dispute.

In 2004, Mr. Nosal left the executive search firm Korn/Ferry International and was found to have
persuaded current and former employees of the firm to download confidential information from
the company's computers and transfer the information to Mr. Nosal to help him start a
competing business. After an investigation of Mr. Nosal's conduct that stemmed from an email
from Mr. Nosal intercepted by the FBI, he and some of the employees who assisted him in the
transfer of information were indicted. The indictment against Mr. Nosal alleged two categories
of CFAA violations. Counts 2 and 4-7 alleged that current employees of Korn/Ferry accessed the
company's internal database and disclosed competitively sensitive information to Mr. Nosal (the
"Insider Counts"). Counts 3 and 8-9 alleged that former employees of Korn/Ferry, including
Becky Christian, used a current employee's password to access Korn/Ferry's "Searcher" database
and provide Mr. Nosal with confidential source lists (the "Outsider Counts"). The government
brought a total of eight criminal counts against Mr. Nosal under the CFAA, accusing him of
"aiding and abetting the Korn/Ferry employees in 'exceed[ing] authorized access with intent to
defraud.'"
3


The Long Road to Trial

The case against Mr. Nosal was filed in the United States District Court for the Northern District
of California in 2008. In 2009, in LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009), the
Ninth Circuit limited the scope of the CFAA and held that the term "exceeds authorized access"
does not apply to an employee who is authorized to access a computer, but uses the computer
in a manner contrary to his employer's interests.

After the Ninth Circuit's ruling in Brekka, Mr. Nosal moved to dismiss the CFAA violations. In
2010, the district court dismissed the Insider Counts, finding that, because current employees
had accessed their employer's information "withauthorization," they did not "exceed authorized
access."
4
However, the district court declined to dismiss the Outsider Counts, recognizing that
those counts "presented more complicated questions" because the indictment alleged that
former employees, who no longer had access to the database, obtained access to the database
and misused confidential information.
5


The government appealed the dismissal of the Insider Counts. Initially, a three-judge panel on
the Ninth Circuit reinstated those counts, but after the Ninth Circuit heard the decision en
banc in 2012, the district court's dismissal of the five Insider Counts was affirmed. There, the
Ninth Circuit held that the phrase "exceeds authorized access" in the CFAA is "limited to
violations of restrictions on access to information, and not restrictions on its use."
6
The court
expressed concern about transforming the CFAA into an "expansive misappropriation statute,"
finding that the purpose of the statute was to "punish hackingthe circumvention of
technological access barriersnot misappropriation of trade secrets." Id.

In United States v. Morris, a case prosecuted under a previous version of the CFAA that
punished intentionally accessing a Federal interest computer without authorization, Morris
spread a program known as a worm that affected computers across the country and caused
damage. U.S. v. Morris, 928 F.2d 504 (2d Cir. 1991) (Internet worm violated CFAA). Morris
argued that he had merely exceeded his authorized access and not accessed the computers
without authorization. The court noted that Congress did not mean to insulate from liability the
person authorized to use computers at the State Department who causes damage to computers
at the Defense Department. Id at 511. Further, the court goes on to state that, Congress did
not intend an individual's authorized access to one federal interest computer to protect him
from prosecution, no matter what other federal interest computers he accesses. Id. As such,
they found that Morris was acting without authorization.

U.S. v. Czubinski, 106 F.3d 1069 (1st Cir. 1997) (unauthorized browsing of computer files did not
violate CFAA)

Defendant was convicted of wire fraud and computer fraud by the United States District Court
for the District of Massachusetts, Nathaniel M. Gorton, J., and Robert B. Collings, United States
Magistrate Judge. Defendant appealed. The Court of Appeals, Torruella, Chief Judge, held that:
(1) interstate transmission element of wire fraud could be inferred from circumstantial evidence
that defendant's searches of master taxpayer files caused information to be sent to his
computer terminal in different state; (2) defendant's unauthorized browsing of confidential
taxpayer information did not defraud Internal Revenue Service (IRS) of its property within
meaning of wire fraud statute; (3) defendant's unauthorized browsing of confidential taxpayer
information did not deprive taxpayers of their intangible, nonproperty right to honest
government services; and (4) defendant could not be convicted of computer fraud in connection
with his browsing of confidential taxpayer files.

EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001)

Tour company sued competitor and individual executives of competitor, alleging that
competitor's use of scraper software program to systematically glean company's prices from
its website violated Computer Fraud and Abuse Act (CFAA), Copyright Act, and Racketeer
Influenced and Corrupt Organizations Act (RICO). Company moved for preliminary injunction on
CFAA claim. The United States District Court for the District of Massachusetts, Lasker, Senior
District Judge, granted injunction, and competitor appealed. The Court of Appeals, Coffin, Senior
Circuit Judge, held that: (1) use of scraper program exceeded authorized access within
meaning of CFAA, assuming program's speed and efficiency depended on executive's breach of
his confidentiality agreement with company, his former employer, and (2) company's payment
of consultant fees to assess effect on its website was compensable loss under CFAA.

Pinnacle Ins. Solutions, LLC v. Kolbe, 2014 WL 1272212 (D. N.J. Mar. 27, 2014)

Company insider is accused of passing sensitive information to competitor, directing potential
clients away from employer and impugning employers reputation. Insider resigns.

Former employer sued in state court on several state law claims and then subsequently sued in
federal court for violating the Computer Fraud and Abuse Act along with additional state law
and federal law claims.

Defendants moved for dismissal of the federal case requesting that the federal court abstain
from considering the complaint under the Colorado River doctrine. After determining the cases
were parallel proceedings, the court examined the Colorado River factors and determined that
the state court could appropriately adjudicate all of the claims at issue while protecting the
plaintiffs interests and granted the motion to dismiss.

CEO Bernard Ebbers became very wealthy from the increasing price of his holdings in WorldCom
common stock.
[5]
However, in the year 2000 the telecommunications industry was in decline.
WorldComs aggressive growth strategy suffered a serious setback when, in July 2000, it was
forced by the U.S. Justice Department to abandon its proposed merger with Sprint.
[5]
By that
time, WorldComs stock price was decreasing and banks were placing increasing demands on
Ebbers to cover margin calls on his WorldCom stock that were used to finance his other
businesses (timber and yachting, among others).
[5]
In 2001, Ebbers persuaded WorldComs
board of directors to provide him corporate loans and guarantees in excess of $400 million to
cover his margin calls.
[5]
The board hoped that the loans would avert the need for Ebbers to sell
substantial amounts of his WorldCom stock, as his doing so would result in a further decrease of
the stock's price, however, this strategy failed. In April 2002, Ebbers resigned as CEO and was
replaced by John Sidgmore, former CEO of UUNET Technologies, Inc.

Beginning modestly during mid-1999 and continuing at an accelerated pace through May 2002,
the companydirected by Ebbers (as CEO), Scott Sullivan (CFO), David Myers (Controller) and
Buford "Buddy" Yates (Director of General Accounting)used fraudulent accounting methods to
disguise its decreasing earnings to maintain the price of WorldComs stock.
[5]


The fraud was accomplished primarily in two ways:
a. Booking "line costs" (interconnection expenses with other telecommunication companies)
as capital expenditures on the balance sheet instead of expenses. And;
b. Inflating revenues with bogus accounting entries from "corporate unallocated revenue
accounts".

In 2002, a small team of internal auditors at WorldCom worked together, often at night and
secretly, to investigate and reveal $3.8 billion worth of fraud.
[6][7][8]
Soon thereafter, the
companys audit committee and board of directors were notified of the fraud and acted swiftly:
Sullivan was dismissed, Myers resigned, Arthur Andersen withdrew its audit opinion for 2001,
and the U.S. Securities and Exchange Commission (SEC) began an investigation into these
matters on June 26, 2002 (see accounting scandal). Sidgmore was instrumental in turning
around the ailing company and in revealing Ebbers' fraud to regulators. Sidgmore died suddenly
in December 2003 from acute pancreatitis.

By the end of 2003, it was estimated that the company's total assets had been inflated by about
$11 billion.
[5]
This made the WorldCom scandal the largest accounting fraud in American history
until the exposure of Bernard Madoff's $64 billion Ponzi scheme in 2008.

Peregrines case
In 2004, a federal grand jury issued an indictment charging eight former executives of Peregrine
Systems, Inc., one former outside auditor of Peregrine, and two outside business partners of
Peregrine, with conspiracy to commit a multi-billion dollar securities fraud. The case resulted
from an investigation by the Federal Bureau of Investigation, and the Securities and Exchange
Commission had pursued a parallel civil enforcement action.[10]

In 2003, the U.S. Securities and Exchange Commission charged Peregrine with "massive financial
fraud" for the purposes of inflating the company's revenue and stock price.[11] Peregrine,
without admitting or denying the allegations of the complaint, agreed to a partial
settlement.[11]

Peregrine filed suit against its auditor Arthur Andersen in 2002 for $1 billion in damages, for
allegedly allowing incorrect audits that overstated revenues by as much as $250 million to be
filed for the 2000-2002 fiscal years.[12] In 2003, the former Peregrine CFO, Matthew Gless, pled
guilty to fraud charges.[13][14] In 2008, the former Peregrine CEO, Stephen Gardner, was
sentenced to eight years and one month in prison for his role in the fraud, which resulted in
bankruptcy for the company.[15][16] Although former chairman of the board, John Moores, sold
more than $800 million of shares during Peregrine's fraudulent period, the court of appeals
determined that there was insufficient evidence that Moores knew about the fraud that led to
the companys bankruptcy