WEC Carolina Energy Solutions LLC v. Miller

• Decision Date: 26 July 2012
• Docket Number: No. 11–1201.,11–1201.
• Citation: 687 F.3d 199
• Parties: WEC CAROLINA ENERGY SOLUTIONS LLC, Plaintiff–Appellant, v. Willie MILLER, a/k/a Mike; Emily Kelley; Arc Energy Services Incorporated, Defendants–Appellees.
• Court: U.S. Court of Appeals — Fourth Circuit

687 F.3d 199

WEC CAROLINA ENERGY SOLUTIONS LLC, Plaintiff–Appellant,

v.Willie MILLER, a/k/a Mike; Emily Kelley; Arc Energy Services Incorporated, Defendants–Appellees.

No. 11–1201.

United States Court of Appeals,Fourth Circuit.

Argued: April 2, 2012.

Decided: July 26, 2012.

ARGUED:Kirsten Elena Small, Nexsen Pruet, LLC, Greenville, South Carolina, for Appellant. James William Bradford, Jr., Jim Bradford Law Firm, LLC, York, South Carolina; Brian S. McCoy, McCoy Law Firm, LLC, Rock Hill, South Carolina, for Appellees. ON BRIEF:Mark Gordon, Anthony J. Basinski, Pietragallo Gordon Alfano Bosick & Raspanti, LLP, Pittsburgh, Pennsylvania; Angus H. Macaulay, Nexsen Pruet, LLC, Greenville, South Carolina, for Appellant. Daniel H. Harshaw, Brice Law Firm, LLC, York, South Carolina, for Appellees.

Before SHEDD and FLOYD, Circuit Judges, and HAMILTON, Senior Circuit Judge.

Affirmed by published opinion. Judge FLOYD wrote the opinion, in which Judge SHEDD and Senior Judge HAMILTON joined.

OPINION

FLOYD, Circuit Judge:

In April 2010, Mike Miller resigned from his position as Project Director for WEC Carolina Energy Solutions, Inc. (WEC). Twenty days later, he made a presentation to a potential WEC customer on behalf of WEC's competitor, Arc Energy Services, Inc. (Arc). The customer ultimately chose to do business with Arc. WEC contends that before resigning, Miller, acting at Arc's direction, downloaded WEC's proprietary information and used it in making the presentation. Thus, it sued Miller, his assistant Emily Kelley, and Arc for, among other things, violating the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030.

The district court dismissed WEC's CFAA claim, holding that the CFAA provides no relief for Appellees' alleged conduct. We agree and therefore affirm.

I.

A.

In 1984, Congress initiated a campaign against computer crime by passing the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984. Pub.L. No. 98–473, 98 Stat. 2190. Shortly thereafter, in 1986, it expanded the Act with a revised version, the Computer Fraud and Abuse Act of 1986, Pub.L. No. 99–474, 100 Stat. 1213. Today, the CFAA remains primarily a criminal statute designed to combat hacking. A.V. ex rel. Vanderhye v. iParadigms, LLC, 562 F.3d 630, 645 (4th Cir.2009). Nevertheless, it permits a private party “who suffers damage or loss by reason of a violation of [the statute]” to bring a civil action “to obtain compensatory damages and injunctive relief or other equitable relief.” 18 U.S.C. § 1030(g). Notably, although proof of at least one of five additional factors is necessary to maintain a civil action, ¹ a violation of any of the statute's provisions exposes the offender to both civil and criminal liability.

Among other things, the CFAA renders liable a person who (1) “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer,” in violation of § 1030(a)(2)(C); (2) “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value,” in violation of § 1030(a)(4); or (3) “intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage[,] or ... causes damage and loss,” in violation of § 1030(a)(5)(B)-(C). Here, WEC alleges that Miller, Kelley, and Arc violated all three of these provisions.

B.

WEC and Arc are competitors, providing specialized welding and related servicesto the power generation industry. Both companies are incorporated in South Carolina and maintain their principal places of business in York County, South Carolina. Prior to April 30, 2010, WEC employed Mike Miller as a Project Director and Emily Kelley as his assistant. Both individuals now work for Arc.

When Miller worked for WEC, the company provided him with a laptop computer and cell phone, and authorized his access to the company's intranet and computer servers. According to WEC's complaint, “Miller had access to numerous confidential and trade secret documents stored on ... computer servers, including pricing terms, pending projects[,] and the technical capabilities of WEC.” To protect its confidential information and trade secrets, WEC instituted policies that prohibited using the information without authorization or downloading it to a personal computer. These policies did not restrict Miller's authorization to access the information, however.

On April 30, 2010, Miller resigned from WEC. WEC alleges that prior to resigning, Miller, at Arc's direction, “either by himself or by his assistant, Kelley, downloaded a substantial number of WEC's confidential documents” and emailed them to his personal e-mail address. WEC also alleges that Miller and Kelley downloaded confidential information to a personal computer. Twenty days after leaving WEC, Miller reportedly used the downloaded information to make a presentation on behalf of Arc to a potential WEC customer.

The customer ultimately awarded two projects to Arc. WEC contends that as a result of Miller's and Kelley's actions, it “has suffered and will continue to suffer impairment to the integrity of its data, programs, systems or information, including economic damages, and loss aggregating substantially more than $5,000 during a one-year period.”

In October 2010, WEC sued Miller, Kelley, and Arc, alleging nine state-law causes of action and a violation of the CFAA. Regarding its CFAA claim, WEC averred that Miller and Kelley violated the Act because “[u]nder WEC's policies they were not permitted to download confidential and proprietary information to a personal computer.” Thus, by doing so, they “breache[d] their fiduciary duties to WEC” and via that breach, they either (1) lost all authorization to access the confidential information or (2) exceeded their authorization. WEC sought to hold Arc liable because it claimed that Miller and Kelley undertook this conduct as Arc's agents.

Appellees moved for dismissal pursuant to Federal Rule of Civil Procedure 12(b)(6), and the district court held that WEC failed to state a claim for which the CFAA provided relief:

[I]n this case, WEC's company policies regulated use of information not access to that information. Thus, even if Miller and Kelley's purpose in accessing the information was contrary to company policies regulating use, it would not establish a violation of company policies relevant to access and, consequently, would not support liability under the CFAA.

WEC Carolina Energy Solutions, LLC v. Miller, No. 0:10–cv–2775–CMC, 2011 WL 379458, at *5 (D.S.C. Feb. 3, 2011). Thus, it dismissed the CFAA claim and declined to exercise jurisdiction over the remaining state-law claims.²

II.

We review de novo a district court's dismissal pursuant to Rule 12(b)(6), Gilbert v. Residential Funding LLC, 678 F.3d 271, 274 (4th Cir.2012), accepting as true all factual allegations contained in the complaint, Erickson v. Pardus, 551 U.S. 89, 94, 127 S.Ct. 2197, 167 L.Ed.2d 1081 (2007)(per curiam).

A.

WEC alleges that Appellees violated § 1030(a)(2)(C), (a)(4), (a)(5)(B), and (a)(5)(C), each of which require that a party either access a computer “without authorization” or “exceed[ ] authorized access.” The district court held that Appellees' alleged conduct—the violation of policies regarding the use and downloading of confidential information—did not contravene any of these provisions. Accordingly, the crux of the issue presented here is the scope of “without authorization” and “exceeds authorized access.” We particularly examine whether these terms extend to violations of policies regarding the use of a computer or information on a computer to which a defendant otherwise has access. Before delving into statutory analysis, however, we briefly review the perspectives of our sister circuits.

In short, two schools of thought exist. The first, promulgated by the Seventh Circuit and advanced by WEC here, holds that when an employee accesses a computer or information on a computer to further interests that are adverse to his employer, he violates his duty of loyalty, thereby terminating his agency relationship and losing any authority he has to access the computer or any information on it. See Int'l Airport Ctrs., LLC v. Citrin, 440 F.3d 418, 420–21 (7th Cir.2006). Thus, for example, the Seventh Circuit held that an employee who erased crucial data on his company laptop prior to turning it in at the end of his employment violated the CFAA. Id. at 419–21. It reasoned that his “breach of his duty of loyalty terminated his agency relationship ... and with it his authority to access the laptop, because the only basis of his authority had been that relationship.” Id. at 420–21.

The second, articulated by the Ninth Circuit and followed by the district court here, interprets “without authorization” and “exceeds authorized access” literally and narrowly, limiting the terms' application to situations where an individual accesses a computer or information on a computer without permission. See United States v. Nosal, 676 F.3d 854, 863 (9th Cir.2012) (en banc); LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1134–35 (9th Cir.2009). Thus, in Nosal, the Ninth Circuit, sitting en banc, held that the defendant's co-conspirators, a group of employees at an executive search firm, did not violate the CFAA when they retrieved confidential information via their company user accounts and transferred it to the defendant, a competitor and former employee. Nosal, 676 F.3d at 856, 864. It reasoned that the CFAA fails to provide a remedy for misappropriation of trade secrets or violation of a use policy where authorization has not been rescinded. Id. at 863–64. As we explain below, we agree with this latter view.

B.

As with any issue of statutory interpretation, we focus on the plain language of the statute,...