Monthly Archives: July 2012

Is a Face Tattoo Displayed on a Character in a Film Protected Under the Copyright Law?

The Eastern District of Missouri recently denied a tattoo artist’s request for a preliminary injunction against Warner Brothers’ release of the Hangover IIWhitmill v. Warner Bros. Entertainment Inc., 11-cv-00752 (E.D. Mo. April 28, 2011).

In that case, artist S. Victor Whitmill (“Victor”), creator of Mike Tyson’s face tattoo, filed a lawsuit against Warner Brothers Entertainment Inc. (“Warner Brothers”) for not seeking his approval to use the tattoo design on the face of another character in the movie.  Victor had obtained a release from Mike Tyson after creating the tattoo and neither Tyson nor Warner Brothers sought his approval.  The movie used the tattoo design on another character’s face in a majority of the scenes.

In ruling, the judge examined four factors:

1) plaintiff’s likelihood of success on the merits;

2) whether plaintiff was threatened with irreparable harm;

3) the balance of the equities; and

4) the public interest.

The Judge felt that Victor had a strong likelihood of prevailing and that he had suffered irreparable harm because he lost control over the tattoo image.  However, the balance of equities and public interest favored Warner Brothers.  The judge found that Warner Brother’s harm outweighed Victor’s because Warner Brothers would lose millions if the movie was enjoined as compared to Victor’s loss of one tattoo design that would not affect his entire business.  Further, the public’s desire to see the movie was considered and it was determined that non-parties such as theater owners and distributors would also lose money and be affected. Ultimately, all the factors considered as a whole were tipped in favor of Warner Brothers although the Judge reasoned that Victor would probably win the case.

Early this year, the case was settled.  The terms of the settlement were kept confidential, but Warner Brothers did mention that it will not have to digitally alter the film for the DVD release, as was previously considered.


© 2012 Nissenbaum Law Group, LLC

Does New Jersey Recognize the Presumed Damages Doctrine in Internet Defamation Claims?

In W.J.A. v. D.A., No. A-77-10 (May 16, 2012), the New Jersey Supreme Court addressed the question of whether the doctrine of presumed damages applies over the Internet.

That case surrounds Wayne Anderson (“Wayne”), a New Jersey man who was cleared of sexual abuse charges against his nephew, David Adams (“David”) (both fictitious names created by the Court).  Wayne was awarded $50,000.00 for defamation in the original suit, and nine years later David created a website that repeated the abuse claims with additional charges.  The site included Wayne’s name and address.

The creation of the website initiated the current case. However, because Wayne could only offer anguish and emotional injury as damages, the Law Division judge found those damages subjective and therefore insufficient to sustain a defamation claim. David was granted summary judgment.  However, the Appellate Division reversed, holding that Wayne could recover damages in a defamation suit without proving actual harm.  This is known as the “Presumed Damages Doctrine,” whereby a claimant may recover nominal damages expected when his reputation has been injured.  Reputational damage is often hard to prove, so under certain circumstances, it may be presumed, but the damages are generally nominal.

In that case, the Supreme Court held that the presumed damages doctrine would be recognized.  The judge noted that the doctrine acts as a procedural device to help the plaintiff’s claim survive dismissal.  Addressing the fact that the damages would be nominal, the Supreme Court noted that vindication is an important piece of any defamation claim and the doctrine acts as a tool by which the plaintiff is provided dignitary recourse.

Because the damages are presumed, it is hard for a jury to devise a uniform method of valuation.  That is why a plaintiff can only obtain nominal damages at trial, thereby precluding compensatory damages absent proof of actual harm.  Of course, the Plaintiff is free to seek to prove actual damages, which one would hope would be greater.  However, that is often not possible.

This case is important because it illustrates that New Jersey will recognize the doctrine of presumed damages, but recovery under the doctrine is limited.  The doctrine is a good tool for a plaintiff to use to defeat dismissal and obtain nominal damages when he cannot show actual harm.  This is generally the scenario in Internet defamation cases, in which the reputational harm that can be caused is extremely hard to measure.


© 2012 Nissenbaum Law Group, LLC

What Elements Need to be Satisfied Under New York Law to State an Unjust Enrichment Claim?

To state a claim for unjust enrichment in New York, a plaintiff must establish that a) the defendant benefitted; b) the defendant benefited at the plaintiff’s expense; and c) that equity and good conscience require restitution.  Tasini v. AOL Inc., No. 11 Civ. 2472 (S.D.N.Y. March , 2012).  Ultimately, a court must be persuaded that it would be against equity and good conscience to allow a defendant to retain what the plaintiff seeks to recover. Id. at 9.

In Tasini, the Plaintiffs brought suit against the Defendants alleging, among other things, that the Huffington Post was unjustly enriched by its practice of soliciting and accepting unpaid written submissions for its website. Id. at 7.  The Plaintiffs further alleged that the Defendants unjustly denied them compensation for their independent promotion of the content.

 The Defendants moved to dismiss the suit claiming that the Plaintiffs failed to “demonstrate that equity and good conscience require restitution and, in the alternative, that the plaintiffs’ unjust enrichment claim is barred by the existence of an implied contract between the plaintiffs and the defendants.” Id. at 8.  The Defendants made clear to the Plaintiffs from the beginning that they would not be compensated for their voluntary contribution to the website.

The court noted that the essential inquiry in any action for unjust enrichment is whether it can be shown that equity and good conscience warrant restitution, which would therefore obviate the need for dismissal. See Id. at 9.  The court further noted that in evaluating whether equity requires restitution, New York courts look to whether the plaintiff has alleged an expectation of compensation that was denied.  Id. at 10. In this case, the Plaintiffs had full knowledge of the transaction and only expected to gain exposure from their contributions.  Ultimately, the court held that the complaint failed to plead an expectation of monetary compensation and the Plaintiffs therefore could not recover under their unjust enrichment theory.  Further, it was held that since the Plaintiffs contributed to The Huffington Post out of their own unprovoked desire, equity and good conscience did not support what was sought in this matter.

When bargaining, it is important that parties are clear about one another’s expectations.  Everything should be set in writing, if possible, before the transaction proceeds.


© 2012 Nissenbaum Law Group, LLC

Is A Twitter Account A Trade Secret?

Businesses have long been able to protect their list of customers as a trade secret, keeping the information out of the hands of competitors. But should the list of customers in a business’ Twitter account be granted the same confidential protection?

The United States District Court for the Northern District considered this question in a recent case. PhoneDog v. Kravitz, 2011 U.S. Dist. LEXIS 129229 (N.D. Cal. Nov. 8, 2011). The plaintiff, PhoneDog, used a variety of social media – including Twitter – to share reviews of mobile products and services with its readers. The defendant, Noah Kravitz (“Kravitz”), was a product reviewer and video blogger for PhoneDog. The company permitted Kravitz to use the Twitter account “@PhoneDog_Noah.” Kravitz used the account to disseminate information and promote PhoneDog services on behalf of the company. He generated approximately 17,000 Twitter followers during the course of his employment. Kravitz used a password to access the account.

PhoneDog claimed that all of its “@PhoneDog_Name” Twitter accounts, as well as the passwords to those accounts, were proprietary, confidential information. When Kravitz ended his employment with PhoneDog in October 2010, the company asked him to stop using the Twitter account. However, Kravitz instead changed the name (or “handle”) of the account to “@noahkravitz” and continued to use it. PhoneDog, alleging that Kravitz’s behavior caused it to suffer at least $340,000 in damages, brought suit against Kravitz for misappropriation of a trade secret and three other claims. Kravitz filed a motion to dismiss the claims.

A motion to dismiss allows a court to terminate a lawsuit that fails to state a claim upon which the plaintiff can receive relief from the court. When considering a motion to dismiss, a court must accept all of the plaintiff’s allegations as true and construe them in the light that is most favorable to the plaintiff. Bell Atl. Corp. v. Twombly¸550 U.S. 544, 570 (2007). Kravitz argued the claim should be dismissed because neither the identity of the account followers or the password to the account constituted trade secrets. Under the California Civil Code, a trade secret is defined as information that:

1) derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and

2) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

California Civil Code, sec. 3426.1(d)

Kravitz claimed the list of followers was not secret because the information was publicly available on Twitter. He also claimed that the password was not a trade secret because the password itself did not derive any actual or potential independent economic value. Kravitz also argued that PhoneDog failed to allege any act by him that would be considered misappropriation. Under the California Civil Code, misappropriation is defined as the:

1) acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means;

2) disclosure or use of a trade secret of another without express or implied consent by a person who:

a) used improper means to acquire the knowledge of the trade secret;
b) at the time of disclosure of use, knew or had reason to know that his or her knowledge of the trade secret was:

i.) derived from or through a person who had utilized improper means to acquire it;
ii.) acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or
iii.) derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use

c) before a material change of his or her position, knew or had reason to know that it was a trade secret and that knowledge of it had been acquired by accident or mistake

California Civil Code sec. 3426.1(b)

The Court found that Kravitz failed to show any basis for a dismissal of the misappropriation claims. The Court determined that PhoneDog described the subject matter of the trade secret with sufficient particularity and that Kravitz had refused to stop using the password and account despite the company’s requests. Additionally, the Court found that determining whether Kravitz’s behavior constituted misappropriation required consideration of evidence, and thus the claim could not be dismissed.

The future decisions in cases such as this will be very significant for businesses who use Twitter or similar social networking tools as a means of collecting a group of potential customers and establishing a professional relationship between them. It is yet another example of how traditional trade secret law will need to adapt to a world where the relationship between businesses and customers continues to operate more and more online and thus in a less confidential setting.


© 2012 Nissenbaum Law Group, LLC

What Are The Repercussions For Sites That Facilitate Internet Music Piracy?

Would a person walk out of a store and take a CD without having paid for it?  If so, we might not only conclude that they are a shoplifter, but also someone who has committed theft of copyrighted intellectual property.  Many individuals commit the equivalent of the latter kind of theft by the illegal download of a digital file of a recorded song. File sharing software makers such as LimeWire, Napster and Kazaa have made it easy for users to easily commit this offense by a click of a mouse.  However, beware; there are consequences for sites that enable this sort of conduct.

In 2006, The Recording Industry Association of America (“RIAA” or the “association”) filed a lawsuit on behalf of its member music labels against LimeWire, claiming that the music industry had lost a lot of money because LimeWire’s P2P software enabled users to share and make use of 11,000 copyrighted songs without paying a fee. The case was heard by the United States District Court, Southern District of New York. In 2010, the court ruled in favor of RIAA issuing a Permanent Injunction. RIAA, et al. v. Lime Wire, LLC, et al, 06 Civ. 05936 (Oct. 26 2010).  In evaluating whether an injunction was warranted the Court balanced four (4) elements:

1) irreparable injury;

2) whether or not there is an adequate remedy at law;

3) consideration of the balance of  hardships between the parties; and

4) whether the public interest would be disserved by the injunction

Id. at 5.

The Court concluded that RIAA faced irreparable harm because “it is virtually certain that [RIAA] will be entitled to an enormous damage award [] that will far exceed Lime Wire’s ability to pay.” Id. at 6.  Under the Copyright Act, a plaintiff is entitled to statutory damages from $750-$150,000, depending upon the circumstances of the infringement. Id. at 6; See 17 U.S.C. § 504(a)(2)-(c).

The Court found that a permanent injunction in addition to damages was necessary since the compensation for damages would only satisfy past infringement, not future infringement. Id. at 8.  The Court found that LimeWire’s widespread dissemination of its software left RIAA vulnerable to ongoing infringement by users and that this far outweighed any hardship to LimeWire by the injunction. Id. at 8.

Although the Court agreed that LimeWire induced copyright infringement, it did not agree with RIAA’s position on damages.  RIAA believed that it was owed the statutory allotment ($750-$150,000) per download, per song. Id. at 6-7.  That would have amounted to a penalty well beyond LimeWire’s resources. Id. at 6.  Ultimately, in May 2011, LimeWire made its settlement offer, and the case settled for $105 million in damages.

Businesses should take heed to the permanent injunction issued against LimeWire and the subsequent settlement amount of the lawsuit.  The issue of music piracy is serious and the music industry is being all the more active in fighting against copyright infringement.


© 2012 Nissenbaum Law Group, LLC

When is a Breach of Contract Claim in NY Preempted by the Copyright Act?

What state law claims are preempted by the federal law embodied in the Copyright Act?  This question was recently addressed in Stadt v. Fox News Network LLC, 719 F.Supp.2d 312 (S.D.N.Y. 2010).

In that case, Kenneth Stadt (“Stadt”), a video owner, filed a lawsuit against Fox News Network (“Fox”), a cable television network, for among other things, copyright infringement and breach of contract.  Stadt was the exclusive owner of a video that he registered with the United States Copyright Office that depicts a famous couple on vacation (“Video”).  Stadt and Fox entered into a written License Agreement (“Agreement”) in which Fox was given the sole right to air the Video on its network within a one month period.  See Id. at 316.

Stadt alleged that Fox promised to stop using the Video upon expiration of the License, and in exchange for that promise Stadt allowed Fox to broadcast the Video with a “Fox Business Exclusive” credit on the screen. However, Stadt claimed that Fox continued to make use of the Video and credit after the Agreement expired.  Fox moved to dismiss all the claims except the copyright claim, stating that “the claims are preempted by section 301 of Title 17 of the United States Code (the Copyright Act), fail to state a claim as a matter of law, or both.” Id. at 315.

The Court relied on Briarpatch Ltd. v. Phoenix Pictures, Inc., 373 F.3d 296 (2d Cir. 2004) to determine when the Copyright Act shall preempt state law. Id. at 317.  In Briarpatch, the Second Circuit held that the Copyright Act exclusively governs a claim when:

(1) the particular work to which the claim is being applied falls within the type of works protected by the Copyright Act . . .; and

(2) the claim seeks to vindicate legal or equitable rights that are equivalent to one of the bundle of exclusive rights already protected by copyright law….

See Briarpatch Ltd. v. Phoenix Pictures, Inc., 373 F.3d 296 (2d Cir. 2004).

The Briarpatch Court further stated that the first prong of this test is called the “subject matter requirement,” and the second prong is called the “general scope requirement.”  The general scope requirement is satisfied only when the state-created right may be abridged by an act that would, by itself, infringe one of the exclusive rights provided by federal copyright law.  The state law claim must not include any extra elements that make it qualitatively different from a copyright infringement claim.  Additionally, the Briarpatch Court explained that to determine whether a claim is qualitatively different, it will look at “what [the] plaintiff seeks to protect, the theories in which the matter is thought to be protected and the rights sought to be enforced.” Stadt, 719 F.Supp.2d at 317-18 (citing Briarpatch Ltd. v. Phoenix Pictures, Inc., 373 F.3d 296 (2d Cir. 2004)).

The Stadt Court stated that it takes a ‘restrictive view’ of what qualifies as an extra element sufficient to shield the claim from copyright preemption.  Nevertheless, ‘a state law claim is qualitatively different if it requires such elements as breach of fiduciary duty, or possession and control of chattels.” Stadt, 719 F.Supp.2d at 318.

To establish breach of contract in New York, a plaintiff must 1) confirm the existence of an agreement; 2) show that plaintiff has adequately performed pursuant to that contract; 3) show that the accused has breached the contract; and 4) show that there are damages.  See Id. 

The Stadt Court found that the “subject matter” requirement for federal preemption to apply was met because the subject matter of Stadt’s breach of contract claim related to the continued use of a video that was governed by the Copyright Act.  However, the “general scope” requirement was not satisfied because Stadt’s claim that Fox continued to make use of the credit following expiration of the Agreement added an “extra element that render[ed Stadt’s] breach of contract claim qualitatively different from a claim for copyright infringement.” Hence, that additional aspect of the claim was not governed by the Copyright Act.  Id. at 320-21.  In other words, the additional allegation of continued use of the credit went beyond what the Copyright Act governs and therefore survives preemption.  See Id. at 321.  Ultimately, the Stadt Court denied Fox’s motion to dismiss the breach of contract claim since only part of the claim was preempted by the Copyright Act.  See Id. at 324.

The preemption of state laws by the Copyright Act is an issue every claimant should be aware of when preparing causes of actions for a complaint involving intellectual property matters.  One should take heed of the two-step prong courts rely on in evaluating when claims meet the criteria for preemption.


© 2012 Nissenbaum Law Group, LLC

Can Google Maps Be Sued For Invasion of Privacy?

Many Americans are able to go online, enter their address into Google and zoom-in on the ensuing map so closely that they can see an image of their own home. However, few Americans have asked whether Google is invading anyone’s privacy by providing this capability.

In 2010, that question was proposed to the United States Court of Appeals for the Third Circuit. Boring v. Google Inc., 362 Fed. Appx. 273 (3d Cir. Pa. 2010). In 2008, a couple residing in Pennsylvania (“the Borings”) sued Google, claiming that the company’s “Street View” feature on Google Maps invaded their privacy. The Street View program allows users to see panoramic views of locations throughout the United States. To collect the images, Google attaches panoramic digital cameras to passenger cars and drives around cities photographing areas along streets and roads. Individuals are able to report and request the removal of inappropriate images they find on Street View.

The Borings, who live on a private road, claimed that their privacy interest was disregarded by Google when the company took photos of their property and made those photos available to the public. In addition to alleging that Google invaded their privacy, the Borings also asserted claims for trespass, injunctive relief, negligence and conversion. In February 2009, the United States District Court for the Western District of Pennsylvania granted Google’s motion to dismiss all of the Borings’ claims. The plaintiffs appealed.

Under Pennsylvania law, there are four tort actions for invasion of privacy:

1) unreasonable intrusion upon the seclusion of another;

2) appropriation of another’s name or likeness;

3) unreasonable publicity given to another’s private life; and

4) publicity that unreasonably places the other in a false light before the public.

Burger v. Blair Med. Assocs., Inc.¸ 600 Pa. 194, 964 A.2d 374, 367-77 (Pa. 2009).

The Court followed the District Court’s interpretation of the Borings’ complaint as asserting claims for intrusion upon seclusion and publicity to private life. Plaintiffs stating a claim for intrusion upon seclusion must allege conduct that:

1) demonstrates an intentional intrusion upon the seclusion of their private concerns which was substantial and highly offensive to a reasonable person, and

2) avers sufficient facts to establish that the information disclosed would have caused mental suffering, shame or humiliation to a person of ordinary sensibilities.

Pro Golf Mtg., Inc. v. Tribune Review Newspaper Co., 570 Pa. 242, 809 A.2d 243, 247 (Pa. 2002).

The Court upheld the District Court’s decision and determined that the Borings’ claim for intrusion upon seclusion failed because the alleged conduct would not be highly offensive to a person of ordinary sensibilities. Boring at 280. “No person of ordinary sensibilities would be shamed, humiliated, or have suffered mentally as a result of a vehicle entering into his or her ungated driveway and photographing the view from there.” Id. at 279. The Court also referred to an example included in the Restatement (Second) of Torts that “knocking on the door of a private residence [is] an example of conduct that would not be highly offensive to a person of ordinary sensibilities.” Id. The Court reasoned that Google’s actions of photographing an external view of the Borings’ home was arguably less intrusive than knocking on a door. “The existence of that image…does not in itself rise to a level of an intrusion that could reasonably be called highly offensive.” Id.

The Court also agreed with the District Court’s decision that the Borings’ claim of publicizing private life failed. To state such a claim, a plaintiff must allege that the matter being publicized is:

1) publicity

2) given to private facts

3) which would be highly offensive to a reasonable person, and

4) is not something that is of legitimate concern to the public.

Harris v. Easton Pub. Co., 335 Pa. Super. 141, 483 A.2d 1377, 1384 (Pa. Super. Ct. 1984).

The Court determined that the Borings failed to allege sufficient facts to establish that the publicity given to them by Google’s actions would be highly offensive to a reasonable person. Boring at 280.

The Court’s decision suggests that attempts to sue Google for invasion of privacy over its use of residential images in its Google Map program are not likely to succeed. Courts could suggest that Google’s opt-out option provides a better route for residents who think that their privacy rights are being violated.


© 2012 Nissenbaum Law Group, LLC

Does the Discovery Rule Apply to Copyright Infringement?

In Urbont v. Sony Music Entertainment, No. 11 Civ. 4516 (S.D.N.Y. March 27, 2012), the federal District Court for the Southern District of New York was presented with the question of whether the discovery rule applies to causes of action under the Copyright Act.

The discovery rule allows parties to extend a statute of limitations because they did not have reason to know, nor did they know, that they had a potential cause of action.  In this case, application of the discovery rule would have extended the three (3) year statute of limitations under the Copyright Act for infringement.

The court determined that the discovery rule would not apply here because there was no evidence of material concealment of the fraud that led to the alleged infringement.  Instead, the plaintiff had complete access to all the information necessary to determine that an infringement had taken place, and he had simply not brought his cause of action within the applicable period.


© 2012 Nissenbaum Law Group, LLC

Should Appropriation Artists Be Protected By Fair Use?

Appropriation art, which involves an artist purposefully copying the work of another, has become a popular art form. But is it legal? The United States District Court for the Southern District of New York recently faced that question and determined whether appropriators are entitled to use the defense of fair use against a claim of copyright infringement. Cariou v. Prince, 784 F.Supp. 2d 337 (S.D.N.Y. 2011).

The plaintiff in that case, professional photographer Patrick Cariou (“Cariou”), had spent time in Jamaica over the course of six years. After gaining the trust of the Rastafarians, he had been permitted to take their portraits. In 2000, Cariou published a book of his photographs. The book contained those portraits as well as landscape photos he had taken around Jamaica. He testified that he was the sole copyright holder of the images that appeared in his book.

The defendant, Richard Prince (“Prince”), was a well-known “appropriation artist” who had shown his work at several museums. Appropriation art deliberately copies images and presents them in a new version or context. During an exhibit at a hotel in St. Barts between December 2007 and February 2008, Prince showed a collage entitled “Canal Zone (2007)” which included 35 photographs that had been taken from Cariou’s book. Prince painted over some portions of the photos. Some were used in their entirety, while others were only partially used. Prince intended to use “Canal Zone (2007)” as a means of introducing characters he intended to use in a planned series of artworks. Cariou eventually claimed that Prince had infringed on his copyright, but Prince asserted that his works were protected by the defense of fair use.

Cariou possessed undisputed ownership of valid copyright in the photos, which courts have held to be a copyrightable subject matter for more than 100 years. Burrow-Giles Lithographic Co. v. Sarony, 111 U.S. 53 (1884). The Court then considered whether Prince’s use of Cariou’s copyrighted work should be protected as a type of fair use. When determining whether a particular use of a copyrighted work qualifies as fair use, courts will consider four factors:

1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;

2) the nature of the copyrighted work; 

3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and 

4) the effect of the use upon the potential market for or value of the copyrighted work.

17 U.S.C. §107.

First, the Court considered the purpose and character of Prince’s use of the photos. It found its transformative content to be “minimal at best,” its purpose to be “substantially commercial, and interpreted Prince’s failure to obtain permission (and the co-defendant Gagosian Gallery’s failure to inquire as to whether Prince had obtained permission) to constitute bad faith. Cariou at 350-1. Thus, it determined that the first prong weighed heavily against a finding of fair use. Second, the Court found that Cariou’s photos were highly original and creative (as opposed to factual or informational). Thus, the Court held that the use of such works without permission also weighs against fair use. Id. at 352.

Third, the Court considered the amount and substantiality of the portion of Cariou’s photos used in Prince’s works. It found that, in the majority of his works, Prince appropriated central figures that went to the very heart of Cariou’s works, and that this factor also weighed heavily against a finding of fair use. Id. Finally, the Court found the fourth factor to also weigh against fair use because Prince’s secondary use “unfairly damaged the original market for [Cariou’s] [p]hotos and, if widespread, would likely destroy any identifiable derivative market for [them].” Id. at 353. Because none of the four factors considered supported fair use, the Court found that the defendants were not entitled to fair use as a defense. Id.

Prince is appealing the Court’s decision. This case may have a significant impact in both the art and intellectual property industries.


© 2012 Nissenbaum Law Group, LLC

Does the Computer Fraud and Abuse Act Extend To Workers Who Steal From Company Computers?

The Computer Fraud and Abuse Act (“CFAA”) was enacted in 1986, in part, to criminalize the act of knowingly accessing a protected computer with the intent to defraud. 18 U.S.C. § 1030. The statute was intended to target computer hackers, but could it also be used to find employees criminally liable for misappropriating confidential information on their employer’s computers? That was a question recently considered by the United States Court of Appeals for the Ninth Circuit. U.S. v. Nosal, 2012 U.S. App. LEXIS 7151 (9th Cir. Cal. Apr. 10, 2012).

The plaintiff, David Nosal (“Nosal”), was formerly an employee of the executive search firm Korn/Ferry. Shortly after leaving the company, he convinced a few of his former co-workers to join him in starting a business to compete with Korn/Ferry. The employees used their log-in information to download source lists as well as names and contact information from the company’s database. The information was then transferred to Nosal. Though the employees had authorization to access the database, they violated company policy by disclosing confidential information.

The government charged Nosal with, among other charges, violating the CFAA for aiding and abetting the Korn/Ferry employees in exceeding their authorized access with an intent to defraud. See § 1030(a)(4). Nosal filed a motion to dismiss the CFAA counts, arguing that the statute only targets hackers, not those who access a computer with authorization.

His argument was initially rejected by the United States District Court for the Northern District of California which was considering Nosal.   However, a subsequent Ninth Circuit opinion opted for narrow interpretation of the phrases “without authorization” and “exceeds authorized access” in the CFAA. See LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009). Under this decision, “[t]here is simply no way to read [the definition of ‘exceeds authorized access’] to incorporate corporate policies governing use of information unless the word alter is interpreted to mean misappropriate,” as “[s]uch an interpretation would defy the plain meaning of the word alter, as well as common sense.” Nosal at 4.  Basing its decision on LVRC, the Ninth Circuit Court of Appeals that was considering the appeal of Nosal reversed and dismissed the counts for failure to state an offense.

The CFAA defines “exceeds authorized access” as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” § 1030(a)(4). The government argued that the statute’s language could refer to someone who has unrestricted physical access to a computer, but is limited in the use to which he can put the information. On the other hand, Nosal argued that the statute could refer to one who is authorized to access only certain data but instead accesses – or “hacks” – data that he is not authorized to.

The Court opted to follow Nosal’s interpretation, finding that “[t]he government’s interpretation would transform the CFAA from an anti-hacking statute into an expansive misappropriation statute.” Id. at 7. It found that the language “without authorization” would apply to outside hackers, while the language “exceeds authorized access” would apply to inside hackers, concluding that such an interpretation would be “a perfectly plausible construction of the statutory language that maintains the CFAA’s focus on hacking rather than turning it into a sweeping Internet-policing mandate.” Id. at 10.

“We need not decide whether Congress could base criminal liability on violations of a company or website’s computer use restrictions. Instead, we hold that the phrase ‘exceeds authorized access’ in the CFAA does not extend to violations of use restrictions. If Congress wants to incorporate misappropriation liability into the CFAA, it must speak more clearly.” Id. 24-25.

The Court’s decision suggests that the CFAA might not be the statute to look to for businesses seeking to bring legal claims against former employers.


© 2012 Nissenbaum Law Group, LLC