"Congress enacted the CFAA in 1986 as a criminal law statute in response to the nascent issue of computer "hacking." 18 U.S.C. § 1030. The private cause of action was added a decade later. The Act prohibits unauthorized access or access that exceeds authorized access to computers. The CFAA defines "exceeds authorized access" as accessing "a computer with authorization and [using] such access to obtain . . . information in the computer that the accesser is not entitled to obtain," while leaving "unauthorized access" undefined."
"However, the Third Circuit's recent decision in NRA Group, LLC v. Durenleau, 2025 WL 2449054 (3d Cir. Aug. 16, 2025), has set further limits on the application of both statutes in this common scenario, holding that violating an employer's computer-use policy does not constitute a violation of the CFAA and that passwords are not considered trade secrets because they lack independent economic value."
The Third Circuit held that violating an employer's computer-use policy does not constitute a CFAA violation and that passwords are not trade secrets because they lack independent economic value. The CFAA, enacted in 1986, criminalizes unauthorized access and defines 'exceeds authorized access' as obtaining information from computer areas beyond one’s access while leaving 'unauthorized access' undefined. Van Buren narrowed CFAA coverage to information obtained from particular computer areas to which access does not extend. The decision preserves remedies such as breach of contract, business torts, fraud, and negligence for employers when employees grossly transgress computer-use policies.
Read at IPWatchdog.com | Patents & Intellectual Property Law
Unable to calculate read time
Collection
[
|
...
]