Charles Schwab & Co., Inc. v. Brian D. Carter, Acorn Advisory Management, L.L.C., et al.
No. 04C7071 (N.D. Ill., Sept. 27, 2005)
Principal Can Be Held Vicariously Liable For The Acts Of Its Agent Under The Computer Fraud And Abuse Act
Court holds that a principal can be held vicariously liable under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., ("CFAA") for its agent's accessing without authorization another's computer system in violation of the CFAA at the principal's direction. The Court accordingly denies the motion of defendants Acorn Advisory Management LLC and Acorn Advisory Capital L.P. (collectively "Acorn") to dismiss claims advanced by plaintiff Charles Schwab & Co. Inc. ("Schwab"), that sought to hold Acorn liable under the CFAA for the acts of defendant Brian Carter ("Carter"). Carter, a former employee of Schwab, had allegedly downloaded without authorization confidential information and trade secrets from Schwab's computer system at the behest of Acorn, by whom he was subsequently employed.
Carter Allegedly Downloaded Data At Acorn's Behest
Plaintiff Schwab owned and operated the Schwab Soundview Capital Markets Investment Analysis Division ("IA"). IA provided select clients with analytical investment research generated by the application of twelve analytical models (the "Models"). Schwab kept these Models confidential.
In late 2004, Schwab decided to close IA. Upon learning of this decision, defendant Acorn offered to acquire all of the assets necessary to operate the Models, which offer Schwab rejected. Shortly after the rejection of its offer, Acorn allegedly extended an offer of employment to defendant Carter.
At that time, Carter was employed as the Director of Information Technology of Schwab's IA division. In this capacity, Carter had the ability to access IA's entire computer network, which he was authorized to do in the performance of his duties for Schwab.
According to the complaint, Carter accepted Acorn's offer of employment. Before he left Schwab for Acorn, it was alleged that Carter, at Acorn's direction, downloaded confidential information from Schwab's computer system, which information Carter delivered to Acorn, together with additional confidential information he sent Acorn via e-mail.
Vicarious Liability May Be Imposed Under The Computer Fraud And Abuse Act
As a result of this conduct, Schwab commenced suit against Carter and Acorn, claiming inter alia, that Acorn violated the Computer Fraud and Abuse Act. Acorn moved to dismiss this claim, arguing that it could not be held vicariously liable under the CFAA for Carter's acts. The Court rejected this argument, and permitted Schwab to proceed with its CFAA claims against both Carter and Acorn.
The Court rested its holding on the rule of statutory construction that "[w]hen Congress creates a tort action, it legislates against a legal background of ordinary tort-related vicarious liability rules and consequently intends its legislation to incorporate those rules." The CFAA, noted the Court, "operates, in effect like a tort action" "by providing compensation to victims of computer fraud." As such, ruled the Court, it must be presumed that Congress drafted the CFAA with an intent to permit vicarious liability. Such a result accorded with the decisions of numerous other federal courts, which had imposed vicarious liability for the violation of other federal statutes that gave rise to tort claims. This result also furthered the purpose of the CFAA, which is to "deter and punish those who intentionally access[ed] computer files and systems without authority and [thereby] cause[d] harm." As a result, the Court denied Acorn's motion to dismiss, and permitted Schwab to proceed with its CFAA claim against Acorn.
Balance Of Defendants' Motion To Dismiss Denied
The Court also denied the balance of defendants' motion, which sought dismissal of common law causes of action Schwab asserted on the grounds that the same were preempted by the Illinois Trade Secret Act, as well as dismissal of claims advanced under Section 1030(a)(2)(C) of the CFAA as a result of the alleged absence of an allegation that Carter's conduct involved an interstate or foreign communication. The denial of this latter branch of defendants' motion, at this early pleading stage, rested on the Court's determination that it was "reasonable to infer" that Carter's activities involved the requisite interstate communications because Carter allegedly accessed an interstate computer network located, at least in part, outside of Carter's home state, to obtain the data at issue.
Finally, the Court denied defendants' summary judgment motion, which was grounded on plaintiffs' purported failure to adequately identify the trade secrets at issue. Such had, in fact, been done in discovery sufficiently for the purpose of this motion.