Assignment 6 - Shurgard

October 16, 2007

My Viewpoint on The Shurgard Perspective

Was Shurgard v.Safegaurd correctly decided, in my opinion? Yes. This decision is based on two conclusory definition created by the court.

1. “Authorization” – Authorization of usage, regardless of the medium, is an inherently ambiguous term. Whenever a person authorizes usage of any personal property, whether it be personal physical property or abstract internet information, that authorization is always given within the confines of boundaries. If those boundaries did not exist, the full authorization given to the third party would be in a form of interest in ownership rights, not access to temporary usage for a confined purpose. The court correctly decided the case in defined limits of agency authorization. No company (or informed person) would willingly give over full ownership of protected property to a third party without limiting that access to the loyalty to the interest owner or allow acquisition by that third party of adverse interest to the interest of the owner. Therefore, I think the court correctly included corporate policy of agency, ownership, and the simple trust of employee confidentiality into their definition of the boundaries of authorized use of that same corporate information regarding its protected trade secrets.

2. “Damages” – In an effort to stick within the page limit, I want to make one brief comment. It is refreshing to see the court define damages to something more then a tangible monetary value. It is a especially refreshing in my recent outrage with the Dwyer v. American Express Case (where monetary damages could not be proven, and no relief was found in light of violation of the law).. I could not agree more with an opinion that takes such a wide and future thinking view of what damages may define in an increasingly internet-abstract definition of property, privacy, and society. I am glad the court looked further then words, and cash value, to evaluate what one person (or one corporation) may see as damages, and to take the damage perspective as far as personal perceived harm.

Posted by on October 16, 2007 at 12:00 AM in Assignment 6 - Shurgard | | Comments (0)

October 15, 2007

Shurgard

I agreed with the holding in Shurgard. On the "authorization" issue, I think the court was correct to find that the plaintiff's (former) employees lost their authorization when they emailed valuable information to  their employer's competitor.  This seems to me to be a great example of  the meaning of  'exceed[ing] authorized access" in 1030(a)(2) - there are proper and improper employee uses of an employer's computer resources and acts such as these are clearly outside the scope of what is proper, authorized access. On the "damages" issue, I think it would be a mistake to construe 'damage' as only physical damage, which is what the defendant seems to have wanted the court to do. It seems fairly plain that "any impairment to the integrity...of information" would include the divulging of trade secrets as an act that would cause harm to the valuable resources of a business.
I do think this is a case where the court recognized that a competitor and untrustworthy employees acted in bad faith and wanted to find for the "good guy"/victim. However, I thought the court's analysis of the meaning of the language in the statute - particularly on the "damages" issue - was quite convincing.

Posted by on October 15, 2007 at 11:58 PM in Assignment 6 - Shurgard | | Comments (0)

I say correct

I think that Shurgard was correctly decided to the extent the Court held that Plaintiff, Shurgard, stated a claim under 18 USC §1030(a)(5)(c).

The Statute includes that “whoever intentionally accesses a computer without authorization or exceeds authorized access…shall be punished as provided in section (c) of the statute.”  Shurgard’s allegations that former employees used Shurgard computers to send trade secrets to defendant via email, while still working for Shurgard, demonstrates that the former employees exceeded authorized access.  It is doubtful that Shurgard employees were given authorization to access Shurgard’s trade secrets and send this valuable information to competitors. 

While I think that Shurgard stated a claim under the Statute, I am not sure whether, in fact, the former employees of Shurgard exceeded authorized access.  To decide this, I would be interested to know what measures Shurgard took to protect its employees from disclosing its valuable trade secrets.  For instance, were Shurgard employees required to sign an agreement to refrain from such disclosure?  Were there appropriate safeguards such as passwords or supervision to protect the alleged misappropriated information?

Since these questions of fact exist, I believe that the Court’s holding that Shurgard stated a claim is correct.

Posted by on October 15, 2007 at 11:51 PM in Assignment 6 - Shurgard | | Comments (0)

Shurgard

I feel that Shurgard was correctly decided on both issues, especially authorization. The CFAA clearly covers “exceed[ing] authorized access” to information and the misappropriation of that information. The employees had permission to access the information in order to carry out their jobs. The access was for a limited purpose and the employees could not go beyond those boundaries without violating their duties as agents of their employer. The employees violated the CFAA and the basic rules of agency, as laid out in the Restatement (Second) of Agency. 

Posted by on October 15, 2007 at 11:34 PM in Assignment 6 - Shurgard | | Comments (0)

Hackers was a good movie.

Shurgard seems like one of those situations where the court made up its mind that it wanted plaintiff to prevail and found a way to tailor the law to its decision.  This doesn’t necessarily mean that the case was decided incorrectly, it’s just an observation as to the way the court decided the case.  Regarding the authorization issue, this case had sort of a weird disconnect from the Morris case.  There, Morris created a worm that infiltrated many other computers which he was clearly not authorized to access.  In Shurgard, the court almost re-humanizes the stealing of electronic information.  These employees were not ‘hacking’ (as we have come to think of it) into protected networks, presumably they were simply emailing information from their own machines over to the defendants.  This does not seem like “unauthorized access,” and the court almost stretches to fit it into that mold.  It seems to me plaintiffs other causes of action arising out of the same underlying facts make for much sounder arguments. 

Posted by on October 15, 2007 at 11:26 PM in Assignment 6 - Shurgard | | Comments (0)

Ding! Correct!

I think Shurgard was correctly decided even its reasoning does little to provide guidance. The “authorization” issue, which I find more interesting, seems to have been decided on common sense rather than legal principles.

Yes, I agree that what plaintiff’s employees did was reprehensible (if they in fact did it!), but saying that they did not have authorization to access that information is not the same as saying that they did not have authorization to send that information to a competitor. It seems fitting that authorization to access certain information be automatically terminated when an employee goes rogue, but it is a very difficult standard to apply in practice.

In my opinion the blame lies more with the employees than with the defendant because they had the authorization to access that information and decided to get greedy with it by working both sides of the line. But we are still missing many more facts that would make these matters likely to be decided at trial and not in a motion where all favorable inferences are drawn against the moving party.

Posted by on October 15, 2007 at 11:25 PM in Assignment 6 - Shurgard | | Comments (0)

Shugard

I think the case was correctly decided.  On the authorization issue it seems logical that when you are an agent of a company and you are misusing the company’s information for illegitimate purposes then acquisition and use of that information can be deemed unauthorized.  The company gives people access to information for purposes of furthering the company’s interest and when an employee misuses that information, as a matter of principle and fairness, then it is unauthorized because the information was not used for the purpose that it was provided for.  It’s not a black and white matter where since you have authorization to use the information then you use it for whatever you want.

As for damages, since the information was confidential and by way of using the employees of that company to get the information and disclose it to a competitor impaired the integrity of the information.  Although the information was not erased or changed in a physical sense it was changed in the sense that the information changed from confidential to now not being confidential information anymore and in the hands of its competitors.            

Posted by on October 15, 2007 at 10:19 PM in Assignment 6 - Shurgard | | Comments (0)

No brainer on authorization

I believe that Shurgard, on the issue of authorization, was correctly decided.  Under CFAA § 1030(a)(2)(C), it states, “whoever…intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains…information from any protected computer if the conduct involved an interstate or foreign communication…shall be punished”.  This Act was passed by Congress for situations exactly like the one in this case.  In today’s world, it is impossible for a company to succeed without having some confidential information on their computers.  Employees have to have access to this information so that they can perform.  These employees have authorization to access the information while they are working FOR the company.  As soon as they start working as agents for the Defendants, they are no longer working for the Plaintiffs. Accessing the Plaintiffs confidential computers while they are acting as agents for the Defendant is NOT authorized.  The statute is clear and unambiguous.  The purpose of the statute is to give companies a remedy for theft of its confidential data.

Posted by on October 15, 2007 at 10:14 PM in Assignment 6 - Shurgard | | Comments (0)

Shurgard-The right decision?

I tend to agree with the holding in Shurgard although I see how it is a bit of a stretch to get there. Shurgard deals with "damage" and the damage here was to the company's tradesecrets. which are essential to making a company or business successful. Once tradesecrets become public knowledge anyone can rival the creator, potentially driving them out of business. While there was no physical damage done as in Morris, this kind of damage to "integrity" is just as devastating. As to the authorization issue, the Restatement (Second) of Agency makes it pretty clear that authorization could be terminated without Shurgard having any knowledge of its employees breach of loyalty. This makes sense as an employee going behind their employer's back will take steps to make sure they are being discreet. It is in the employers favor for there to be some sort of regulation where knowledge is not required.

Posted by on October 15, 2007 at 10:09 PM in Assignment 6 - Shurgard | | Comments (0)

Shurgard

I found this case confusing. I don't see from reading the statute (albeit perhaps not carefully enough) what the major difference is between unauthorized and exceeding access as liability attaches with either offense. From the case, it appears that the distinction bears on the penalty phase. Regardless, I think the case was wrongly decided only in that it stretched agency law to hold that authorized access on these computers ended once the user acted in an unauthorized manner on the computer. But wouldn't that render the distinction meaningless? For that matter, what does it matter if one has access or not if you post a worm on the web? Under this case's logic, it surely doesn't matter as liability attaches when you do something your boss would not authorize. As for damages, I think the harm here (loss of trade secrets) is too attenuated to attach liability. The mole employees damaged the plaintiff by disclosing its trade secrets to their future employer. There is already a cause of action for that: trade secret missappropriation (maybe two with unfair competition laws). The CFAA was designed to curb hacking, not dirty biz tactics. Bad decision.

Posted by on October 15, 2007 at 10:03 PM in Assignment 6 - Shurgard | | Comments (0)

Next »