Congress enacted the Computer Fraud and Abuse Act ("CFAA") in response to the development of computer hacking, a novel form of "electronic trespassing." The CFAA was an exclusively criminal statute until 1994, when Congress amended the Act to create a private cause of action. This amendment turned the CFAA into a powerful new tool for employers seeking civil remedies against employees who misappropriate confidential information.

To state a CFAA claim, an employer must establish that its employee: (1) intentionally accessed a protected computer, (2) lacked authorization or exceeded authorized access, (3) obtained information, and (4) caused at least $5,000 in damages. Liability often turns on the court's interpretation of the second element. In many employment-centered CFAA cases, the employer gives the employee full access to the business's computer systemsincluding the information which the employee is alleged to have stolen. Both parties agree that the employee had at least some authorization to access the information, so the issue is whether the employee exceeded his authorized access by virtue of the theft.

For this week's discussion, take a side on this issue and defend your position in light of what you learned about the statute and the policies it is intended to promote