International Airport Centers, L.L.C. v. Citrin

International Airport Centers, L.L.C. v. Citrin
Court United States Court of Appeals for the Seventh Circuit
Decided Mar. 8, 2006
Citation(s) 440 F.3d 418
Case history
Prior action(s) District Court dismissed plaintiff's suit for failure to state a claim.
Case opinions
The Court of Appeals reversed and remanded the previous action.
Court membership
Judge(s) sitting Posner R., Williams A.C. & Sykes D.S.
Keywords

Computer Fraud and Abuse Act

Duty of loyalty

In International Airport Centers, L.L.C. v. Citrin, the Seventh Circuit Court of Appeals evaluated the dismissal of the plaintiffs’ lawsuit for failure to state a claim based upon the interpretation of the word “transmission” in the Computer Fraud and Abuse Act, 18 U.S.C. § 1030.[1] [2] Jacob Citrin had been employed by IAC, who had lent him a laptop for use while under their employment. Upon leaving IAC, he deleted the data on the laptop before returning it to IAC. The Court of Appeals decided to reverse the decision and reinstated IAC’s lawsuit. [1]

Facts

International Airport Centers, L.L.C. (IAC) is a group of companies in the real estate business. [3] IAC employed the defendant, Jacob Citrin, to identify potential acquisitions and record data about these properties. IAC lent Citrin a laptop for this purpose. [1] Citrin became self-employed and quit IAC, breaching his employment contract in the process. [3] He deleted the data on the laptop before returning it to IAC, using a secure-erasure software that rendered files irrecoverable. This process destroyed data that he had collected for IAC in addition to data revealing improper workplace conduct.[1][3]

The provision of the Computer Fraud and Abuse Act provides that whoever “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer” violates the Act. Citrin argued that erasing a file from a computer is not a “transmission.” The district court agreed and dismissed the lawsuit since it determined that the deletion of the files did not violate the CFAA. However, Circuit Judge Posner examined the “transmission” of the secure-erasure program to the computer, stating that the method of transmission here – whether it was installed through a network or a disc – is irrelevant. “Damage” here included “any impairment to the integrity or availability of data, a program, a system, or information.”[1][3]

Ruling

The court ruled that Citrin’s authorization terminated with his breach of his duty of loyalty in quitting, and that his actions were “exceeding authorized access”, as defined by the CFAA to be “access[ing] a computer with authorization and…us[ing] such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” While Citrin argued that his employment contract authorized him to “return or destroy” data in the laptop, it was unlikely that this was intended to authorize him to irreversibly destroy data that the company had no copies of, or data that incriminated him in misconduct. Therefore, the judgment was reversed with directions to reinstate the suit. [1]

This case was one of a series of cases that applied the CFAA to employee misconduct. Originally, the CFAA had been crafted to prevent criminal hacking in government interest computers. The definition of “authorization” used in Citrin would be later rejected by the Ninth Circuit court in LVRC Holdings v. Brekka in favor of a more narrow “active authorization” that is granted by an authority. [4]

See also

References

  1. 1 2 3 4 5 6 Lemley, Mark A.; Menell, Peter S.; Merges, Robert A. Software and Internet Law. 4th ed. New York: Wolters Kluwer Law & Business, 2011. ISBN 0735589151
  2. International Airport Centers, L.L.C. v. Citrin (7th Cir. March 8, 2006). Text
  3. 1 2 3 4 AJH. "International Airport Centers v. Citrin." Cases of Interest. Risch, Michael. 23 Apr 2010. 6 Feb 2012.
  4. Pollaro, Greg. “Disloyal Computer Use and the Computer Fraud and Abuse Act: Narrowing the Scope”. Duke Law & Technology Review. 2010. 6 Feb 2012.

External links

This article is issued from Wikipedia - version of the Sunday, December 16, 2012. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.