Christopher Williams

210 E. A St. Moscow, ID 83843 T: (509) 540-0028 E: will8385@vandals.uidaho.edu

CW

WRITING SAMPLE To whom it may concern, I am attaching a copy of 9 pages of the facts and argument section of an appellate paper that was written for my Spring 2013 Legal Reading and Writing course. Although critique was offered by the professor and teaching assistants throughout the editing process, the work remains entirely written by me. Thank you for reading, Christopher Williams

ISSUES ON APPEAL I. Whether the district court erred when it granted Ms. Solis's Motion for Summary Judgment regarding the CFAA claim when she obtained company information for the purpose of competing with her ex-employer in violation of the "Terms of Use" agreement she signed. Whether the district court properly granted the Defendant's Motion for Summary Judgment regarding the constructive discharge claim when she maintained her title as Account Executive and annual salary of $180,000. STATEMENT OF THE CASE Ms. Holly Solis resigned from her position at Warren Advertising (Warren) one month after a sequence of decisions by her supervisor to transfer a portion of her clients to other employees. Her supervisor believed that, in the competitive business of advertising, this was a reasonable business decision because "[he] was concerned she might not be able to handle [the accounts] and... wanted to make sure [the] clients received the best service possible." (R. 24:1820.) Around this time, Ms. Solis was the recipient of six derogatory comments from her coworkers and her supervisor. (R. 13, 15, 16, 17.) Towards the end of her employment, she used her assigned username and password to record information for later use in undercutting Warren's price in violation of the "Terms of Use" agreement she signed. (R. 27:32-33.) She soon after brought this litigation against her former employer. [FACTS PERTAINING TO "CONSTRUCTIVE DISCHARGE" ISSUE OMMITTED] Ms. Solis, along with all employees of Warren, was assigned a username and password on the condition she sign a "Terms of Use" agreement which stipulates that she only "access files and data that are necessary to further the objectives of the company and complete his or her duties." (R. 26:27-31, 29.) After making her decision to resign, Ms. Solis states she waited four days to resign in order to "tie up some things at the office." (R. 19:22.) During this period she
2

II.

transferred Company data including an account advertising plan, a fee schedule, and a client's account records to a device of hers; she had no prior relationship with the clients whose information she obtained. (R. 27-28, 30-31.) In the months after her resignation she used this information in an attempt to persuade Warren's clients to sign with her. (R. 32-34.) She offered to handle Torntore Beverage Distributors, LLC's advertising account at a discounted rate which put Torntore in a position to negotiate 8% off their original fee with Warren. (R. 32.) She offered to do discounted advertising for Frazier Motors, Ltd. and informed them that their competitor Lake Side, a client of Warren, was planning an upcoming advertising campaign; this caused Warren to restart Lake Side's advertising campaign, drop their normal rate by 25%, and caused damage to Warren's reputation (R. 23, 28:1-4.) Finally, she used her knowledge of Ikeda Flooring's upcoming contract expiration and current advertising in an attempt to solicit their business. (R. 34.) Ikeda flooring was able to negotiate a more favorable contract with Warren because of Ms. Solis's actions. Ms. Solis is appealing the district court's granting of Summary Judgment regarding her constructive discharge claim. (R. 2.) The district court held that the conditions of Ms. Solis's employment "were not so intolerable that a reasonable person in her position would have felt compelled to resign," and as such she did not suffer an adverse employment action. (R. 5.) Warren Advertising cross-appeals the district court's decision to grant summary judgment dismissing their claim under the Computer Fraud and Abuse Act. (R. 1.) STANDARD OF REVIEW

The appellate court reviews questions of statutory interpretation de novo. U.S. v. Rodriguez, 628 F.3d 1258, 1262 (11th Cir. 2010) The court also reviews questions of law de novo. First Options of Chicago, Inc. v. Kaplan, 514 U.S. 938, 939 (1995). ARGUMENT The district court erred when it granted Ms. Solis's Motion for Summary Judgment regarding Warren's Computer Fraud and Abuses Act (CFAA) claim, and properly dismissed Ms. Solis's constructive discharge claim. Ms. Solis exceeded her authorized access when she accessed company information from a computer for use against the company explicitly in violation of the "Terms of Use" agreement between Ms. Solis and Warren Advertising. She also failed to show that her working conditions were so intolerable that an ordinary person would feel compelled to quit. Therefore, the CFAA claim should be tried and the constructive discharge claim was properly dismissed. I. THE DISTRICT COURT ERRED IN GRANTING MS. SOLIS'S MOTION FOR SUMMARY JUDGMENT DISMISSING WARREN ADVERTISING'S COUNTER-CLAIM UNDER THE COMPUTER FRAUD AND ABUSE ACT BECAUSE MS. SOLIS VIOLATED THE CFAA WHEN SHE "EXCEED[ED] AUTHORIZED ACCESS" AS DEFINED IN THE STATUTE. Ms. Solis accessed and recorded company information for the purpose of undercutting Warren's prices, a purpose in direct contradiction with the "Protection of Company Data" provision in Warren's "Terms of Use" agreement that Ms. Solis signed. The CFAA creates a civil action for an employer against an employee in any case in which the employee "exceeds authorized access, and thereby obtains... information from any protected computer," and the conduct results in a loss of $5,000 over a one year period. 18 U.S.C.A. 1030(a)(2)(C), (c)(4)(a)(i)(I). "Exceeds authorized access," as defined in the statute means "to access a computer with authorization and to use such access to obtain or alter information in the computer

that the accesser is not entitled so to obtain or alter." 18 U.S.C.A. 1030(e)(6). Ms. Solis "exceede[d] [her] authorized access" by violating her "Terms of Use" agreement when she recorded information she was explicitly not allowed to record. The majority of circuit courts have found that an employee violates the CFAA when they intentionally access company information they are explicitly disallowed from accessing, regardless of whether their username and password allows unfettered access to the companies system. U.S. v. John, 597 F.3d 263(5th Cir. 2010); Rodriguez, 628 F.3d 1258; EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001); Intl. Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2006). Whereas only two circuits have adopted the far more narrow interpretation that requires an employee to hack into the employer's system. WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012); U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012). An employee who accesses information the employer explicitly disallows the employee from accessing, regardless of the method of intrusion, is in violation of the statute under the ordinary meaning, the canon against superfluous language, and legislative history. A. The ordinary and natural meaning of the text dictates that Ms. Solis's actions are covered by the CFAA. Determining congressional intent is the ultimate goal of statutory interpretation and the first step towards determining that intent is "[looking to] the existing statutory text..." Lamie v. U.S. Trustee, 540 U.S. 526, 534 (2004). "When a word is not defined by statute, we normally construe it in accord with its ordinary or natural meaning." Smith v. U.S., 508, U.S. 223, 228 (1993). The determinative issue is what the meaning of "exceeds authorized access" is; as defined in the CFAA, "'exceeds authorized access' means 'to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.'" 18 U.S.C.A. 1030(3)(6). The dictionary
5

definition of "Authorization" is "permission or power granted by an authority." LVRC Holdings LLC, 581 F.3d 1127, 1133 (9th Cir. 2009). In this case, Ms. Solis received "permission... granted by an authority" when she was issued a username and password for access to Warren's database, thus she had "authorization" to use Warren's computer. A Senate Report lays out that simply "observing" computer data is "obtaining" the information for purpose of the act. S. Rpt. 99-432 at 6 (reprinted in Sept. 3, 1986 U.S.C.C.A.N. at 2484). The determinative issue, therefore, is whether she was "entitled" to record company information for the purpose of using that information in the future to poach Warren's clients. If she was not entitled to record that information, she has violated the statute. Ms. Solis's permission to access the database was conditional on the terms she agreed to as outlined in the "Terms of Use" agreement. The most relevant provision of the agreement prohibits "accessing data or information to use to the detriment of Warren Advertising..." (R. 29:7-8.) When Ms. Solis contacted clients of Warren Advertising on three separate occasions and utilized information obtained in violation of the "Terms of Use" agreement in an attempt to poach their clients, she "obtained" information for "use to the detriment of Warren," and was therefore not entitled to "obtain" that information under the express conditions of the "Terms of Use" agreement; Ms. Solis's actions fall directly within the text of the CFAA. (R. 32-34.) This is the more reasonable interpretation because an employee may not be physically restricted from information or company property, but may still be restricted from obtaining it in violation of company rules. For instance, just like "a bank teller is entitled to access a bank's money for legitimate banking purposes, but not to take the bank's money for himself," an employee is entitled to company information for legitimate company purposes, and to go beyond the expressly stated limits would be to "exceed authorized access." Nosal, 676 F.3d at 865

(dissenting). The plain and ordinary meaning of the CFAA supports an interpretation that would cover an employee who causes damage to their employer by obtaining information they are explicitly disallowed from obtaining, regardless of how they access that information. B. The canon against superfluous language requires that "without authorization" and "exceeds authorization" have distinct and separate meanings. The Supreme Court presumes that a legislature does not include superfluous or unnecessary language in a statute. Duncan v. Walker, 533 U.S. 167 (2001). A court should construe a statute to "give effect... to every clause and word of a statute..." Moskal v. U.S., 498 U.S. 103, 107-08 (1990). The canon against superfluous language is relevant in determining a statute's meaning when there are two reasonable interpretations and only one gives weight to the entirety of the language in the statute. Duncan, 533 U.S. at 174. In this case, only the majority circuit's interpretation of the statute gives weight to both "without authorization," and "exceeds authorization." This interpretation gives meaning to "without authorization" by applying the language to someone that "hacks" into a computer when they have no "permission granted by an authority" to be there. The majority circuit's interpretation gives meaning to "exceeds authorization" by applying the language to a person, with the prerequisite "permission granted by an authority," that intentionally intrudes into data or information they are explicitly disallowed from "obtaining." Under the minority circuit's interpretation, which requires an alleged offender to "hack" into the computer system, the language "exceeds authorization" is superfluous. A person that has a username and password to a system would have to "hack" into a part of the system they do not have access to; even after hacking into a part of the system the employee is not allowed to access, they would be accessing that part of the system "without authorization." The canon against superfluous language favors the majority interpretation because the majority circuit's
7

interpretation gives weight to the language "without authorization" and "exceeds authorized access," whereas the minority circuit interpretation does not. C. The legislative history of the CFAA exhibits an effort to expand the statute to include employees that intentionally act contrary to the interests of their employer. The original 1984 CFAA was a bare bones approach to combat the relatively new problem with hackers using code-based methods to steal information or cause damage to a computer system. S. Rpt. 99-432 at 2 (reprinted in 1986 U.S.C.C.A.N. at 2480); 132 Cong. Rec. H3275-04 (1986). The 1986 amendments expanded the scope of the CFAA in an effort to include "computer-crimes;" Congressman Shaw, a main proponent of the 1986 amendments to the act, states that "computer-crime" includes, in addition to code-based intrusions, any crime "committed by people at a computer keyboard." 132 Cong. Rec. at H3275-04. The CFAA was expanded by the 1986 amendments to protect "computer data," which the Senate report emphasizes can be "stolen" when it is copied, even if it is not "removed or altered." S. Rpt. 99432 at 13 (reprinted in 1986 U.S.C.C.A.N. at 2480). The legislative history shows that the theft of computer data is a criminal offense under the CFAA regardless of the method in which the perpetrator copies the information. The 1986 amendments expanded the CFAA to protect computer data, whether that data be private or public. A Senate Report regarding the 1986 amendments uses an example regarding the intentional element of the statute explaining that if an employee is logged onto the computer and "stumbles upon" a file or information they are not allowed to access, they would not have violated the statute only because the mens rea element of "intentional" would not be present. Id. at 6. Also, the Senate Report states that the amendment to 18 U.S.C.A. 1030(a)(3), a section which specifically focuses on federal employees, does not include the language "exceeds authorized access" because Congress believes that administrative sanctions
8

would be more appropriate for an employee that views a file within a federal employee's own agency for "purposes to which such authorization does not extend." Id. at 21. The implication of this senate report is that intentionally obtaining computerized information with bad intentions or in violation of express rules, although an employee may be allowed on the system, would be a violation of the statute. D. Applying the rule of lenity in the face of this unambiguous statute would retard congressional intent. The rule of lenity requires that when a criminal statute is sufficiently ambiguous, the court is to construe that statute in a manner most favorable to the defendant. DePierre v. U.S., 131 S. Ct. 2225, 2237 (2011) This canon is only applicable after all other possible manners of interpreting the statute have been exhausted and we are left with no better than a guess as to the intention of the legislature. Moskal, 498 U.S. at 108. A "division of judicial authority" on its own is not sufficient basis for invoking the rule of lenity and thus construing a statute in favor of the defendant. Id. The Supreme Court has held the implementation of the rule of lenity to a very high standard, stating "The rule of lenity... is not applicable unless there is a 'grievous ambiguity or uncertainty in the language and structure of the Act.'" Chapman v. U.S., 500 U.S. 453, 463 (1991) (Quoting Huddleston v. United States, 415 U.S. 814, 831 (1974)). In U.S. v. John, the court found it unnecessary to apply the rule of lenity to the CFAA when the employer has given explicit instructions, agreed to by the employee, regarding the information they are authorized to access. 597 F.3d at 173. The court reasoned so because the employee "'has reason to know' that he or she is not authorized to access data or information in furtherance of a criminally fraudulent scheme." Id. There is no necessity for application of the rarely-utilized rule of lenity to the CFAA. We have considered the plain text of the statute, broad purpose intended by Congress, and legislative
9

history to decipher the statute. Each have shown that Congress intended for the CFAA to cover employees that intentionally access information the company explicitly informs the employee they are not allowed to access. Furthermore, Ms. Solis had "reason to know" that she was disallowed from recording the information of accounts she had no prior business with for the purpose of undercutting Warren's prices. This is not a case in which Ms. Solis unfortunately "stumbled upon" some information she did not have the authorization to access. Instead, she consciously and intentionally made the decision to record private company information for use against her prior employer. By taking these actions she made the decision to violate her "Terms of Use" agreement and directly caused monetary damage to the company. The CFAA was intended by Congress to protect private information on a computer from any trespasser regardless of their method of trespass, therefore the trial court erred when it granted Ms. Solis's Motion for Summary Judgment. [ARGUMENT SECTION FOR "CONSTRUCTIVE DISCHARGE" ISSUE OMMITTED] CONCLUSION Warren Advertising respectfully requests that this court affirm the district court's dismissal of Ms. Solis's constructive discharge claim, and overturn the district court's dismissal of Warren Advertising's CFAA claim.

10