The Computer Fraud and Abuse Act is a criminal statute that also provides a civil remedy. In cases where employees abuse an employer’s computer systems, there may be a case of action for breach-of-fiduciary-duty. – Domingo Rivera
TECH SYSTEMS, INC., Plaintiff – Appellee,
LOVELEN PYLES, Defendant – Appellant,
and JOHN AND JANE DOES 1-10, Defendants.
UNITED STATES COURT OF APPEALS FOR THE FOURTH CIRCUIT
Submitted: October 27, 2015
November 18, 2015
Appeals from the United States District Court for the Eastern District of Virginia, at Alexandria. Gerald Bruce Lee, District Judge. (1:12-cv-00374-GBL-JFA)
Before MOTZ and AGEE, Circuit Judges, and DAVIS, Senior Circuit Judge.
Affirmed by unpublished per curiam opinion.
Eric H. Zagrans, ZAGRANS LAW FIRM LLC, Cleveland, Ohio, for Appellant. Eric Scott Crusius, Stephen P. Ramaley, MILES & STOCKBRIDGE P.C., Tysons Corner, Virginia, for Appellee.
Unpublished opinions are not binding precedent in this circuit.
Lovelen Pyles appeals the district court’s orders denying her motion under Fed. R. Civ. P. 50 for judgment as a matter of law and granting attorney’s fees in favor of Tech Systems, Inc. (“TSI”). Pyles asserts that the district court erred in denying her motion as to violations of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 (2012); the Electronic Communications Privacy Act, 18 U.S.C. § 2701 (2012); and her breach of fiduciary duty. She also contends that the district court erred in instructing the jury on punitive damages and in granting TSI’s motion for attorney’s fees. We affirm.
violation of the CFAA . . . .” A.V. ex rel. Vanderhye v. iParadigms, LLC, 562 F.3d 630, 645 (4th Cir. 2009). The civil suit may be brought in limited circumstances by “[a]ny person who suffers damage or loss” as a result of a CFAA violation. 18 U.S.C. § 1030(g). As relevant here, the violation must have caused “loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000 in value.” 18 U.S.C. § 1030(c)(4)(A)(i)(I), (g). A person violates the CFAA by “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] . . . information from any protected computer,” 18 U.S.C. § 1030(a)(2)(C), or “intentionally access[ing] a protected computer without authorization, and as a result of such conduct, caus[ing] damage and loss,” 18 U.S.C. § 1030(a)(5)(C).
This court narrowly interprets the terms “without authorization” and “exceeds authorized access.” WEC Carolina Energy Sols. LLC v. Miller, 687 F.3d 199, 206 (4th Cir. 2012). “[A]n employee . . . accesses a computer ‘without authorization’ when [s]he gains admission to a computer without approval.” Id. at 204. “[A]n employee ‘exceeds authorized access’ when [s]he has approval to access a computer, but uses [her] access to obtain or alter information that falls outside the bounds of [her] approved access.” Id. “Notably, neither of these
definitions extends to the improper use of information validly accessed.” Id.
Pyles argues that the CFAA did not apply to her actions during her employment with TSI because she, as the human resources director, had full access to the computer information. Under the WEC Carolina framework, we disagree. Pyles accessed both the main computer network and financial servers without authorization or in excess of her authority. Additionally, upon termination of her employment, Pyles accessed her corporate email account and company-issued Blackberry without authorization. Moreover, TSI demonstrated damage that resulted in losses from Pyles’ actions. Thus, there was sufficient evidence for a reasonable jury to have found in TSI’s favor.
Pyles limits her ECPA challenge to whether she acted “without authorization” or “exceed[ed] [her] authorization” in
accessing TSI’s computer system.* Pyles contends not only that TSI granted her permission to access the computer system, but also that her actions did not go outside the bounds of that permission. We disagree.
Authorization is a matter of permission and dependent on its scope, not on whether information validly accessed was properly used. See WEC Carolina, 687 F.3d at 204. Here, although Pyles was permitted to use TSI’s email to carry out her duties as human resources manager, she was not authorized to access the server through which the email functioned in the manner she did here. Additionally, her authorization to access the Blackberry terminated with her employment. Thus, there was sufficient evidence for a reasonable jury to have found in TSI’s favor.
Inc. v. Shkolnikov, 836 F. Supp. 2d 400, 424 (E.D. Va. 2011). “[A]n employee . . . owes a fiduciary duty of loyalty to [her] employer during [her] employment.” Williams v. Dominion Tech. Partners, LLC, 576 S.E.2d 752, 757 (Va. 2003). This duty “prohibits the employee from acting in a manner adverse to his employer’s interest.” Hilb, Rogal & Hamilton Co. of Richmond v. DePew, 440 S.E.2d 918, 921 (Va. 1994). Moreover, “termination does not automatically free a[n] . . . employee from his or her fiduciary obligations” if the action was “founded on information gained during the relationship.” Today Homes, Inc. v. Williams, 634 S.E.2d 737, 744 (Va. 2006) (internal quotation marks omitted).
Pyles concedes that she owed TSI a fiduciary duty under Virginia law. She asserts that the district court improperly denied her motion to strike the breach-of-fiduciary-duty claim because, she argues, the information she revealed was not the kind that would give an advantage to a competing business. Nevertheless, the record reveals that she breached her duty by acting in bad faith with confidential information and by disregarding TSI’s interests in accessing the email server, resulting in damages to TSI. Accordingly, the district court properly rejected this claim.
To establish plain error, Pyles must show that: (1) there was an error, (2) the error was plain, and (3) the error affected her substantial rights. United States v. Robinson, 627 F.3d 941, 954 (4th Cir. 2010). Even if Pyles makes this showing, “we retain discretion to deny relief; plain errors should only be corrected where not doing so would result in a miscarriage of justice or would otherwise seriously affect the fairness, integrity or public reputation of judicial
proceedings.” Id. (alterations, citation, and internal quotation marks omitted).
We have refused to undertake plain error review, however, where a party “failed to make its most essential argument anywhere in its briefs . . . : it never contended that the district court fundamentally or even plainly erred.” In re Under Seal, 749 F.3d at 292; see Makdessi v. Fields, 789 F.3d 126, 132 (4th Cir. 2015) (refusing plain error review where appellant failed to assert that elements of such review were satisfied). Failing to argue either, Pyles has abandoned these claims. Moreover, Pyles’ jurisdictional argument is meritless because the court properly exercised subject-matter jurisdiction over her federal and state-law claims pursuant to 28 U.S.C. § 1331 (2012) (federal question), and 28 U.S.C. § 1367(a) (2012) (supplemental jurisdiction).
Accordingly, we affirm the district court’s orders. We dispense with oral argument because the facts and legal contentions are adequately presented in the materials before this court and argument would not aid the decisional process.
*. Accordingly, Pyles has abandoned any challenge related to the other elements of her ECPA violation. Fed. R. App. P. 28(a)(8)(A); Edwards v. City of Goldsboro, 178 F.3d 231, 241 n.6 (4th Cir. 1999).