The Federal Eastern District of Pennsylvania has ruled that an employer did not violate the Computer Fraud and Abuse when the company took over it’s ex-CEO’s LinkedIn account and changed it to the new CEO’s name. Eagle v. Morgan, 2012 WL 4739436 (E.D.Pa. October 4, 2012) (the full decision is not available online yet, I will quote applicable parts):
During 2008, while Dr. Eagle was president of Edcomm, she established an account on LinkedIn, which is a social networking website on the Internet for professional occupations. Dr. Eagle used her account to promote Edcomm’s banking education services; foster her reputation as a businesswoman; reconnect with family, friends, and colleagues; and build social and professional relationships. Defendant Elizabeth Sweeney assisted Dr. Eagle in maintaining her LinkedIn account and had access to Dr. Eagle’s password. Edcomm, through its CEO, recommended that all employees participate in LinkedIn and indicated that the employees should list Edcomm as their current employer. Edcomm generally followed the policy that when an employee left the company, the company would effectively “own” the LinkedIn account and could “mine” the information and incoming traffic, so long as it did not steal that former employee’s identity.
Evidently, after Eagle was terminated, her employer used her LinkedIn password, which was known by a fellow employee, take take over the account and replace the name with the new CEO’s name (the idea being to capitalize on the contacts Eagle made as part of her employment). Eagle eventually recovered the account via LinkedIn, but claimed that the 2 month period in which she had no access to her account sufficient damaged her business relationships that her employer should pay for its (IMO: odd) actions.
The court disagreed, finding that Eagle’s damages were not sufficient to implicate the Computer Fraud and Abuse Act:
Primarily, Plaintiff is not claiming that she lost money because her computer was inoperable or because she expended funds to remedy damage to her computer. Rather, she claims that she was denied potential business opportunities as a result of Edcomm’s unauthorized access and control over her account. Loss of business opportunities, particularly such speculative ones as set forth in the Chatzky Declaration, is simply not compensable under the CFAA.
This is not to say that Eagle’s employer will be getting off scott free for its weird and inappropriate attempt to appropriate her social networking account (the court has retained its jurisdiction over Eagle’s state law claims of privacy invasion, identity theft, conversion, civil conspiracy, etc…), but the court here makes clear that implication of the Computer Fraud and Abuse act require more than speculative damages.
Enter your email to get started.