Domingo Rivera

Digital Forensics Consultant & Cyber Lawyer

Tech Sys., Inc. v. Pyles (4th Cir., 2015)

#Attorney Domingo Rivera #Tech Sys. Inc. v. Pyles (4th Cir. 2015)

The Computer Fraud and Abuse Act is a criminal statute that also provides a civil remedy.  In cases where employees abuse an employer’s computer systems, there may be a case of action for breach-of-fiduciary-duty.Domingo Rivera

TECH SYSTEMS, INC., Plaintiff – Appellee,
v.
LOVELEN PYLES, Defendant – Appellant,
and JOHN AND JANE DOES 1-10, Defendants.

No. 13-1359
No. 13-2098

UNITED STATES COURT OF APPEALS FOR THE FOURTH CIRCUIT

Submitted: October 27, 2015
November 18, 2015

UNPUBLISHED

Page 2

Appeals from the United States District Court for the Eastern District of Virginia, at Alexandria. Gerald Bruce Lee, District Judge. (1:12-cv-00374-GBL-JFA)

Before MOTZ and AGEE, Circuit Judges, and DAVIS, Senior Circuit Judge.

Affirmed by unpublished per curiam opinion.

Eric H. Zagrans, ZAGRANS LAW FIRM LLC, Cleveland, Ohio, for Appellant. Eric Scott Crusius, Stephen P. Ramaley, MILES & STOCKBRIDGE P.C., Tysons Corner, Virginia, for Appellee.

Unpublished opinions are not binding precedent in this circuit.

Page 3

PER CURIAM:

Lovelen Pyles appeals the district court’s orders denying her motion under Fed. R. Civ. P. 50 for judgment as a matter of law and granting attorney’s fees in favor of Tech Systems, Inc. (“TSI”). Pyles asserts that the district court erred in denying her motion as to violations of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 (2012); the Electronic Communications Privacy Act, 18 U.S.C. § 2701 (2012); and her breach of fiduciary duty. She also contends that the district court erred in instructing the jury on punitive damages and in granting TSI’s motion for attorney’s fees. We affirm.

I.
        “We review de novo the legal conclusions upon which the district court’s denial of judgment as a matter of law were premised.”

Belk, Inc. v. Meyer Corp., U.S., 679 F.3d 146, 164 (4th Cir. 2012). “If, viewing the facts in the light most favorable to the non-moving party, there is sufficient evidence for a reasonable jury to have found in [the non-moving party’s] favor, we are constrained to affirm the jury verdict.” Lack v. Wal-Mart Stores, Inc., 240 F.3d 255, 259 (4th Cir. 2001).

A.
        “Although the CFAA is primarily a criminal statute, it permits private parties to bring a cause of action to redress a

Page 4

violation of the CFAA … .” A.V. ex rel. Vanderhye v. iParadigms, LLC, 562 F.3d 630, 645 (4th Cir. 2009). The civil suit may be brought in limited circumstances by “[a]ny person who suffers damage or loss” as a result of a CFAA violation. 18 U.S.C. § 1030(g). As relevant here, the violation must have caused “loss to 1 or more persons during any 1-year period … aggregating at least $5,000 in value.” 18 U.S.C. § 1030©(4)(A)(i)(I), (g). A person violates the CFAA by “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] … information from any protected computer,” 18 U.S.C. § 1030(a)(2)©, or “intentionally access[ing] a protected computer without authorization, and as a result of such conduct, caus[ing] damage and loss,” 18 U.S.C. § 1030(a)(5)©.

This court narrowly interprets the terms “without authorization” and “exceeds authorized access.” WEC Carolina Energy Sols. LLC v. Miller, 687 F.3d 199, 206 (4th Cir. 2012). “[A]n employee … accesses a computer ‘without authorization’ when [s]he gains admission to a computer without approval.” Id. at 204. “[A]n employee ‘exceeds authorized access’ when [s]he has approval to access a computer, but uses [her] access to obtain or alter information that falls outside the bounds of [her] approved access.” Id. “Notably, neither of these

Page 5

definitions extends to the improper use of information validly accessed.” Id.

Pyles argues that the CFAA did not apply to her actions during her employment with TSI because she, as the human resources director, had full access to the computer information. Under the WEC Carolina framework, we disagree. Pyles accessed both the main computer network and financial servers without authorization or in excess of her authority. Additionally, upon termination of her employment, Pyles accessed her corporate email account and company-issued Blackberry without authorization. Moreover, TSI demonstrated damage that resulted in losses from Pyles’ actions. Thus, there was sufficient evidence for a reasonable jury to have found in TSI’s favor.

B.
        A person violates the ECPA by: “(1) intentionally access[ing] without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceed[ing] an authorization to access that facility; and thereby obtain[ing], alter[ing], or prevent[ing] authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a).

Pyles limits her ECPA challenge to whether she acted “without authorization” or “exceed[ed] [her] authorization” in

Page 6

accessing TSI’s computer system.* Pyles contends not only that TSI granted her permission to access the computer system, but also that her actions did not go outside the bounds of that permission. We disagree.

Authorization is a matter of permission and dependent on its scope, not on whether information validly accessed was properly used. See WEC Carolina, 687 F.3d at 204. Here, although Pyles was permitted to use TSI’s email to carry out her duties as human resources manager, she was not authorized to access the server through which the email functioned in the manner she did here. Additionally, her authorization to access the Blackberry terminated with her employment. Thus, there was sufficient evidence for a reasonable jury to have found in TSI’s favor.

II.
        In Virginia, to establish a breach of fiduciary duty, a plaintiff must show that (1) the defendant owed a fiduciary duty, (2) the defendant breached that duty, and (3) damages resulted from the breach.

Informatics Applications Grp.,

Page 7

Inc. v. Shkolnikov, 836 F. Supp. 2d 400, 424 (E.D. Va. 2011). “[A]n employee … owes a fiduciary duty of loyalty to [her] employer during [her] employment.” Williams v. Dominion Tech. Partners, LLC, 576 S.E.2d 752, 757 (Va. 2003). This duty “prohibits the employee from acting in a manner adverse to his employer’s interest.” Hilb, Rogal & Hamilton Co. of Richmond v. DePew, 440 S.E.2d 918, 921 (Va. 1994). Moreover, “termination does not automatically free a[n] … employee from his or her fiduciary obligations” if the action was “founded on information gained during the relationship.” Today Homes, Inc. v. Williams, 634 S.E.2d 737, 744 (Va. 2006) (internal quotation marks omitted).

Pyles concedes that she owed TSI a fiduciary duty under Virginia law. She asserts that the district court improperly denied her motion to strike the breach-of-fiduciary-duty claim because, she argues, the information she revealed was not the kind that would give an advantage to a competing business. Nevertheless, the record reveals that she breached her duty by acting in bad faith with confidential information and by disregarding TSI’s interests in accessing the email server, resulting in damages to TSI. Accordingly, the district court properly rejected this claim.

Page 8

III.
        Finally, Pyles challenges the district court’s jury instructions allowing for punitive damages and its award of attorney’s fees in TSI’s favor. It is a “settled rule” that we will not consider issues raised for the first time on appeal absent “fundamental error or a denial of fundamental justice.”

In re Under Seal, 749 F.3d 276, 285 (4th Cir. 2014) (internal quotation marks omitted). “Fundamental error is more limited than the plain error standard that [this Court] appl[ies] in criminal cases.” Id. (internal quotation marks omitted). Thus, this court has used the plain error standard “as something of an intermediate step in a civil case.” Id. at 286. “[W]hen a party in a civil case fails to meet the plain-error standard, we can say with confidence that [s]he has not established fundamental error.” Id.

To establish plain error, Pyles must show that: (1) there was an error, (2) the error was plain, and (3) the error affected her substantial rights. United States v. Robinson, 627 F.3d 941, 954 (4th Cir. 2010). Even if Pyles makes this showing, “we retain discretion to deny relief; plain errors should only be corrected where not doing so would result in a miscarriage of justice or would otherwise seriously affect the fairness, integrity or public reputation of judicial

Page 9

proceedings.” Id. (alterations, citation, and internal quotation marks omitted).

We have refused to undertake plain error review, however, where a party “failed to make its most essential argument anywhere in its briefs … : it never contended that the district court fundamentally or even plainly erred.” In re Under Seal, 749 F.3d at 292; see Makdessi v. Fields, 789 F.3d 126, 132 (4th Cir. 2015) (refusing plain error review where appellant failed to assert that elements of such review were satisfied). Failing to argue either, Pyles has abandoned these claims. Moreover, Pyles’ jurisdictional argument is meritless because the court properly exercised subject-matter jurisdiction over her federal and state-law claims pursuant to 28 U.S.C. § 1331 (2012) (federal question), and 28 U.S.C. § 1367(a) (2012) (supplemental jurisdiction).

Accordingly, we affirm the district court’s orders. We dispense with oral argument because the facts and legal contentions are adequately presented in the materials before this court and argument would not aid the decisional process.

AFFIRMED

——–

Footnotes:

*. Accordingly, Pyles has abandoned any challenge related to the other elements of her ECPA violation. Fed. R. App. P. 28(a)(8)(A); Edwards v. City of Goldsboro, 178 F.3d 231, 241 n.6 (4th Cir. 1999).

——–