International Association of Machinists and Aerospace Workers v. Werner-Masuda

The Cyber Blog IndiaCase Summary

Applicability of CFAA and SECA in case of malicious use of information by a former employee

International Association of Machinists and Aerospace Workers v. Bonnie Werner-Masuda
390 F.Supp.2d 479
In the United States District Court for the District of Maryland
Case Number Civ. A. DKC 2004-2552
Before District Judge Chasanow
Decided on September 16, 2005

Relevancy of the Case: Applicability of CFAA and SECA in case of malicious use of information by a former employee

Statutes and Provisions Involved

  • The Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (CFAA)
  • The Stored Wire and Electronic Communications and Transactional Records Act Access, 18 U.S.C. § 2701 (SECA)
  • The Maryland Uniform Trade Secrets Act, MD Comm L Code § 11-1209 (2016)

Relevant Facts of the Case

  • The plaintiff is an international labour organisation headquartered at the Grand Lodge, Upper Marlboro, Maryland.
  • The defendant was the secretary-treasurer of the local lodge, a subordinate body of the union. Owing to her position, she had access to a secure and proprietary website called “VLodge”. Through this website, she had access to the plaintiff’s confidential membership list.
  • According to the plaintiff, the website and membership list are stored on its server at the Grand Lodge.
  • The defendant has signed a Registration Agreement which stipulated not to use the information provided through VLodge or any purpose contrary to the policies and procedures of the plaintiff’s constitution.
  • While the defendant was a member of the plaintiff’s union, she accessed confidential information on the VLodge system for herself and UIFA. UIFA, a recently formed entity, posed a challenge to the plaintiff’s union representation of Continental and ExpressJet flight attendants.
  • The plaintiff has evidence that the defendant’s credentials were used to access the system at least 10,000 times. Moreover, the members whose details were obtained were the exact same members that UIFA was attempting to organise in a rival union.
  • On the other hand, the defendants have approached the court to seek dismissal of the plaintiff’s claims.

 Prominent Arguments by the Counsels

  • The plaintiff’s counsel submitted that she violated SECA and CFAA as she intentionally accessed the system in a manner exceeding her authorisation. This was subject to the Registration Agreement signed by him. The counsel relied on the case of Knoop v. Hawaiian Airlines, Inc.
  • The defendant’s counsel argued that the court should dismiss the plaintiff’s claims under SECA and CFAA. The objective of these acts was to deal with hackers or high-tech criminals. There is no cause of action under these Acts as the defendant had the necessary authorisation to access the system and the membership list.

Opinion of the Bench

  • The plaintiff’s position concerning the defendant’s violation of SECA and CFAA is flawed. The defendant had authorised access to the VLodge system and the membership list. She did not exceed her authorised access by accessing the membership list.
  • SECA and CFAA are criminal statutes, and thus, the court would narrowly construe them.
  • The defendant’s breach of the Registration Agreement and the plaintiff union’s constitution does not imply her liability under SECA and CFAA.

Final Decision

  • The court granted the defendant’s motion to dismiss the plaintiff’s SECA and CFAA claims.

Anjini Pandey, an undergraduate student at Dr. Ram Manohar Lohiya National Law University, prepared this case summary during her internship with The Cyber Blog India in May/June 2022.