National City Bank v. Republic Mortgage Home Loans
In the United States District Court for the Western District of Washington
Case Number C09-1550RSL
Before District Judge R.S. Lasnik
Decided on March 12, 2010

Relevancy of the Case: Interpretation of “authorised access” and “exceeds authorisation” in the context of termination of employment contract

Statutes and Provisions Involved

• The Computer Fraud and Abuse Act, 18 U.S.C. § 1030

Relevant Facts of the Case

• The plaintiff bank has filed a claim against four co-defendants, Westmark, Codute, Moffett, and Tallman, apart from the defendant home loan company.
• The claim relies on the premise that the defendants accessed a National City Bank account maintained by a third-party service provider without authorisation.
• Three defendants, Westmark, Codute, and Moffett, have challenged the adequacy of allegations related to the CFAA claim.
• Westmark created an Excel spreadsheet on National City computers. This spreadsheet contained confidential customer information and load data of hundreds of National City customers. He acted for his own benefit or for that of Republic Mortgage.
• Codute sent personalised letters to National City customers, mentioning their current interest rate and loan terms.

Prominent Arguments by the Counsels

• The defendants’ counsel submitted that no facts link the defendants (Westmark, Codute, and Moffett) to a computer or otherwise, giving rise to a reasonable interference as to their liability.
• The defendant Tallman’s counsel argued that the plaintiff’s allegations were untrue. The counsel further showed that her new employer utilised the same third-party service provider.
• The plaintiff’s counsel argued that Tallman should be held vicariously liable for the actions of the other three defendants.

Opinion of the Bench

• There is no factual allegation in support of the plaintiff’s conclusory statements regarding its claim on Westmark, Codute, and Moffett.
• The plaintiff has offered evidence to support that Tallman improperly accessed National City’s account after her registration. A reasonable jury could not, therefore, return a verdict in the plaintiff’s favour.
• The court leaned in favour of the interpretation given in LVRC Holdings LLC v. Brekka. The objective behind CFAA was to target hackers who accessed computers to steal information or disrupt computer functionality.
• Even if vicarious liability were to exist, Tallman’s subordinates had the authority to access confidential information in focus.

Final Decision

• The court dismissed the plaintiff’s CFAA claim with prejudice and without leave to amend. Thereby, the court granted the motion to dismiss in favour of Westmark, Codute, and Moffett while allowing Tallman’s request for a summary judgment.