LVRC Holdings LLC v. Brekka

Content sourced from Wikipedia, licensed under CC BY-SA 3.0.

LVRC Holdings LLC v. Brekka (9th Cir. 2009) – plain-language summary

LVRC Holdings LLC sued Brekka under the Computer Fraud and Abuse Act (CFAA) after Brekka sent LVRC documents to his personal computer and later accessed LVRC’s systems using his login after leaving the company. The district court had ruled Brekka was authorized to access LVRC’s computer for his job, and LVRC appealed.

The Ninth Circuit agreed with the district court. It held that Brekka remained authorized to access LVRC’s computer unless the employer had revoked that authorization. An employee’s improper motive or breach of loyalty does not automatically remove authorization under the CFAA. The CFAA makes it illegal to access a computer without authorization or to exceed authorized access, and Brekka’s use did not show that LVRC had explicitly revoked his permission.

The court contrasted its approach with the Seventh Circuit’s decision in Citrin (which looked more to the employment relationship and duty of loyalty to end authority). The Ninth Circuit applied a narrower, “rule of lenity” interpretation of “authorization,” meaning it should not criminalize a broad range of behavior simply because an employee acted against the employer’s interests. Under Brekka, an employee remains authorized unless the employer revokes permission or there is no permission to use the computer in the first place.

Impact: Brekka narrowed the CFAA’s reach by limiting when “without authorization” applies and created a circuit split with the Seventh Circuit. The issue was seen as potentially resolvable by the Supreme Court in the future. The decision influenced later Ninth Circuit interpretation of authorization (and related cases like Nosal), particularly in post-employment contexts, and left open questions about how broad CFAA liability should be after a relationship ends.