International Airport Centers, L.L.C. v. Citrin
|International Airport Centers, L.L.C. v. Citrin|
|Court||United States Court of Appeals for the Seventh Circuit|
|Decided||Mar. 8, 2006|
|Citation(s)||440 F.3d 418|
|Prior action(s)||District Court dismissed plaintiff's suit for failure to state a claim.|
|The Court of Appeals reversed and remanded the previous action.|
|Judge(s) sitting||Posner R., Williams A.C. & Sykes D.S.|
|Duty of loyalty|
In International Airport Centers, L.L.C. v. Citrin, the Seventh Circuit Court of Appeals evaluated the dismissal of the plaintiffs’ lawsuit for failure to state a claim based upon the interpretation of the word “transmission” in the Computer Fraud and Abuse Act, 18 U.S.C. § 1030.  Jacob Citrin had been employed by IAC, who had lent him a laptop for use while under their employment. Upon leaving IAC, he deleted the data on the laptop before returning it to IAC. The Court of Appeals decided to reverse the decision and reinstated IAC’s lawsuit. 
International Airport Centers, L.L.C. (IAC) is a group of companies in the real estate business.  IAC employed the defendant, Jacob Citrin, to identify potential acquisitions and record data about these properties. IAC lent Citrin a laptop for this purpose.  Citrin became self-employed and quit IAC, breaching his employment contract in the process.  He deleted the data on the laptop before returning it to IAC, using a secure-erasure software that rendered files irrecoverable. This process destroyed data that he had collected for IAC in addition to data revealing improper workplace conduct.
The provision of the Computer Fraud and Abuse Act provides that whoever “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer” violates the Act. Citrin argued that erasing a file from a computer is not a “transmission.” The district court agreed and dismissed the lawsuit since it determined that the deletion of the files did not violate the CFAA. However, Circuit Judge Posner examined the “transmission” of the secure-erasure program to the computer, stating that the method of transmission here – whether it was installed through a network or a disc – is irrelevant. “Damage” here included “any impairment to the integrity or availability of data, a program, a system, or information.”
The court ruled that Citrin’s authorization terminated with his breach of his duty of loyalty in quitting, and that his actions were “exceeding authorized access”, as defined by the CFAA to be “access[ing] a computer with authorization and…us[ing] such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” While Citrin argued that his employment contract authorized him to “return or destroy” data in the laptop, it was unlikely that this was intended to authorize him to irreversibly destroy data that the company had no copies of, or data that incriminated him in misconduct. Therefore, the judgment was reversed with directions to reinstate the suit. 
This case was one of a series of cases that applied the CFAA to employee misconduct. Originally, the CFAA had been crafted to prevent criminal hacking in government interest computers. The definition of “authorization” used in Citrin would be later rejected by the Ninth Circuit court in LVRC Holdings v. Brekka in favor of a more narrow “active authorization” that is granted by an authority. 
- Lemley, Mark A.; Menell, Peter S.; Merges, Robert A. Software and Internet Law. 4th ed. New York: Wolters Kluwer Law & Business, 2011. ISBN 0735589151
- International Airport Centers, L.L.C. v. Citrin (7th Cir. March 8, 2006). Text
- AJH. "International Airport Centers v. Citrin." Cases of Interest. Risch, Michael. 23 Apr 2010. 6 Feb 2012.
- Pollaro, Greg. “Disloyal Computer Use and the Computer Fraud and Abuse Act: Narrowing the Scope”. Duke Law & Technology Review. 2010. 6 Feb 2012.
- Just Add Plaintiff: The Seventh Circuit’s Recipe for Instant Liability Under the CFAA
- United States Code: Title 18,1030. Fraud and related activity in connection with computers
- 7th Circuit Applies Computer Hacking Statute to Use of Trace Removers on Employee Laptops
- International Airport Centers v. Citrin: Employment Issues
- InsideCounsel: Combating employee misconduct