2009) is a Ninth Circuit Court of Appeals Decision that deals with the scope of the concept of "authorization" in the Computer Fraud and Abuse Act.

Part of his duties included interacting with LVRC's email provider (Load, Inc.) and conducting Internet marketing programs.

When Brekka was hired, he owned and operated EBSN and EBSF, two consulting businesses that provided referrals of potential patients to rehabilitation facilities.

Because of this frequent commute between Florida and Nevada, he emailed documents he obtained or created for his work at LVRC to his own personal computer.

At the end of the month, Brekka emailed to his wife and himself a number of documents including a financial statement for the company, LVRC's marketing budget, and admission reports for patients.

On September 4, 2003, he emailed a master admission report containing the names of all the past and current patients at LVRC.

The Nevada district court granted summary judgment in favor of Brekka;[2] LVRC contested both rulings in its appeal.

"If the employer has not rescinded the defendant's right to use the computer, the defendant would have no reason to know that making personal use of the company computer in breach of a state law fiduciary duty to an employer would constitute a criminal violation of the CFAA.

[3][4][5] In Citrin, the Court used agency principles to find that the employee violated his duty of loyalty to his employer when he set out to start a competing firm and accessed the company computer to further that interest, erasing data on his employer's computer.

However, The Ninth Circuit applied the rule of lenity to the term "authorization" and found that the Seventh's Circuit interpretation could criminalize a large swath of the population by looking to the subjective intent of the employee or the subsequent use of the information accessed.