Search

Cybersecurity Business Law Blog

The Intersection of Cybersecurity, Business, and Law

Tag

CFAA

Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA

TAKEAWAYS: If your company intends to limit its employees access to certain information on the company network, (1) make sure appropriate technological restrictions are in place and are working; and (2) make sure there are appropriate policies or other documentation in place to show the employees subjectively knew it was off limits.

When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does so for an improper purpose.

Why policies are critical–explained HERE Continue reading “Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA”

Be Careful of Commentary on 7th Cir.’s Fidlar Tech CFAA “Intent to Defraud”Case

I have read several blog posts that are stating, as a blanket proposition, that you must prove intent to defraud for CFAA claims. This, they say, comes from the recent Seventh Circuit Court of Appeals case, Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., 2016 WL 258632 (7th Cir. Jan. 21, 2016) (opinion).

This is reading too much into the court’s opinion. Continue reading “Be Careful of Commentary on 7th Cir.’s Fidlar Tech CFAA “Intent to Defraud”Case”

Court Order Provides CFAA Authorization to Access Computer, Even if Later Overturned

A party who accesses a computer pursuant to a court order authorizing him to seize and access the computer will not be found in violation of the Computer Fraud and Abuse Act if such order is later overturned.

“An essential element of a CFAA claim under 10 U.S.C. § 1030 is that the [defendant] accesses a computer ‘without authorization or exceeds authorized access.’ Hunn v. Dan Wilson Homes, Inc., 789 F.3d 573, 583-84 (5th Cir. 2015) (holding that ‘because [the defendant] did not exceed authorized access, he did not violate the Computer Fraud and Abuse Act’). Here, the state-court turnover orders authorized Shor to access the computers. Even though those orders were ultimately overturned, because Shor had authorization at the time pursuant to a court order to access the computers, Black does not state a claim under the CFAA. See id. (discussing CFAA claim, reasoning that the defendant accessed the computer while still employed at the plaintiff’s company). Land and Bay Gauging, L.L.C. v. Shor, 2015 WL 4978993 (5th Cir. Aug. 21, 2015).

See earlier post.

Would increasing CFAA penalties via the CISA Amendment really even help? I don’t think so.

As the Cybersecurity Information Sharing Act (CISA) is making its way through the Senate, it has stirred up more controversy with Senator Sheldon Whitehouse’s proposed amendment to the Computer Fraud and Abuse Act (CFAA), that he argues, would give law enforcement more tools to fight hackers. The Amendment would provide for increased sentences (up to 20 years) of those who harm computers connected to “critical infrastructure.”

Continue reading “Would increasing CFAA penalties via the CISA Amendment really even help? I don’t think so.”

Fifth Circuit: Accessing Computer Per Later-Overturned Order Does Not Violate CFAA

In Land and Bay Gauging L.L.C. v. Shor, –Fed.Appx — (5th Cir. Aug. 21, 2015), the Fifth Circuit recently held that accessing a computer under the authority of a court order that authorizes the access is sufficient to render the access as being authorized, even if the order is later overturned. An essential element under a Computer Fraud and Abuse Act (CFAA) claim is that the defendant accessed the computer “without authorization” or “exceeds authorized access.” When there is such an access that is authorized by a court order–at the time of the access–the later overturning of that order will not then render the access as having been unauthorized and there will be no violation of the CFAA. 

Additionally, the Rooker-Feldman Doctrine does not bar a Federal court from ruling on CFAA claims that stem from parties’ actions taken pursuant to a state court order where such claims do not attack the validity of the order itself, but instead, focus on the parties alleged violations of independent legal duties under the CFAA.

Blog at WordPress.com. | The Baskerville Theme.

Up ↑

%d bloggers like this: