In Land and Bay Gauging L.L.C. v. Shor, –Fed.Appx — (5th Cir. Aug. 21, 2015), the Fifth Circuit recently held that accessing a computer under the authority of a court order that authorizes the access is sufficient to render the access as being authorized, even if the order is later overturned. An essential element under a Computer Fraud and Abuse Act (CFAA) claim is that the defendant accessed the computer “without authorization” or “exceeds authorized access.” When there is such an access that is authorized by a court order–at the time of the access–the later overturning of that order will not then render the access as having been unauthorized and there will be no violation of the CFAA.
Additionally, the Rooker-Feldman Doctrine does not bar a Federal court from ruling on CFAA claims that stem from parties’ actions taken pursuant to a state court order where such claims do not attack the validity of the order itself, but instead, focus on the parties alleged violations of independent legal duties under the CFAA.
Shawn, how do you think these new CFAA decisions out of the 5th circuit ‘Land and Bay Gauging L.L.C. v. Shor’ and ‘Hunn v Design Homes’ impact the 5th circuits position on the ‘without authorization’ circuit split (when compared to US v Phillips and US v John where the ‘intended use’ was applied). It seems to me these decisions narrow the 5th circuits interpretation by stating that an employee, who has authorized access and did not exceed it, can not be charged under the CFAA for actions performed with that access. Similar to Bridal Expo, Inc. v. van Florestein (S.D. Tex. Feb. 3, 2009) or the Brekka/Nosal/WEC Carolina Energy Solutions line of cases out of the 9th and 4th circuits.
Mike Thomas, so sorry for the delay in responding to your insightful comment. Unfortunately, I have not (yet, of course) had an opportunity dig in and give the issue a lot of thought. So, let me ask you this — how would you like to write a guest post on your take and then I can dig in and possibly write a follow-up? I suspect we could have a great online discussion that would benefit many of our readers!
Hey Mike, I finally made it around to reading the opinions. While they are another “blip” on the CFAA mosaic, I do not see them as changing, or even narrowing, the 5th Circuit’s CFAA Intended-Use Theory jurisprudence.
EDIT: I just wrote a brief blog post about the case and realized that I had already written about it months ago, which is one more reason why I say it wasn’t that significant of a ruling! Here are both:
http://shawnetuma.com/2016/01/12/court-order-provides-cfaa-authorization-to-access-computer-even-if-later-overturned/
http://shawnetuma.com/2015/09/02/fifth-circuit-accessing-computer-per-later-overturned-order-does-not-violate-cfaa/