The CFAA is for Access of a Computer, Not Mere Possession

Posted byShawn E. Tuma 2 Comments on The CFAA is for Access of a Computer, Not Mere Possession

It often said that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, is an access crime — meaning that it is designed to punish the wrongful access of a device. A recent case out of the Northern District of Texas highlights this point.

In Nicole Clarke-Smith v. Business Partners in Healthcare, LLC, 2016 WL 279094 (Jan. 22, 2016), the defendant brought a CFAA counterclaim against the plaintiff alleging that she retained possession of a company-owned laptop and USB drive after being terminated. The Court got it right in granting the plaintiff’s motion for summary judgment that was premised on there being no evidence of a wrongful access of those devices, even if the plaintiff did retain possession of them:

BPIH’s claim for violation of the CFAA fails because there is no evidence that Clarke-Smith accessed a protected computer without authorization. Indeed, BPIH admits that it has no evidence that Clarke-Smith used the laptop or any files on the computer after she was fired. BPIH asserts that Clarke-Smith allegedly continued possession of the laptop “in and of itself” constitutes unauthorized access, but this assertion is not supported by the law. While the CFAA does not define “access,” courts interpreting the statute have concluded that “[u]se of the computer is integral to the perpetration of a fraud under the CFAA, and not merely incidental.” Dresser-Rand Co. v. Jones, 957 F. Supp.2d 610, 614-15 (E.D. Pa. 2013) (emphasis added); see also BoardFirst, 2007 WL 4823761 at *12-13 (interpreting access for purposes of CFAA liability to require successful interaction with computer).

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Join the Conversation

2 Comments

  1. Pingback: The CFAA is for Access of a Computer, Not Mere Possession – Sitting Duck In Denver
  2. Reply

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading