Author Archives: Shawn E. Tuma

Will Sprint’s Multiple Computer Fraud and Abuse Act Lawsuits Highlight the District Court Split on Loss Jurisprudence?

Much has been written about the circuit split with regard to Computer Fraud and Abuse Act access jurisprudence. While this has been the primary focus of attention, there has been a similar divide among the district courts with regard to the loss jurisprudence. Given that the $5,000 loss requirement is the jurisdictional threshold that must …

Continue reading “Will Sprint’s Multiple Computer Fraud and Abuse Act Lawsuits Highlight the District Court Split on Loss Jurisprudence?”

No Senator Wyden, Whether the Computer Fraud and Abuse Act Applies to the CIA is Not a Simple Yes or No

During a Senate Select Committee on Intelligence public hearing on Wednesday, January 29, 2014, Senator Ron Wyden asked CIA Director John Brennan if the Computer Fraud and Abuse Act applied to the CIA. Director Brennan deferred answering for a week. Here is the dialogue: Senator Wyden: “Director Brennan – question with respect to policy. Does the …

Continue reading “No Senator Wyden, Whether the Computer Fraud and Abuse Act Applies to the CIA is Not a Simple Yes or No”

Data Security Involves Human Behavior and, Therefore, Is More an Art, Than a Science

I have recently written of how data breach responses and response plans cannot be one-size-fits-all and must be tailored to the unique needs of the company involved, as well as its culture. That is, they must be tailored to fit a company of humans dealing with humans. This morning I read an article that discusses …

Continue reading “Data Security Involves Human Behavior and, Therefore, Is More an Art, Than a Science”

Sixth Circuit: Unknown Access of a Remote Server Cannot Be Intentional, Thus Does Not Violate CFAA

Does a person violate the Computer Fraud and Abuse Act by accessing a remote computer without authorization if he is not aware that he is even accessing that remote computer? The Sixth Circuit says no. The Computer Fraud and Abuse Act prohibits the intentional access of a computer without authorization. When a defendant is not …

Continue reading “Sixth Circuit: Unknown Access of a Remote Server Cannot Be Intentional, Thus Does Not Violate CFAA”

What is Data Privacy Day and How are You Observing It?

If you have been wondering “what is Data Privacy Day?” then this is your lucky day because not only is today Data Privacy Day, but here is the answer and an explanation for why it really matters to you and your company’s future success. What is Data Privacy Day? Data Privacy Day is observed every …

Continue reading “What is Data Privacy Day and How are You Observing It?”

The Indictment – Hunter Moore Prosecuted Under Computer Fraud and Abuse Act (CFAA)

Here is the Indictment of Hunter Moore, the king of revenge porn. He was indicted this past week for conspiracy to hack people’s email accounts to steal their private nude photos and post them on his revenge porn website. The indictment is for violating the Computer Fraud and Abuse Act (CFAA) and conspiracy. Have a look …

Continue reading “The Indictment – Hunter Moore Prosecuted Under Computer Fraud and Abuse Act (CFAA)”

Hunter Moore or Aaron Swartz: Do we hate the CFAA? Do we love the CFAA? Do we even have a clue?

What do we really want? Information privacy? Information security? Or, the liberation of information? This was the topic of last week’s blog post Aaron Swartz, Edward Snowden, Target Breach, Privacy and Data Security — What Do We Really Want? And then this week, like manna from Heaven above, we get the indictment of Hunter Moore to help …

Continue reading “Hunter Moore or Aaron Swartz: Do we hate the CFAA? Do we love the CFAA? Do we even have a clue?”

Breach Notifications Should Focus On Preserving The Customer Relationship First, Then On Legal Requirements

When responding to a data breach, the company has two primary objectives that must be balanced: (1) complying with the legal notification and remediation requirements; and (2) preserving its relationship with its customers. In my opinion, the second is always the most important because if the business fails, we too have failed. In order to …

Continue reading “Breach Notifications Should Focus On Preserving The Customer Relationship First, Then On Legal Requirements”

US v. Nosal Court Provides Guidance on Calculation of “Loss” Under the Computer Fraud and Abuse Act (CFAA)

On January 13, 2014, the District Court in United States v. Nosal issued an Order Regarding the Calculation of Loss for Purposes of the Guidelines which, while aimed primarily at addressing the criminal sentencing guidelines, also provided some helpful principles for calculating a “loss” for purposes of 18 U.S.C. § 1030(g) of the Computer Fraud and Abuse …

Continue reading “US v. Nosal Court Provides Guidance on Calculation of “Loss” Under the Computer Fraud and Abuse Act (CFAA)”

Court Requires Yelp! to ID Negative Reviewers to Determine if They Are Real Customers

The Virginia Court of Appeals recently ruled that Yelp! is required to disclose the identities of 7 anonymous posters of reviews of a business. The Court reasoned that if the reviewers are customers of the business, their opinions are protected by the First Amendment, but if they are not real customers, their reviews are false …

Continue reading “Court Requires Yelp! to ID Negative Reviewers to Determine if They Are Real Customers”