Author Archives: Shawn E. Tuma

US Preparing to Do Digital Battle With Hackers – Will This Violate the Computer Fraud and Abuse Act?

The US could launch pre-emptive cyber strikes against countries it suspects of threatening its interests with a digital attack, under a new set of secret guidelines to safeguard the nation’s computer systems. The rules – the country’s first on how it defends or retaliates against digital attacks – are expected to be approved in coming weeks, …

Continue reading “US Preparing to Do Digital Battle With Hackers – Will This Violate the Computer Fraud and Abuse Act?”

The Law and the Hacker – Podcast on the Computer Fraud and Abuse Act

Not too long ago I had a nice visit with Rafal Los (@Wh1t3Rabbit) who is otherwise known as the Chief Security Evangelist for HP and blogs at Following the Wh1t3Rabbit – Practical Enterprise Security. Raf is one dude you really need to follow if you’re interested in #infosec.  Anyway, our discussion was centered around the Computer Fraud and Abuse …

Continue reading “The Law and the Hacker – Podcast on the Computer Fraud and Abuse Act”

Responsiveness and Responsibility Are Considered in Assessing Data Breach Fines

About a year and a half ago I wrote a post titled Data Breach – Who’s Gonna Get it? where I made the point that, much like with Ford’s “bean counting” with the Pinto deaths back in the ’70s, companies that were aware of the risk of data breach but did not act responsibly were …

Continue reading “Responsiveness and Responsibility Are Considered in Assessing Data Breach Fines”

What do the penalties look like for a HIPAA violation?

Here you go — they are rising and here is where they currently stand. As you can see, data breach is serious business and serious for your business. VIOLATION TYPE EACH VIOLATION REPEAT VIOLATIONS/YR Did Not Know $100 – $50,000 $1,500,000 Reasonable Cause $1,000 – $50,000 $1,500,000 Willful Neglect – Corrected $10,000 – $50,000 $1,500,000 …

Continue reading “What do the penalties look like for a HIPAA violation?”

Another CFAA Case Dismissed Because Plaintiff Only Recited Elements in Complaint

In North American Ins. Agency, Inc. v. Bates, the United States District Court for the Western District of Oklahoma dismissed the plaintiff’s Computer Fraud and Abuse Act claim because, rather than alleging facts to support the claim, the plaintiff merely recited the elements in the Complaint: “A pleading that offers labels and conclusions or a …

Continue reading “Another CFAA Case Dismissed Because Plaintiff Only Recited Elements in Complaint”

Employment Agreement Restrictions Determined Whether Employees Exceeded Authorized Access Under Computer Fraud and Abuse Act

TAKEAWAYS: The important takeaways from the Custom Hardware Engineering & Consulting, Inc. v. Dowell case are that your business really needs to have solid employment agreements or acceptable use policies that restrict (1) the duration for which access is authorized, (2) the intended-use for which access is authorized, and (3) that these restrictions apply to not only the …

Continue reading “Employment Agreement Restrictions Determined Whether Employees Exceeded Authorized Access Under Computer Fraud and Abuse Act”

Court Implies Unknown “Backdoor Node” On Software Licensee’s Server To Monitor Infringement May Violate CFAA

This is a case where I really wish there had been a Computer Fraud and Abuse Act claim but there wasn’t, though the court mentioned it anyway as if to goad the attorneys by saying “hey, you missed this one!” Nonetheless, the court’s passing comment sheds some light on the recent debate over using offensive …

Continue reading “Court Implies Unknown “Backdoor Node” On Software Licensee’s Server To Monitor Infringement May Violate CFAA”

District Court of Colorado Dismisses CFAA Claim for Failing to Adequately Plead Cause of Action and Loss

The District Court of Colorado granted the Plaintiff’s Motion to Dismiss the Counter-Defendants’ Computer Fraud and Abuse Act claim for two reasons: (1) Defendants failed to comply with federal pleading standards by only reciting the elements of the claim without any supporting factual allegations; and (2) Defendants failed to properly allege a “loss” but, instead, …

Continue reading “District Court of Colorado Dismisses CFAA Claim for Failing to Adequately Plead Cause of Action and Loss”

Can You Be Outraged By The Prosecution of Aaron Swartz Under CFAA But Not Sandra Teague?

With Aaron Swartz’s suicide came the lifting of the floodgates for public criticism of the Computer Fraud and Abuse Act. The amount of venom directed at the law is second only to that directed at the federal prosecutors who were prosecuting Swartz. While I understand the emotional issues that are driving much of the criticism, as I …

Continue reading “Can You Be Outraged By The Prosecution of Aaron Swartz Under CFAA But Not Sandra Teague?”

Have you ever tried to physically destroy a hard drive?

I have. It is not easy. You would not believe how hard it was to do just this much damage to them.