CFAA Cases

Evolution of CFAA Jurisprudence

The Computer Fraud and Abuse Act (CFAA) is my favorite law. Studying it is both a hobby and passion. I am fascinated by the paradox of observing one of the most high-tech areas of law evolving into a unique body of jurisprudence through the ancient Common Law method. I explained this in “What Does CFAA Mean and Why Should I Care?” A Primer on the Computer Fraud and Abuse Act for Civil Litigators (p.167):

Within the customary lifespan of a body of law, the CFAA is still in its infancy. The interpretation and application of its provisions are continuously evolving, and will continue to be refined through the judicial process as courts struggle with the meanings and inner workings of its key provisions. In what may seem counterintuitive, the litigation of these issues is positive for its development and refinement. This is the essence of jurisprudence and will benefit the CFAA just as it has other bodies of law throughout history. In the words of the eminent legal scholar Benjamin Cardozo, “In the endless process of testing and retesting, there is a constant rejection of the dross, and a constant retention of whatever is pure and sound and fine.”

In my own efforts to keep abreast of this evolving body of jurisprudence, for several years I have done my best to read every judicial opinion that has substantive CFAA value, and I continue to try and do so today. Over this time I have read far too many opinions to count and, just as I cannot recall the number, I also lose track of what I have learned from each.

Evolution of CFAA digest

A few years ago I began experimenting with setting up my own crude database of information with an Excel spreadsheet, where I kept track of the key information from each case: case name, date, jurisdiction, citation, and key legal principles. This was very cumbersome and it did not take long before I realized that would not work.

I then set up a blog, the computer fraud | data privacy | social media | Law Blog, and thought that would be a good tool for keeping track of the cases I read. Blogging, however, is much different from simply recording raw information — in a blog people look for some insight, analysis, and commentary on the cases, not just the vital information — and I do not have the time or capacity to put that kind of effort into each opinion that comes out. When I am able to offer that kind of analysis and commentary on an opinion, I will continue to blog about it, but not here. So, for these purposes, the blog was a fail as well.

My next idea was to set up a private wiki that would be easy to populate with the vitals of each case and always be accessible online. That has seemed to work pretty well but then I got to thinking, “if I am going to go through all of this work, why not share the information with others?” The information about the Computer Fraud and Abuse Act cases is not my information, it is the law and none of us own the law. So, in the spirit of Aaron Swartz, I decided to liberate this information for the benefit of anyone who is willing to take the time to read it. My goal is to capture each case going forward and, as time permits, work backward and start adding important cases from the past — again, as time permits.

That, my friends, is how we got here and, I can assure you, I am already trying to think of other ways to improve on this concept so if you have any suggestions (that are within my capabilities) then please let me know.

What is the Purpose of CFAA digest?

The purpose is simply to provide only the most important information about each case:

It starts with the case name, the date, and the citation so you can find the case (I try to include a link to the case but that is not always possible);
The jurisdictional information such as court and circuit court of appeal in which the court is located as I find this is helpful in tracking how the jurisprudence is evolving in various courts; and
Most important, the key principle or principles that can be drawn from each case, without added commentary, analysis, or fluff.
Will I be able to keep up with this project? I certainly hope so, but I also hope that I do not have to do it alone. CFAA digest is not about me, it is about the law and the effort to keep up with “the endless process of testing and retesting . . . [and] constant rejection of the dross, and a constant retention of whatever is pure and sound and fine.”

No one person can take on a project like this alone and do it justice. I would love to have others collaborate with me in making this the most thorough and complete source of information that is available on the Computer Fraud and Abuse Act. If you would like to post case updates for current or past cases, send me cases that I might otherwise miss, or simply offer suggestions on how I can improve the site, please do not hesitate to let me know.

-Shawn Tuma

Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA

TAKEAWAYS: If your company intends to limit its employees access to certain information on the company network, (1) make sure appropriate technological restrictions are in place and are working; and (2) make sure there are appropriate policies or other documentation in place to show the employees subjectively knew it was off limits. When an employer […]


Be Careful of Commentary on 7th Cir.’s Fidlar Tech CFAA “Intent to Defraud”Case

I have read several blog posts that are stating, as a blanket proposition, that you must prove intent to defraud for CFAA claims. This, they say, comes from the recent Seventh Circuit Court of Appeals case, Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., 2016 WL 258632 (7th Cir. Jan. 21, 2016) (opinion). This is […]