The CFAA is for Access of a Computer, Not Mere Possession

It often said that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, is an access crime — meaning that it is designed to punish the wrongful access of a device. A recent case out of the Northern District of Texas highlights this point. Continue reading The CFAA is for Access of a Computer, Not Mere Possession

3 Key Takeaways About Texas’ Unauthorized Access Law

secret-205648_1920

The Dallas Court of Appeals recently decided a civil case involving claims under Texas’ unauthorized access of computer law that provides some helpful guidance for this relatively new law that has very little case law construing it. The 3 takeaways that follow are the key legal principles that apply to this law as set forth in the case Miller v. Talley Dunn Gallery, LLC, 2016 WL 836775 (Tex. App.–Dallas, Mar. 3, 2016). Continue reading 3 Key Takeaways About Texas’ Unauthorized Access Law

Making Sense of #AppleVsFBI Issues: #DtSR Podcast

#AppleVsFBI

The USA v. Apple battle is one of the hottest issues currently being debated in cybersecurity, privacy, law enforcement, and perhaps even, water coolers in offices around the country. What the debate is lacking in substantive, factually-based, well-reasoned analysis, it certainly makes up for in passion and strong opinions. If you are not convinced, spend a few minutes reading the  #AppleVsFBI Twitter Feed. Continue reading Making Sense of #AppleVsFBI Issues: #DtSR Podcast

Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA

TAKEAWAYS: If your company intends to limit its employees access to certain information on the company network, (1) make sure appropriate technological restrictions are in place and are working; and (2) make sure there are appropriate policies or other documentation in place to show the employees subjectively knew it was off limits.

When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does so for an improper purpose.

Why policies are critical–explained HERE Continue reading Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA

Court Order Provides CFAA Authorization to Access Computer, Even if Later Overturned

A party who accesses a computer pursuant to a court order authorizing him to seize and access the computer will not be found in violation of the Computer Fraud and Abuse Act if such order is later overturned.

“An essential element of a CFAA claim under 10 U.S.C. § 1030 is that the [defendant] accesses a computer ‘without authorization or exceeds authorized access.’ Hunn v. Dan Wilson Homes, Inc., 789 F.3d 573, 583-84 (5th Cir. 2015) (holding that ‘because [the defendant] did not exceed authorized access, he did not violate the Computer Fraud and Abuse Act’). Here, the state-court turnover orders authorized Shor to access the computers. Even though those orders were ultimately overturned, because Shor had authorization at the time pursuant to a court order to access the computers, Black does not state a claim under the CFAA. See id. (discussing CFAA claim, reasoning that the defendant accessed the computer while still employed at the plaintiff’s company). Land and Bay Gauging, L.L.C. v. Shor, 2015 WL 4978993 (5th Cir. Aug. 21, 2015).

See earlier post.