Shawn E. Tuma

Posts Tagged ‘CFAA’

Is Key Claim Missing from Pastor’s Lawsuit Over Wife’s Nude Pics Emailed to Swinger Site?

In Computer Fraud, Computer Fraud and Abuse Act, Cyber Trial Law, Texas Computer Crimes, Texas Computer Crimes Cases on December 3, 2016 at 4:45 pm

Should a claim for [YOU GUESS] have been included in this lawsuit? See my thoughts below and share your thoughts.

The Allegations Behind the Lawsuit

A legal team led by Gloria Allred made news by suing Toyota (and others) on behalf of a Frisco, Texas pastor and his wife, Tim  and Claire Gautreaux, alleging that a Toyota salesman emailed nude pictures of Claire to a swingers’ website from Tim’s phone while in his possession to confirm a preapproval offer that was on an app.

According to the Dallas Morning News, Matt Thomas, a salesman for Texas Toyota of Grapevine, emailed the pictures in January 2015 when the couple went in to purchase a car. Tim had a financing app on his phone that had pre-approval information and Matt Thomas took the phone out of Tim and Claire’s presence to confirm the information. It was at this time that he is claimed to have emailed the nude pictures of Claire to a swingers’ website, which Tim subsequently discovered.

After discovery, the Gautreauxs’ reported it to law enforcement authorities and, according to news reports,  Thomas has been charged criminally: “The details are outlined in the criminal complaint against Thomas, who is charged with computer security breach. His case is pending with the Tarrant County District Attorney’s Office.” The Dallas Morning News reports he was arrested for this crime in November 2015.

The Gautreauxs’ Lawsuit

On December 1, 2016, the Allred legal team filed Plaintiffs’ Original Petition in the lawsuit styled Tim and Claire Gautreaux v. Grapevine Imports, LLC d/b/a Texas Toyota of Grapevine, Toyota Motor North America, Inc. and Matt Thomas, Cause No. DC-16-15336, Dallas County, Texas, asserting 6 causes of action for the following:

  • Negligent Hiring, Supervision, Training, and Retention
  • Intrusion upon Seclusion
  • Violation of Texas Deceptive Trade Practices Act
  • Breach of Contract
  • Negligence
  • Public Disclosure of Private Facts


Do You See Anything Missing?

For regular readers of this blog, do you see anything missing? Especially in light of the purported criminal charge pending against Thomas for “computer security breach”?

The Claim that Was Not Alleged: Texas Harmful Access By Computer Act

Where is the claim for Harmful Access by Computer Act (HACA), Chapter 143 of the Texas Civil Practice and Remedies Code, which provides a civil cause of action, attorney’s fees, and perhaps exemplary damages for violations of the criminal offense of Breach of Computer Security, Section 33.02 of the Texas Penal Code?

Do you believe this is a proper case to at least make a claim for violations of HACA?

For an initial examination, take a look at these two posts:

For a more in-depth examination, take a look at pages 26 – 31 of this article that I published in July 2016: Federal Computer Fraud and Abuse Act and Texas Computer Crime Statutes


Should There Also be a CFAA Claim Here?

Now, what do you think about whether this is an unauthorized access case that should be brought under the Computer Fraud and Abuse Act, taking into account that the Gautreauxs’ “investigated” and discovered what happened without the need for third-party forensics or remediation? Does the following article change your analysis? Dang! “Loss” of Opportunity to Decide Interesting CFAA Issue, But “Loss” Analysis is Good Too

Come on, leave me a comment and give me your thoughts on this interesting case!


Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Cybersecurity and #IoT – Hackers Steal Over 100 Cars With a Laptop

In #IoT Internet of Things, Cyber Generally on September 18, 2016 at 4:05 pm

We have been talking about hacking cars on this blog since 2011 (see posts) so the idea of thieves stealing a car by hacking their way into its computer system is no big surprise. This is the reality of cybersecurity in the era of the Internet of Things (IoT), and cars are just one more IoT device. But 100 cars? How did they pull that off? Read the rest of this entry »

Cybersecurity Legal Issues: What you really need to know (slides)

In Corporate Governance, Cyber Generally, Cybersecurity Law, Data Breach, Media, Privacy on September 14, 2016 at 8:46 pm

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Read the rest of this entry »

Former Cardinals exec sentenced to prison for hacking Astros

In CFAA Cases, Computer Fraud, Computer Fraud and Abuse Act on July 18, 2016 at 4:59 pm

HOUSTON (AP) — A federal judge sentenced the former scouting director of the St. Louis Cardinals to nearly four years in prison Monday for hacking the Houston Astros’ player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs.

Source: Former Cardinals exec sentenced to prison for hacking Astros

Law360 (paywall required) article: Ex-Cardinals Director Gets 46 Months For Astros Hacking

The CFAA is for Access of a Computer, Not Mere Possession

In Computer Fraud, Computer Fraud and Abuse Act on June 16, 2016 at 6:35 am

It often said that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, is an access crime — meaning that it is designed to punish the wrongful access of a device. A recent case out of the Northern District of Texas highlights this point. Read the rest of this entry »

%d bloggers like this: