Shawn E. Tuma

Posts Tagged ‘Computer Fraud and Abuse Act’

Is Key Claim Missing from Pastor’s Lawsuit Over Wife’s Nude Pics Emailed to Swinger Site?

In Computer Fraud, Computer Fraud and Abuse Act, Cyber Trial Law, Texas Computer Crimes, Texas Computer Crimes Cases on December 3, 2016 at 4:45 pm

Should a claim for [YOU GUESS] have been included in this lawsuit? See my thoughts below and share your thoughts.

The Allegations Behind the Lawsuit

A legal team led by Gloria Allred made news by suing Toyota (and others) on behalf of a Frisco, Texas pastor and his wife, Tim  and Claire Gautreaux, alleging that a Toyota salesman emailed nude pictures of Claire to a swingers’ website from Tim’s phone while in his possession to confirm a preapproval offer that was on an app.

According to the Dallas Morning News, Matt Thomas, a salesman for Texas Toyota of Grapevine, emailed the pictures in January 2015 when the couple went in to purchase a car. Tim had a financing app on his phone that had pre-approval information and Matt Thomas took the phone out of Tim and Claire’s presence to confirm the information. It was at this time that he is claimed to have emailed the nude pictures of Claire to a swingers’ website, which Tim subsequently discovered.

After discovery, the Gautreauxs’ reported it to law enforcement authorities and, according to news reports,  Thomas has been charged criminally: “The details are outlined in the criminal complaint against Thomas, who is charged with computer security breach. His case is pending with the Tarrant County District Attorney’s Office.” The Dallas Morning News reports he was arrested for this crime in November 2015.

The Gautreauxs’ Lawsuit

On December 1, 2016, the Allred legal team filed Plaintiffs’ Original Petition in the lawsuit styled Tim and Claire Gautreaux v. Grapevine Imports, LLC d/b/a Texas Toyota of Grapevine, Toyota Motor North America, Inc. and Matt Thomas, Cause No. DC-16-15336, Dallas County, Texas, asserting 6 causes of action for the following:

  • Negligent Hiring, Supervision, Training, and Retention
  • Intrusion upon Seclusion
  • Violation of Texas Deceptive Trade Practices Act
  • Breach of Contract
  • Negligence
  • Public Disclosure of Private Facts


Do You See Anything Missing?

For regular readers of this blog, do you see anything missing? Especially in light of the purported criminal charge pending against Thomas for “computer security breach”?

The Claim that Was Not Alleged: Texas Harmful Access By Computer Act

Where is the claim for Harmful Access by Computer Act (HACA), Chapter 143 of the Texas Civil Practice and Remedies Code, which provides a civil cause of action, attorney’s fees, and perhaps exemplary damages for violations of the criminal offense of Breach of Computer Security, Section 33.02 of the Texas Penal Code?

Do you believe this is a proper case to at least make a claim for violations of HACA?

For an initial examination, take a look at these two posts:

For a more in-depth examination, take a look at pages 26 – 31 of this article that I published in July 2016: Federal Computer Fraud and Abuse Act and Texas Computer Crime Statutes


Should There Also be a CFAA Claim Here?

Now, what do you think about whether this is an unauthorized access case that should be brought under the Computer Fraud and Abuse Act, taking into account that the Gautreauxs’ “investigated” and discovered what happened without the need for third-party forensics or remediation? Does the following article change your analysis? Dang! “Loss” of Opportunity to Decide Interesting CFAA Issue, But “Loss” Analysis is Good Too

Come on, leave me a comment and give me your thoughts on this interesting case!


Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Former Cardinals exec sentenced to prison for hacking Astros

In CFAA Cases, Computer Fraud, Computer Fraud and Abuse Act on July 18, 2016 at 4:59 pm

HOUSTON (AP) — A federal judge sentenced the former scouting director of the St. Louis Cardinals to nearly four years in prison Monday for hacking the Houston Astros’ player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs.

Source: Former Cardinals exec sentenced to prison for hacking Astros

Law360 (paywall required) article: Ex-Cardinals Director Gets 46 Months For Astros Hacking

The CFAA is for Access of a Computer, Not Mere Possession

In Computer Fraud, Computer Fraud and Abuse Act on June 16, 2016 at 6:35 am

It often said that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, is an access crime — meaning that it is designed to punish the wrongful access of a device. A recent case out of the Northern District of Texas highlights this point. Read the rest of this entry »

Cyber Law Update on #DtSR Podcast with Los, Santarcangelo and Tuma

In Cybersecurity Law, Digital Information Law on May 18, 2016 at 4:26 pm

Listen to the Podcast   /   Join the #DtSR Discussion on Twitter

Shawn Tuma was a guest the Down the Security Rabbithole podcast where he and hosts Rafal Los (@Wh1t3Rabbit) and Michael Santarcangelo (@Catalyst) discussed recent events in the world of cyber law. Read the rest of this entry »

Will Changes to the CFAA Deter Hackers?

In Computer Fraud and Abuse Act, Cybersecurity Law on May 13, 2016 at 8:55 am

Note: this article was previously posted on Norse’s DarkMatters.

The problem with laws is that they are usually written by lawyers. The same could be said for proposed amendments to laws, such as those to the Computer Fraud and Abuse Act that President Obama proposed leading up to the 2015 State of the Union Address.

The root of this problem is that, many times, we lawyers get too focused on the details and never step back and see the bigger picture. I believe that is the case with the proposed changes to this law as it concerns improving cybersecurity by deterring outside hackers (i.e., non-privileged users). Read the rest of this entry »

%d bloggers like this: