ARTICLES
Hacking, Malware, and Social Engineering—Definitions of and Statistics about Cyber Threats Contributing to Breaches
This article was first published on IRMI.com and is reproduced with permission. Copyright 2012, International Risk Management Institute, Inc As breaches continue to occur and affected organizations determine whether and how to disclose these breaches, breaches and disclosure continue to be the subject of reports as well as media, legislative, and regulatory attention. See, for example, Melissa J. Krasnow, Securities and Exchange Commission Issues Guidance on Cybersecurity and Cyber Incident Disclosure...
Holding Passwords Hostage – International Extortion Foiled
In a case recently filed by a Swiss company in federal court in Florida, the company alleged in its complaint that Jerome Westrick, its former computer programmer and minority shareholder, stole a company laptop, hacked into the company’s computer system, changed access codes and passwords, and locked out the company and its customers from getting into its enterprise content management software. WIT Walchi Innovation Technologies, GMBH v. Westrick, 2012 WL 33164 (S.D. Fl. Jan. 6, 2012)....
Think You Own Your LinkedIn, Twitter and Facebook Account? Think Again.
You may not, as reflected in the recently reported decision of Eagle v. Morgan, 2011 WL 6739448 (E.D. Pa. December 22, 2011) where both the employee and her former employer claim ownership in the employee’s LinkedIn account, the popular social networking site for business professionals. The dispute is starkly drawn in the litigation’s opposing pleadings and provides a strong warning to the hundred million plus LinkedIn users and other users of social media who operate under the assumption...
LATEST POSTS
Computer Crime
Economic Espionage Act
December 2, 2009 · 1 Comment
FOR CORPORATE America, the Economic Espionage Act is a double-edged sword. It can be used to protect a company’s intellectual property by prosecuting dishonest competitors who steal a company’s trade secrets, but it can also be used against a company that finds itself with trade secrets belonging to a competitor. Congress enacted the Economic Espionage Act in 1996, making it a federal crime to steal trade secrets. 18 U.S.C. 1831 et seq. The definition of trade secrets in the statute mirrors the broad definition in state trade secret laws to include “all forms and types of... [Read the full story]
Data Protection
California Court Permits Company to Subpoena Yahoo, Google and ISPs to Identify Anonymous Computer Hacker
September 6, 2010 · 1 Comment
A federal court in San Jose California last week permitted SolarBridge Technologies, Inc. (“SolarBridge”) to serve subpoenas on Yahoo, Google and various Internet Service Providers to identify the sender of an email containing SolarBridge’s confidential and trade secret protected data including schematics and other product designs of current and future products. SolarBridge Technologies, Inc. v. John Doe, 2010 WL 3419189 (N.D. Ca. Aug. 27, 2010). With criminals hiding behind the anonymity provided by the Internet this case has widespread application to companies willing to take... [Read the full story]
Cases
Computer Policies and the 9th Circuit
March 24, 2010 · Leave a Comment
Last month I posted my article from the National Law Journal, entitled, “Time to Review Computer Policies,” discussing three recent cases, including LVRC Holdings LLC v. Brekka, 81 F.3d 1127, 1131 (9th Cir. 2009). I cited Brekka for the proposition that it is important to delineate the scope of an employee’s permissible access to the company computers. Since then, two new district court decisions from California and Washington have called into question whether such a strategy will work in the 9th Circuit. Both decisions narrow the meaning of exceeding authorized... [Read the full story]
Articles
Hacking, Malware, and Social Engineering—Definitions of and Statistics about Cyber Threats Contributing to Breaches
January 26, 2012 · Leave a Comment
This article was first published on IRMI.com and is reproduced with permission. Copyright 2012, International Risk Management Institute, Inc As breaches continue to occur and affected organizations determine whether and how to disclose these breaches, breaches and disclosure continue to be the subject of reports as well as media, legislative, and regulatory attention. See, for example, Melissa J. Krasnow, Securities and Exchange Commission Issues Guidance on Cybersecurity and Cyber Incident Disclosure (Dec. 2011). by Melissa J. Krasnow Partner, Dorsey & Whitney LLP The 2011 Verizon Data Breach... [Read the full story]
Criminal
Tennessee Court: The CFAA Is Not Unconstitutionally Vague
April 27, 2010 · Leave a Comment
While she is no longer a public official, former Governor Sarah Palin has unwittingly contributed to a Tennessee federal district court upholding the constitutionality of the federal Computer Fraud and Abuse Act (“CFAA”). The case in question is a criminal prosecution against David Kernell, the college student charged with violations of the CFAA for accessing Palin’s Yahoo email account during the 2008 Presidential campaign. [Read the full story] Read More →
Podcasts
When Workers Steal Data to Use at New Jobs
July 15, 2009 · Leave a Comment
Title: When Workers Steal Data to Use at New Jobs Description: In response to the economic crisis, companies have downsized, resulting in some terminated employees stealing vital data to improve their job opportunities with a new employer. In this article for the National Law Journal Nick Akerman takes a look at the state of the law and what employers can do to protect themselves. Released: 7/15/09 Cost: Free Download Podcasts from iTunes. (Free) Category: Business News Language: English Nick Akerman regularly consults... [Read the full story]
ISSUE:
Does the Computer Fraud and Abuse Act Apply to Employees Who Steal Data?
Does the Computer Fraud and Abuse Act Apply to Employees Who Steal Data?
NO
Brekka 9th Circuit
In LVRC Holdings LLC v. Brekka, 581 F.3d 1127, (9th Cir. 2009) the employee emailed to himself competitively sensitive data so he could use it to compete against his current employer. Disagreeing with Citrin, the 9th Circuit refused to hold that an employee’s authorization to access the company computer is based on the law of agency. Instead, the court held that the Computer... Read More
YES
Citrin 7th Circuit
In International Airport Centers, LLC v. Citrin, 440 F.3d 418, 420 (7th Cir. 2006) the court held that an employee was liable under the Computer Fraud and Abuse and the employee’s “authorization to access the [company] laptop terminated, when, . . . [the employee] resolved to destroy files that incriminated himself and other files that were also the property of his employer, in... Read More
RECENT UPDATES
U.S. v. Nosal Re-Argued Before the 9th Circuit
On December 15, 2011, the 9th Circuit Court of Appeals heard argument en banc in U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011), reh’g en banc granted (Oct. 27, 2011). As expected, the oral argument focused on the meaning of unauthorized access under the Computer Fraud and Abuse Act. The issue is whether an employee can be prosecuted under the CFAA for accessing his employer’s... Read More
