Guest Blogger Peter S. Vogel is a trial partner at Gardere Wynne Sewell LLP where he is Chair of the eDiscovery Group and the Internet, eCommerce, & Technology Team, and before practicing law he worked as a systems programmer, received a Masters in Computer Science, and taught graduate courses in information systems. In addition to… Read More
On January 2015, the Obama administration announced a series of proposals to strengthen the country’s response to cyberattacks including, most notably, specific amendments to the federal computer crime statute, the Computer Fraud and Abuse Act (CFAA). These changes are not only significant to the cyber crime-fighting efforts of federal prosecutors, but also to private companies. This is because the CFAA allows companies victimized by violations of the statute to bring civil actions against the perpetrators. 18 U.S.C. 1030(g). The CFAA, among other things, makes it a crime when an individual “accesses” a computer “without authorization or exceeds authorized access” to steal data.
The fundamental shift for businesses in the past 15 years from paper documents to computer data has forced the courts to decide whether intangible electronic data should enjoy the same legal protections as physical property.
Because of this shift, it is important to review the judicial response to the electronic-data issue in the context of a federal criminal statute, the National Stolen Property Act (NSPA), and common law conversion.
The NSPA makes it a felony for one who “transports, transmits, or transfers in interstate or foreign commerce any goods, wares, merchandise … of the value of $5,000 or more, knowing the same to have been stolen, converted or taken by fraud.” Conversion is the state civil cause of action for the theft of property.
Cybersecurity threats have reached a point where they cannot go ignored by any government agency,even the U.S. Securities and Exchange Commission. Although an agency that is tasked with protecting investors is not one that typically comes to mind in the battle against cyberthreats,the SEC does maintain jurisdiction over cybersecurity issues for public companies, broker dealers and investment advisers, due to its responsibilities for ensuring the disclosure of material information, integrity of market systems and customer data protection.
DATE and SCHEDULEThursday, June 26, 2014 8:00 a.m. – 8:30 a.m. Breakfast and Registration 8:30 a.m. to Noon Seminar LOCATION Dorsey & Whitney LLP 51 W. 52nd Street 9th Floor New York, NY 10019 Complimentary. Pre-registration is required. CLE INFORMATION Dorsey is an Accredited CLE Provider in California and… Read More
A number of class actions have recently been filed in federal district courts, predicated, in part, on alleged violations of the federal computer crime statute, the Computer Fraud and Abuse Act, complaining of tracking software placed on iPhone and Android devices and unwanted text messages. Decisions in these cases have implications for filing a valid CFAA civil action.
Although headlines have focused on foreign cyberattacks, plenty are U.S.-based—and can be remedied. Over the past year the national press has repeatedly reported on the vulnerability of our intellectual property to nation-state hackers like China, which have reportedly accessed and stolen highly confidential data by entering computer systems through public websites. Lost in the headlines… Read More
In all jurisdictions the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, the federal computer crime statute, applies to former employees who steal data from the company computer, but in two federal circuits it does not apply when the theft occurs during employment. The difference in jurisdictions is significant to employers because the CFAA provides a civil remedy for damages and injunctive relief for a company that “suffers damage or loss” by reason of a violation of the CFAA. 18 U.S.C. 1030(g).
Last year the U.S. Court of Appeals for the Ninth Circuit in U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012), disagreed with certain of its sister circuits and narrowly interpret-ed what it means to access the company computer “without authorization,” effec-tively eliminating a company’s ability in that jurisdiction to use the CFAA against current employees. This column will review the conflicting interpretations of the CFAA that distinguishes between current and former employees and the strategies and options companies can employ to navigate this conflict.
At issue is whether the Computer Fraud and Abuse Act applies to data theft by employees; the circuits are split. BY Nick Akerman On July 26, the U.S. Court of Appeals for the Fourth Circuit became the first circuit to adopt the Ninth Circuit’s holding in U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012),… Read More
By: Gary Gansle, Jessica Linehan, and Kurt Whitman Addressing a recent hot topic regarding the forced disclosure of social media passwords and/or content as part of the employment application process, California has promptly resolved the issue legislatively. Effective January 1, 2013, employers in California are generally prohibited from requiring applicants and employees to disclose or… Read More