Investigating Ways to Make Website More Secure Constitutes Loss Under the Computer Fraud and Abuse Act

A federal court in Ohio last week held that the cost of investigating ways to make a website more secure after an authorized access into the website in violation of the Computer Fraud and Abuse Act (“CFAA”) constitutes “loss” to meet the $5,000 jurisdictional amount for loss under the CFAA.  Jedson Engineering, Inc. v. Spirit… Read More

New York Court: CFAA Does Not Apply to Company Executives

A New York court held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition against unauthorized access does not apply to corporate executives who stole confidential and proprietary information from the company computers because, as company executives, they had been “granted unfettered access to . . . [the company’s] computer system and information residing on… Read More

California Court Holds that an Employee Can Be Sued Under the CFAA for Deleting Company Files

Without referring to its Circuit’s controlling decision of LVRC Holdings LLC v. Brekka, 581 F.3d 1127, (9th Cir. 2009) , a federal district court in San Jose, California permitted a Computer Fraud and Abuse (“CFAA”) claim to proceed against an ex-employee for deleting files from her former employer’s computer. Kal-Tencor Corp. v. Murphy, 2010 WL 1912029 *6-*7 (N.D. Cal. May 11, 2010). This case is significant because it allows a CFAA claim for unauthorized access to be predicated on an employee agreement requiring an employee to return company records at the time of termination from the company. This decision is contrary to another district court decision in the same federal judicial district — U.S. v. Nosal, 2010 WL 934257 *7 (N.D. Ca. Jan. 6, 2010) — leaving open the question of whether in the 9th Circuit employer policies can be used to define employee authorization to the company computers .

Another District Court Dismisses a CFAA Claim for Failure to Allege Jurisdictional Loss

ailure to allege proper “loss” under the Computer Fraud and Abuse Act (“CFAA”) continues to bedevil plaintiffs filing CFAA civil actions. The latest case decided this week, Devine v. Kapasi, 2010 WL 2293461 *4 (N.D. Ill. June 7, 2010), dismissed a CFAA claim on the ground that it did not allege that the Defendants’ actions “”caused … loss to 1 or more persons during any 1-year period … aggregating at least $5,000 in value.” § 1030(c)(4)(A)(i)(I).

Narrow Interpretation of CFAA’s Jurisdictional “Loss” Requirement

A district court in Illinois last week granted summary judgment to a defendant on a Computer Fraud and Abuse Act (“CFAA”) claim by narrowly interpreting the jurisdictional “loss” prerequisite under the CFAA to require a showing that the computer was “impaired” or “suffered an interruption of service.” Von Holdt v. A-1 Tool Corp., 2010 WL… Read More

Tennessee Court: The CFAA Is Not Unconstitutionally Vague

While she is no longer a public official, former Governor Sarah Palin has unwittingly contributed to a Tennessee federal district court upholding the constitutionality of the federal Computer Fraud and Abuse Act (“CFAA”). The case in question is a criminal prosecution against David Kernell, the college student charged with violations of the CFAA for accessing… Read More

Post navigation