Last week a federal district court in California granted Cisco Systems, Inc. summary judgment on its Computer Fraud and Abuse Act (“CFAA”) claim against an ex-employee who “on multiple occasions and without authorization, . . . used a Cisco employee’s password to gain access to Cisco’s computer systems and download Cisco’s proprietary and copyrighted software.”… Read More
Last week two federal district courts, one in Connecticut and the other in Manhattan, followed LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130-31 (9th Cir. 2009) in dismissing Computer Fraud and Abuse Act (“CFAA”) claims brought against employees who stole company data. In neither case did the plaintiff company employer rely on company computer… Read More
The National Law Journal July 5, 2010 An ALM publication Daily updates at NLJ.COM Under Computer Fraud and Abuse Act, plaintiff must properly specify a $5,000 loss or case will be tossed. BY NICK AKERMAN The Computer Fraud and Abuse Act (CFAA) is the omnibus federal computer crime statute outlawing theft and destruction of data,… Read More
One person you will not see waiting in line to buy the new i-Phone 4 at the Apple Store is Randall Craig who pleaded guilty to violations of the Computer Fraud and Abuse Act. (“CFAA”). Craig, a subcontractor at the Marine Corps Reserve Center, communicated by email with an undercover FBI agent posing as a… Read More
A federal court in Ohio last week held that the cost of investigating ways to make a website more secure after an authorized access into the website in violation of the Computer Fraud and Abuse Act (“CFAA”) constitutes “loss” to meet the $5,000 jurisdictional amount for loss under the CFAA. Jedson Engineering, Inc. v. Spirit… Read More
A New York court held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition against unauthorized access does not apply to corporate executives who stole confidential and proprietary information from the company computers because, as company executives, they had been “granted unfettered access to . . . [the company’s] computer system and information residing on… Read More
Without referring to its Circuit’s controlling decision of LVRC Holdings LLC v. Brekka, 581 F.3d 1127, (9th Cir. 2009) , a federal district court in San Jose, California permitted a Computer Fraud and Abuse (“CFAA”) claim to proceed against an ex-employee for deleting files from her former employer’s computer. Kal-Tencor Corp. v. Murphy, 2010 WL 1912029 *6-*7 (N.D. Cal. May 11, 2010). This case is significant because it allows a CFAA claim for unauthorized access to be predicated on an employee agreement requiring an employee to return company records at the time of termination from the company. This decision is contrary to another district court decision in the same federal judicial district — U.S. v. Nosal, 2010 WL 934257 *7 (N.D. Ca. Jan. 6, 2010) — leaving open the question of whether in the 9th Circuit employer policies can be used to define employee authorization to the company computers .
Bell Aerospace Services, Inc. v. US. Aero Services, Inc., 690 F.Supp.2d 1267 (M.D. Ala. 2010) recently followed the 9th Circuit’s decision in LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1133 (9th Cir. 2009). The case alleges a classic employee theft of competitively sensitive data from the company computers for use at a competing business. Bell Aerospace Services fired one of its officers who two months later founded a competing company, U.S. Aero Services, and then recruited seven Bell Aerospace Services employees to join him at the new company.
ailure to allege proper “loss” under the Computer Fraud and Abuse Act (“CFAA”) continues to bedevil plaintiffs filing CFAA civil actions. The latest case decided this week, Devine v. Kapasi, 2010 WL 2293461 *4 (N.D. Ill. June 7, 2010), dismissed a CFAA claim on the ground that it did not allege that the Defendants’ actions “”caused … loss to 1 or more persons during any 1-year period … aggregating at least $5,000 in value.” § 1030(c)(4)(A)(i)(I).
Washington is the third state to enact an encryption law and a payment card law.1 Massachusetts and Nevada enacted encryption laws and Minnesota and Nevada enacted payment card laws. Since this law takes effect July 1, 2010, any entity that could be subject to this law should begin assessing whether they are subject to and in compliance with this law.