California Court Grants Summary Judgment to Cisco Systems on Computer Fraud and Abuse Claim, Holding that Brekka Does Not Apply to Ex-Employees

Last week a federal district court in California granted Cisco Systems, Inc. summary judgment on its Computer Fraud and Abuse Act (“CFAA”) claim against an ex-employee who “on multiple occasions and without authorization, . . . used a Cisco employee’s password to gain access to Cisco’s computer systems and download Cisco’s proprietary and copyrighted software.”… Read More

Two District Courts in the Second Circuit Follow Brekka To Dismiss Computer Fraud and Abuse Claims against Employees

Last week two federal district courts, one in Connecticut and the other in Manhattan, followed LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130-31 (9th Cir. 2009) in dismissing Computer Fraud and Abuse Act (“CFAA”) claims brought against employees who stole company data. In neither case did the plaintiff company employer rely on company computer… Read More

Investigating Ways to Make Website More Secure Constitutes Loss Under the Computer Fraud and Abuse Act

A federal court in Ohio last week held that the cost of investigating ways to make a website more secure after an authorized access into the website in violation of the Computer Fraud and Abuse Act (“CFAA”) constitutes “loss” to meet the $5,000 jurisdictional amount for loss under the CFAA.  Jedson Engineering, Inc. v. Spirit… Read More

New York Court: CFAA Does Not Apply to Company Executives

A New York court held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition against unauthorized access does not apply to corporate executives who stole confidential and proprietary information from the company computers because, as company executives, they had been “granted unfettered access to . . . [the company’s] computer system and information residing on… Read More

California Court Holds that an Employee Can Be Sued Under the CFAA for Deleting Company Files

Without referring to its Circuit’s controlling decision of LVRC Holdings LLC v. Brekka, 581 F.3d 1127, (9th Cir. 2009) , a federal district court in San Jose, California permitted a Computer Fraud and Abuse (“CFAA”) claim to proceed against an ex-employee for deleting files from her former employer’s computer. Kal-Tencor Corp. v. Murphy, 2010 WL 1912029 *6-*7 (N.D. Cal. May 11, 2010). This case is significant because it allows a CFAA claim for unauthorized access to be predicated on an employee agreement requiring an employee to return company records at the time of termination from the company. This decision is contrary to another district court decision in the same federal judicial district — U.S. v. Nosal, 2010 WL 934257 *7 (N.D. Ca. Jan. 6, 2010) — leaving open the question of whether in the 9th Circuit employer policies can be used to define employee authorization to the company computers .

Alabama District Court: CFAA Does Not Apply to Employees

Bell Aerospace Services, Inc. v. US. Aero Services, Inc., 690 F.Supp.2d 1267 (M.D. Ala. 2010) recently followed the 9th Circuit’s decision in LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1133 (9th Cir. 2009). The case alleges a classic employee theft of competitively sensitive data from the company computers for use at a competing business. Bell Aerospace Services fired one of its officers who two months later founded a competing company, U.S. Aero Services, and then recruited seven Bell Aerospace Services employees to join him at the new company.

Another District Court Dismisses a CFAA Claim for Failure to Allege Jurisdictional Loss

ailure to allege proper “loss” under the Computer Fraud and Abuse Act (“CFAA”) continues to bedevil plaintiffs filing CFAA civil actions. The latest case decided this week, Devine v. Kapasi, 2010 WL 2293461 *4 (N.D. Ill. June 7, 2010), dismissed a CFAA claim on the ground that it did not allege that the Defendants’ actions “”caused … loss to 1 or more persons during any 1-year period … aggregating at least $5,000 in value.” § 1030(c)(4)(A)(i)(I).

New Washington Privacy Law Effective July 1, 2010

Washington is the third state to enact an encryption law and a payment card law.1 Massachusetts and Nevada enacted encryption laws and Minnesota and Nevada enacted payment card laws. Since this law takes effect July 1, 2010, any entity that could be subject to this law should begin assessing whether they are subject to and in compliance with this law.

Post navigation