Computer Fraud and Abuse Act (CFAA)

From Internet Law Treatise

Table of contents
1 Computer Fraud and Abuse Act
2 Criminal Claims

2.1 CFAA Criminal Cases

3 Civil Claims

3.1 CFAA Civil Cases

[edit]

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 (http://www.law.cornell.edu/uscode/18/1030.html), which provides a cause of action against one who, inter alia, “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication.” 18 U.S.C. § 1030(a)(2)(C), (g). The CFAA targets attacks on computer systems that cause damage or destruction to electronic data. See Int'l Airport Centers, L.L.C. v. Citrin, 440 F.3d 418, 420 (7th Cir. 2006).

CFAA criminalizes intruders who trespass on computers and computer networks. Int’l Ass’n of Machinists and Aerospace Workers v. Werner-Masuda, 390 F. Supp. 2d 479, 495-96 (D.Md 2005) (citing S. Rep. No. 99-432, at 4 (1986), reprinted in 1986 U.S.C.C.A.N. 2479, 2482 (explaining that the CFAA “is a consensus bill aimed at deterring and punishing certain ‘high-tech’ crimes”)) Although the CFAA is primarily a criminal statute, it also provides a private cause of action if a violation causes loss or damage, as those terms are defined in the statute. See 18 U.S.C. § 1030(g).

Section 1030(a)(2) targets “the unauthorized procurement or alteration of information, not its misuse or misappropriation.” Shamrock Foods v. Gast, 535 F. Supp. 2d 962, 965 (D. Ariz. 2008) (citing Brett Senior & Assocs., P.C. v. Fitzgerald, 2007 WL 2043377 (E.D. Pa. July 13, 2007)).

To make out a claim under 18 U.S.C. § 1030(a)(4), Plaintiff must show that Defendants

  1. knowingly and with intent to defraud
  2. accessed a protected computer
  3. without authorization or exceeding authorized access
  4. obtained anything of value
  5. causing a loss resulting in economic damages aggregating at least $5,000.

18 U.S.C. §§ 1030(a)(4), 1030(a)(5)(B)(i), 1030(g).

Protected Computer: the term “protected computer” means a computer—

  1. exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
  2. which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

In MBTA v. Anderson, No. 08-11364, (D. Mass. filed Aug. 19, 2008), Plaintiff claims that defendants violated or threatened to violate the CFAA by releasing the findings of their research regarding the security holes associated with the MBTA fare charging system. The court found that a a violation of the CFAA only occurs if the person knowingly causes the transmission of a program to a protected computer -- programmed information -- to a protected computer. Because the defendants in this case were only seeking to transmit information to a non-computer audience, the court held that, "the MBTA has not shown the likelihood of success to the merits of the CFAA claim, which is, as I say, based on 1030l(a)(5)(A)(i)."


Authorization Notification that one's actions are unauthorized is sufficient to prove unauthorized access in terms of the CFAA. See, e.g., Southwest Airlines Co. v. Farechase, Inc., 318 F. Supp.2d 435 (ND Tex. 2004); Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238, 253 (S.D.N.Y. 2000) (terms of use notice); America Online, Inc. v. LCGM, Inc., 46 F.Supp.2d 444, 450-51 (E.D. Va. 1998). However, lack of authorization may be implicit, as well. EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58 (1st Cir. 2003). More than merely unauthorized use is required to establish a violation of the CFAA. In U.S. v. Czubinski, 106 F.3d 1069 (1st Cir. 1997), where Defendant accessed files on the IRS's computer system without authorization, the court noted that there was no evidence to show that defendant's end was no more than to satisfy his own curiosity and that the showing of some additional end-to which the unauthorized access is a means is required. The differentiates between access that is "without authorization" and access that exceeds authorization. The Court in Citrin noted that while, "[t]he difference between 'without authorization' and 'exceeding authorized access' is paper thin, . . . [it is] not quite invisible." International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. March 8, 2006)

Without Authorization: Congress did not define the phrase "without authorization," perhaps assuming that the words speak for themselves. The meaning, however, has proven to be elusive. Some courts have applied a "reasonable expectation" standard in that conduct is without authorization only if it is not “in line with the reasonable expectations” of the website owner and its users. EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001) . While other courts, finding the"reasonable expectations" standard to be an overly broad reading that restricts access and is at odds with the Internet's intended purpose of providing the “open and free exchange of information," urge us to adopt the reasoning that computer use is “without authorization” only if the use is not “in any way related to [its] intended function.” Id.

How employee disloyalty effects authorization to use a computer has not been well settled. The Seventh Circuit, in Citrin, noted that the defendant, a former employee of the plaintiff, breached his duty of loyalty to his employer, thus terminating his agency relationship with said employer. As such, the court noted that any rights that were granted as a result of the agency relationship, including authorization to use the employer's computer, were also terminated. Thus, because defendant was not authorized to use plaintiff's computer, the court held that the, "employee's alleged installation of [a] program on employer's computer that caused deletion of files would violate the Computer Fraud and Abuse Act." International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. March 8, 2006)

However, the Ninth Circuit, in LRVC Holdings, parted from the Seventh Circuit and held that, "[n]o language in the CFAA supports LVRC’s argument that authorization to use a computer ceases when an employee resolves to use the computer contrary to the employer’s interest." LVRC Holdings v. Brekka, No. 07-17116, (9th Cir. Sept. 15, 2009).


Exceeds Authorized Access: The term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." 18 U.S.C. § 1030(e)(6) (http://www.law.cornell.edu/uscode/18/1030(e)(6).html).

In EF Cultural Travel BV, the plaintiff sued a competitor and individual executives of the competitor, alleging that competitor's use of “scraper” software program to systematically glean the plaintiff's company's prices from its website violated the Computer Fraud and Abuse Act (CFAA), Copyright Act, and Racketeer Influenced and Corrupt Organizations Act (RICO). An individual executive defendant had voluntarily entered a broad confidentiality agreement during his previous course of employment with plaintiff prohibiting his disclosure of any information “which might reasonably be construed to be contrary to the interests of EF." Regarding the CFAA, The Court of Appeals, Coffin, Senior Circuit Judge, held that: "[use] of 'scraper' program 'exceeded authorized access' within meaning of CFAA, assuming program's speed and efficiency depended on executive's breach of his confidentiality agreement with company, his former employer." Id. at 583.


Damage/Loss


"Damage" is only recognized when a violation causes diminution to the completeness or usability of the computer system's data. As such, merely copying electronic information from a computer system does not satisfy the "damage" element of the CFAA. In Cassetica Software, Inc. v. Computer Sciences Corp, 2009 WL 1703015 (N.D.Ill. 2009), where the plaintiff only alleged that the defendant improperly downloaded a program without alleging that the improper downloads caused lost data, the inability to offer downloads to its customers, or that the downloads affected the availability of their software, the court found that the plaintiffs had failed to allege that the defendant's caused damage within the meaning of the CFAA. In criminal cases, the mental state of the defendant as related to the damage caused can greatly affect the statutory penalty. Intentional damage, imposes a maximum sentence of 10 years imprisonment for a first time offense, whereas if the defendant accesses a computer without authorization and causes damage with no culpable mental state (i.e. accidentally or negligently), the crime is a misdemeanor carrying a maximum punishment of 1 year imprisonment for the first offense. 18 U.S.C. § 1030(c)(2)(A). Subsequent offenses carry much larger statutory penalties.


"Loss" is defined as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service." § 1030(e)(11). The types of losses considered by courts "have generally been limited to those costs necessary to assess the damage caused to the plaintiff's computer system or to resecure the system." Tyco Int'l v. John Does, 1-3, 2003 WL 23374767 at *3 (S.D.N.Y. 2003); First Mortgage Corp. v. Baser, 2008 WL 4534124, (N.D.Ill. Apr.30, 2008).

To state a claim based upon a loss, the alleged loss must relate to the investigation or repair of a computer system following a violation that caused impairment or unavailability of data. 18 U.S.C. § 1030(e). As such, courts have found that economic costs unrelated to computer systems do not fall within the statutory definition of the term. Cassetica Software, Inc. v. Computer Sciences Corp, 2009 WL 1703015 (N.D.Ill. 2009). In Cassetica, plaintiff claims that its losses primarily consist of the lost fees that it would have received if defendants had paid to download their software, as well as costs incurred in assessing and responding to the improper actions of defendant. Regarding the first claim, the court finds that plaintiff has not alleged that it lost revenues as a result of an interruption in service caused by defendants. Moreover, regarding the second claim, the court finds that the CFAA only permits the recovery of costs incurred for damage assessment or recovery when the costs are related to an interruption of service, thus plaintiff's claims fall outside of the statutory definition for "loss".

Loss includes:

  • Response costs
  • Damage assessments
  • Restoration of data or programs
  • Wages of employees for these tasks
  • Lost sales from website
  • Lost advertising revenue from website

Loss might include:

  • Harm to reputation or goodwill
  • Other costs if reasonable

Loss does not include:

  • Assistance to law enforcement

Although the CFAA is primarily a criminal statute, it provides a private cause of action if a violation causes loss or damage, as those terms are defined in the statute. 18 U.S.C. § 1030(g). To state a civil claim for violation of the CFAA, a plaintiff must allege:

  1. damage or loss;
  2. caused by;
  3. a violation of one of the substantive provisions set forth in § 1030(a); and
  4. conduct involving one of the factors in § 1030(c)(4)(A)(i)(I)-(V).;

18 U.S.C. § 1030(g).


In Creative Computing v. Getloaded.com LLC, 386 F.3d 930 (http://caselaw.lp.findlaw.com/data2/circs/9th/0235856p.pdf) (9th Cir. 2004), the Ninth Circuit held that damages could be aggregated, since "the $5,000 floor applies to how much damage or loss there is to the victim over a one-year period, not from a particular intrusion." See also S. Rep. 99-432, at 5 (1986), reprinted in 1986 U.S.C.C.A.N. 2479, 2483 ("[T]he Committee intends to make clear that losses caused by the same act may be aggregated for purposes of meeting the . . . threshold.")

Some courts have required that both damage and loss be plead in order to state a claim. Garelli Wong & Assoc. v. Nichols, 551 F.Supp.2d 704 (N.D.Ill. 2008) (no CFAA liability for only copying data).


Further, certain courts have established a need to plead intent to cause harm in order to establish a prima facie case. Kalow & Springnut, LLP v. Commence Corporation, 2008 WL 2557506 (D.N.J. June 23, 2008) (must plead intent to cause harm, intent to transmit software code is not enough).

Trade Secrets
Recent judicial decisions and statutory amendments have broadened the scope of the CFAA. This broadened CFAA scope combined with today's corporate practice of storing confidential information electronically, has created an environment for companies to pursue litigation for the misappropriation of proprietary information under the CFAA. However, courts vary widely on what constitutes damage.

In Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc., where the

employer of former employees, alleged to have appropriate trade secrets stored on employer's computers, sued competitor which allegedly received secrets, under Computer Fraud and Abuse Act (CFAA), . . . [t]he District Court, Zilly, J., held that: (1) for purposes of stating claim under CFAA, former employees lost access to computers when they allegedly became agents of competitor; (2) CFAA was not limited to situations in which national economy was affected; (3) fraud provision of CFAA did not require showing of common law elements; (4) provision penalizing infliction of damage on protected computers was not limited to conduct of outsiders; and (5) damage claim was stated, even though appropriation did not affect integrity of secrets within employers' computers.

Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc., 119 F.Supp.2d 1121 (W.D. Wash. 2000)(finding that insiders with authorization to use a system can lose that authorization when they act as agents of an outside organization). Similarly, in Therapeutic Research Faculty v. NBTY, 488 F. Supp. 2d 991 (E.D. Cal. 2007), plaintiff alleges that defendant purchased a single user subscription to plaintiff's publication, but proceeded to share its provided "confidential username and passcode among many [of its employees] for two-and-a-half years, thereby infringing on [Plaintiff's] rights in the Publication.” Id. As such, Plaintiff brought suit for a number of claims including violation of the CFAA. The court found that plaintiff adequately "alleged that its username and passcode constituted “trade secret” under California law."Id. Regarding the CFAA claim, the court held that "[p]laintiff's allegations sufficiently state a claim under the CFAA" and they go on to state that "several district courts have recognized that damage caused by unauthorized access or access in excess of authorization to a computer system may be redressed under the CFAA." (citations omitted) While Therapeutic Research Faculty followed Shugard, the Ninth Circuit has yet to address whether "damage" can be established by trade secret misappropriation alone.

Despite these cases, the majority of courts have found that misappropriation alone does not constitute an offense under the CFAA. In Andritz, Inc. v. Southern Maintenance Contractor, LLC, 2009 WL 48187 (M.D. Ga. January 7, 2009) ("loss" and "damages" do not include "lost revenue caused by the misappropriation of proprietary information and intellectual property from an employer's computer."), plaintiff brought action against former employees [under the] federal Computer Fraud and Abuse Act (CFAA), asserting that employees stole trade secrets and other proprietary business information. Upon the employees move to dismiss, the District Court, Clay D. Land, J., held that, "lost revenue from theft of trade secrets was not damage or loss which corporation could recover CFAA." Similarly, in Garelli Wong & Assoc. v. Nichols, 551 F.Supp.2d 704 (N.D.Ill. 2008) (no CFAA liability for only copying data), the "employer's allegation that former employee's misappropriated trade secrets through the use of a computer was insufficient to plead an impairment to the integrity or availability of data, a program, a system, or information, as required to state a claim under the Computer Fraud and Abuse Act (CFAA)."

The hurdle making a successful claim for trade secrets violation under the CFAA appears to stem from the CFAA's requirement that the damage diminishes the the "completeness or usability of data or information on a computer system." Misappropriated data very often remains intact on the originating computer; as such, many plaintiffs will have trouble crossing this hurdle if the requirement is damage to the original data.

[edit]

Criminal Claims

The Homeland Security Act, see below, increased the penalties and prison terms for violations of the CFAA. Effective September 26, 2008, 18 U.S.C. § 1030 was amended by the Identity theft Enforcement and Restitution Act of 2008.[1] (http://www.govtrack.us/congress/billtext.xpd?bill=h110-5938)

Obtaining National Security Information: 18 U.S.C. § 1030(a)(1)[2] (http://www.law.cornell.edu/uscode/18/1030.html) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it.

Convictions under this section are felonies punishable by a fine, imprisonment for not more than ten years, or both. 18 U.S.C. § 1030(c)(1)(A). A violation that occurs after another conviction under section 1030 is punishable by a fine, imprisonment for not more than twenty years, or both. 18 U.S.C. § 1030(c)(1)(B).

Compromising Confidentiality: 18 U.S.C § 1030(a)(2) [3] (http://www.law.cornell.edu/uscode/18/1030.html) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—

  1. information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
  2. information from any department or agency of the United States; or
  3. information from any protected computer if the conduct involved an interstate or foreign communication;

Violations of section 1030(a)(2) are misdemeanors punishable by a fine or a one-year prison term, unless aggravating factors apply. 18 U.S.C. § 1030(c)(2)(A). Merely obtaining information worth less than $5,000 is a misdemeanor, unless committed after a conviction of another offense under section 1030. 18 U.S.C. § 1030(c)(2)(C). A violation or attempted violation of section 1030(a)(2) is a felony if:

  • committed for commercial advantage or private financial gain,
  • committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State, or
  • the value of the information obtained exceeds $5,000.,

18 U.S.C. § 1030(c)(2)(B). If the aggravating factors apply, a violation is punishable by a fine, up to five years' imprisonment, or both.

Trespassing in a Government Computer: 18 U.S.C § 1030(a)(3)[4] (http://www.law.cornell.edu/uscode/18/1030.html) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;

Violations of this subsection are punishable by a fine and up to one year in prison, 18 U.S.C. § 1030(c)(2)(A), unless the individual has previously been convicted of a section 1030 offense, in which case the punishment increases to a maximum of ten years in prison, 18 U.S.C. § 1030(c)(2)(c).

Accessing to Defraud and Obtain Value: 18 U.S.C § 1030(a)(4)[5] (http://www.law.cornell.edu/uscode/18/1030.html) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

A violation of section 1030(a)(4) is punishable by a fine and up to five years in prison, unless the individual has been previously convicted of a section 1030 offense, in which case the punishment increases to a maximum of ten years in prison. 18 U.S.C. § 1030(c)(3).

Damaging a Computer or Information: 18 U.S.C § 1030(a)(5)[6] (http://www.law.cornell.edu/uscode/18/1030.html)

  1. knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
  2. intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
  3. intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and

by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)—

  1. loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;
  2. the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;
  3. physical injury to any person;
  4. a threat to public health or safety; or
  5. damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security;

Trafficking in Passwords: 18 U.S.C § 1030(a)(6)[7] (http://www.law.cornell.edu/uscode/18/1030.html) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—

  1. such trafficking affects interstate or foreign commerce; or
  2. such computer is used by or for the Government of the United States;

Violations of section 1030(a)(6) are misdemeanors punishable by a fine or a one-year prison term for the first offense. See 18 U.S.C. § 1030(c)(2)(A). If the defendant has a previous conviction under section 1030, the maximum sentence increases to ten years' imprisonment. See 18C. § 1030(c)(2)(C).

Threatening to Damage a Computer: 18 U.S.C § 1030(a)(7)[8] (http://www.law.cornell.edu/uscode/18/1030.html) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section.

A violation of section 1030(a)(7) is punishable by a fine and up to five years in prison. 18 U.S.C. § 1030(c)(3)(A). If the defendant has a previous conviction under section 1030, the maximum sentence increases to 10 years' imprisonment. 18 U.S.C. § 1030(c)(3)(B).

[edit]

CFAA Criminal Cases

    Authorization Cases:

  1. United States v. Stegora, 849 F.2d 291, 292 (8th Cir. 1988)
    2. Defendant was convicted in the United States District Court for the District of Minnesota, James M. Rosenbaum, J., of interstate transportation of stolen property and mail fraud, and he appealed. The Court of Appeals, Fagg, Circuit Judge, held that: (1) finding that stolen samples of synthetic casting material for use by orthopedic surgeons to repair broken bones were worth more than $5,000 was supported by evidence, and (2) refusal to instruct jury regarding definition of term “patent pending” was not abuse of discretion.
  2. U.S. v. Middleton, 231 F.3d 1207 (9th Cir. 2000)(CFAA protects corporate entities)
    Defendant was convicted of intentionally causing damage to protected computer by the United States District Court for the Northern District of California, William H. Orrick, Jr., J., and he appealed. The Court of Appeals, Graber, Circuit Judge, held that: (1) statute that prohibits any person from knowingly causing damage, without authorization, to protected computer criminalizes computer crime that damages natural persons and corporations alike; (2) refusal to give defendant's requested instruction on “damage” was not abuse of district court's discretion; and (3) in calculating damage resulting from ex-employee's unauthorized access to employer's computers and deletion of internal databases, district court could compute “damage” based on salaries paid to, and hours worked by, in-house employees who corrected problem.
  3. U.S. v. Czubinski, 106 F.3d 1069 (1st Cir. 1997) (unauthorized browsing of computer files did not violate CFAA)
    Defendant was convicted of wire fraud and computer fraud by the United States District Court for the District of Massachusetts, Nathaniel M. Gorton, J., and Robert B. Collings, United States Magistrate Judge. Defendant appealed. The Court of Appeals, Torruella, Chief Judge, held that: (1) interstate transmission element of wire fraud could be inferred from circumstantial evidence that defendant's searches of master taxpayer files caused information to be sent to his computer terminal in different state; (2) defendant's unauthorized browsing of confidential taxpayer information did not defraud Internal Revenue Service (IRS) of its property within meaning of wire fraud statute; (3) defendant's unauthorized browsing of confidential taxpayer information did not deprive taxpayers of their intangible, nonproperty right to honest government services; and (4) defendant could not be convicted of computer fraud in connection with his browsing of confidential taxpayer files.
  4. U.S. v. Morris, 928 F.2d 504 (2d Cir. 1991) (Internet worm violated CFAA)
    Defendant was convicted in the United States District Court for the Northern District of New York, Howard G. Munson, J., of violating Computer Fraud and Abuse Act. Defendant appealed. The Court of Appeals, Jon O. Newman, Circuit Judge, held that: (1) statute punishing anyone who intentionally accesses without authorization federal interest computers and damages or prevents authorized use of information in those computers causing loss of $1,000 or more does not require Government to demonstrate that defendant intentionally prevented authorized use and thereby caused loss, and (2) there was sufficient evidence to conclude that defendant acted without authorization within meaning of statute.

    Trespassing a Government Computer:

  5. Sawyer v. Department of Air Force, 31 M.S.P.R. 193, 196 (M.S.P.B. 1986)
    6. Employee was removed on charges of misconduct. The presiding official upheld removal, and employee petitioned for review. The Merit Systems Protection Board held that: (1) agency was not required to prove employee's specific intent to defraud in regard to his alteration of contracts; (2) agency had reasonable cause to believe that criminal violation had occurred, so as to invoke crime provision; and (3) penalty of removal was reasonable for employee's alteration of official contract, receiving of unauthorized agency records, and submission of fraudulent invoices.

    Accessing to Defraud and Obtain Value:

  6. Fasulo v. United States, 272 U.S. 620, 629 (1926)
    7. Certiorari to United States Circuit Court of Appeals for the Ninth Circuit. Cologero Fasulo was convicted of conspiracy to violate Criminal Code, s 215, and to review a judgment (7 F.(2d) 961), affirming conviction, he brings certiorari. Judgment reversed.
  7. United States v. Sadolsky, 234 F.3d 938 (6th Cir. 2000)
    8. Defendant pleaded guilty to computer fraud and was sentenced by the United States District Court for the Western District of Kentucky, John G. Heyburn II, J., and the United states appealed sentence. The Court of Appeals, Suhrheinrich, Circuit Judge, held that: (1) the district court's two-level downward departure, based on defendant's alleged gambling disorder, was not an abuse of discretion, and (2) finding that defendant had a gambling problem that qualified as an significantly reduced mental capacity (SRMC) was not clearly erroneous.
  8. United States v. Bae, 250 F.3d 774 (D.C. Cir. 2001)
    9. Defendant was convicted before the United States District Court for the District of Columbia, Thomas Penfield Jackson, J., of computer fraud, and he appealed. The Court of Appeals, Ginsburg, J., held that in calculating sentence for computer fraud which involved the fraudulent procurement of lottery tickets by operator of terminal which printed and dispensed the tickets for sale, district court correctly valued the “loss” due to the fraud based on the fair market value of the tickets prior to the drawing, rather than on the value of the winning tickets, replacement cost, or lost profits.

    Damaging a Computer or Information:

  9. United States v. Sullivan, 40 Fed. Appx. 740 (4th Cir. 2002) (unpublished)
    10. Defendant was convicted in the United States District Court for the Western District of North Carolina, Richard L. Voorhees, J., of intentionally causing damage to protected computer. Defendant appealed. The Court of Appeals held that: (1) items seized from defendant's home and home computer were admissible under other acts rule, and (2) conviction was supported by evidence.

    Trafficking in Passwords:

  10. United States v. Rushdan, 870 F.2d 1509, 1514 (9th Cir. 1989)
    11. Defendant was found guilty of conspiracy to traffic in and possess counterfeit credit cards and possession of 15 or more counterfeit credit cards, and he moved for judgment of acquittal. The United States District Court for the Central District of California, J. Spencer Letts, J., granted motion as to possession count and denied motion as to conspiracy count. On appeal, the Court of Appeals, Leavy, Circuit Judge, held that: (1) conspiracy conviction did not require that conspiracy itself actually affect interstate commerce and was supported by evidence of defendant's possession of numbers of out-of-state accounts he and his codefendants intended to use; (2) defendant was not prejudiced by failure of conspiracy instruction to include reference to interstate commerce in describing object of conspiracy; and (3) illicit possession of out-of-state credit card numbers was “offense affecting interstate or foreign commerce” for purposes of possession count.
  11. United States v. Scartz, 838 F.2d 876, 879 (6th Cir. 1988)
    12. Defendant was convicted of conspiracy to use and using credit access devices in violation of federal statute by the United States District Court for the Southern District of Ohio, John D. Holschuh, J., and he appealed. The Court of Appeals, Nathaniel R. Jones, Circuit Judge, held that fraudulent use of credit card conviction was sufficiently supported by evidence that defendant had directed confederate to charge over $1,000 in merchandise at merchant's store.
  12. SecureInfo Corp. v. Telos Corp., 387 F.Supp.2d 593 (E.D. Va. 2005)
    13. Software developer brought action alleging that competitor, acting in concert with consulting firm, obtained copy of its software to perform comparative analysis, in violation of Computer Fraud and Abuse Act (CFAA), Copyright Act, Racketeer Influenced and Corrupt Organizations Act (RICO), and state law. Competitor and consultant moved to dismiss . . . The District Court, Lee, J., held that: (1) defendants did not violate CFAA; (2) dismissal of developer's copyright infringement claim was not warranted; and (3) developer failed to state RICO claim.

[edit]

Civil Claims


[edit]

CFAA Civil Cases

  1. Int’l Ass’n of Machinists & Aero. Workers v. Werner-Matsuda, 390 F. Supp. 2d 479, 498 (D. Md. 2005)
    Incumbent airline employees' union filed suit under Stored Wire and Electronic Communications and Transactional Records Access Act (SECA) and Computer Fraud and Abuse Act (CFAA), as well as common law and Maryland statute, alleging that secretary treasurer of local had accessed confidential membership information on secure proprietary website on behalf of herself and rival union. Advisory group allegedly staffing rival union's efforts with respect to flight attendants at one airline was also named in suit. Defendants moved to dismiss for lack of subject matter jurisdiction, lack of personal jurisdiction, and failure to state a claim, and plaintiff moved to seal certain exhibits, to amend complaint,to file surreply, and for leave to file response to motion to reduce sanctions imposed by Charles B. Day, United States Magistrate Judge . . . The District Court, Chasanow, J., held that: (1) exhibits containing confidential membership information that rested at heart of case and that allegedly constituted trade secret under Maryland statute would be sealed; (2) magistrate judge's overall award in sanctions against defendant union for failure to provide adequate deposition witness on two occasions was too large and would be reduced; (3) action was not representation dispute over which National Mediation Board (NMB) had exclusive jurisdiction; (4) complaint failed to state a claim under SECA and CFAA, as defendant local union official was authorized to access website and entitled to see all information stored therein; and (5) having dismissed all federal claims, court would decline to exercise supplemental jurisdiction over remaining state law claims.
  2. Cassetica Software, Inc. v. Computer Sciences Corp, 2009 WL 1703015 (N.D.Ill. 2009)
    Plaintiff Cassetica Software, Inc. (“Cassetica”) filed suit against Defendant Computer Sciences Corporation (“CSC”), claiming copyright infringement, breach of contract, violation of the Computer Fraud and Abuse Act, conversion, trespass to chattels and unjust enrichment. Pursuant to Fed.R.Civ.P. 12(b)(6), CSC has moved to dismiss Cassetica's First Amended Complaint . . . CSC's Motion to Dismiss is granted.
  3. Andritz, Inc. v. Southern Maintenance Contractor, LLC, 2009 WL 48187 (M.D. Ga. January 7, 2009) ("loss" and "damages" do not include "lost revenue caused by the misappropriation of proprietary information and intellectual property from an employer's computer.")
    In this action, Plaintiff alleges that Defendants, who are former employees of Plaintiff, stole Plaintiff's trade secrets and other proprietary business information and that Defendants' conduct gives rise to a civil claim under the federal Computer Fraud and Abuse Act. Presently pending before the Court is Defendants' Motion to Dismiss (Doc. 13) . . . Plaintiff's federal claim fails to state a claim upon which relief may be granted, and therefore Defendants' motion is granted as to that claim. The Court declines to exercise supplemental jurisdiction over Plaintiff's remaining state law claims, and those claims are dismissed without prejudice.
  4. Garelli Wong & Assoc. v. Nichols, 551 F.Supp.2d 704 (N.D.Ill. 2008) (no CFAA liability for only copying data)
    Employer brought action against former employee for breach of contract and violation of Computer Fraud and Abuse Act (CFAA), alleging that employee was working in direct competition with employer in his new position. Employee moved to dismiss . . . The District Court, Charles P. Kocoras, J., held that:(1) employer failed to allege damage under CFAA, and (2) employer failed to allege loss under CFAA.
  5. Kalow & Springnut, LLP v. Commence Corporation, 2008 WL 2557506 (D.N.J. June 23, 2008) (must plead intent to cause harm, intent to transmit software code is not enough)
    Plaintiff Kalow & Springnut, LLP (“Plaintiff” or “Kalow”) brings the instant class action suit against Defendant Commence Corporation (“Defendant” or “Commence”) to recover damages arising from the alleged failure of computer software that Plaintiff purchased from Defendant seven years ago. Plaintiff filed a Class Action Complaint on behalf of a class that consists of those who purchased Commence's software. Specifically, the three-count Complaint alleges: 1) violations of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, for Defendant's alleged intentional transmission of a software code causing damage to Plaintiff's computer systems; 2) violations of the New Jersey Consumer Fraud Act (“NJCFA”), N.J.S.A. § 56:8-2, for Defendant's alleged engagement in deceptive and misleading practices in the marketing of its software; and 3) violations of various consumer fraud acts in the states where Defendant conducts business (virtually all states), in anticipation of class certification. Presently before the Court is Defendant's motion to dismiss Plaintiff's Complaint. For the reasons set forth below, Plaintiff's claims are dismissed without prejudice; however, Plaintiff shall have Twenty (20) days from the date of the Order accompanying this Opinion to amend its Complaint.
  6. GWR Medical, Inc. v. Baez, 2008 WL 698995 (E.D.Pa. March 13, 2008) ("CD-ROM does not, in and of itself, process information. The CD-ROM at issue is analogous to a compilation of documents and training materials, and cannot be considered a computer under the CFAA without processing capabilities.")
    This matter comes before the Court on Defendant Hector M. Baez's Motion to Dismiss the Amended Complaint [Doc. No. 17], Plaintiff GWR Medical, Inc.'s Response thereto [Doc. No. 18], and Defendant's Reply [Doc. No. 21]. After reviewing the pleadings, the applicable law, and after a hearing thereon, the Court will grant the Motion in part and deny it in part.
  7. International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. March 8, 2006).[9] (http://www.ca7.uscourts.gov/fdocs/docs.fwx?submit=showbr&shofile=05-1522_032.pdf)
    Former employer brought action against former employee, alleging violation of the Computer Fraud and Abuse Act. The United States District Court for the Northern District of Illinois, Wayne R. Andersen, J., dismissed action. Former employer appealed . . . The Court of Appeals, Posner, Circuit Judge, held that: (1) employee's alleged installation of program on employer's computer that caused deletion of files would violate the Computer Fraud and Abuse Act, and (2) Court of Appeals would not determine whether files destroyed were confidential, as would arguably be permitted by employment contract.
  8. ResDev v. Lot Builders, 2005 WL 1924743 (M.D. Fla. August 10, 2005) ( “integrity” needs “some diminution in the completeness or useability of data or information on a computer system")
    This case is before the Court on Defendants Lot Builders Association Inc.'s, Michael Boswell's, and Brad Luken's (collectively, “Lot Builders”) Motion for Summary Judgment (Doc. 52), Plaintiff ResDev LLC's Cross Motion for Summary Judgment (Doc. 53), and Resdev's and Lot Builder's respective Oppositions (Docs. 73 and 71).
  9. I.M.S. Inquiry Management Systems, Ltd. v. Berkshire, 307 F.Supp.2d 521 (SDNY 2004). Section 1030(a)(2)(c) forbids obtaining information from a protected computer involved in interstate or foreign communication through intentional and unauthorized access. Court allowed a civil cause of action under this section, in conjunction with a § 1030(g) claim. See also Theofel v. Farey-Jones, 341 F.3d 978, 986 (9th Cir.2003) (same).
    Provider of advertising tracking services, which utilized Internet website, sued competitor alleging copyright violations. Competitor moved to dismiss . . . The District Court, Buchwald, J., held that:(1) provider alleged damages and loss, under Computer Fraud and Abuse Act;(2) provider could proceed under Act despite claim there was no provision for private action;(3) copyright registration certificate did not cover allegedly infringed item, precluding infringement action;(4) version covered by certificate was not derivative of earlier version, allowing suit covering earlier version; (5) there was no violation of Digital Millennium Copyright Act (DMCA). Motion granted in part, denied in part.
  10. Southwest Airlines Co. v. Farechase, Inc., 318 F. Supp.2d 435 (ND Tex. 2004). CFAA does not require damage as defined in 18 U.S.C. § 1030 (http://www.law.cornell.edu/uscode/18/1030.html)(e)(8) over $5,000, only "loss" as defined in (e)(11).
    Software company, which created a product which allowed corporate travelers to search online for airline fares, filed motion to dismiss airline's claims for computer fraud and abuse, misappropriation, breach of a use agreement, tortious interference, trespass, unjust enrichment, and harmful access by computer . . . The District Court, Sanders, Senior District Judge, held that: (1) airline stated claim under Computer Fraud and Abuse Act (CFAA); (2) fare, route, and scheduling information which were allegedly misappropriated were not copyrightable and therefore airline's misappropriation claim under Texas law was not preempted by federal copyright law; (3) airline stated a claim for interference with business relations; (4) airline stated claim for harmful access by computer.
  11. Nexans Wires S.A. v. Sark-USA, Inc., 319 F.Supp.2d 468, 477 (S.D.N.Y.2004) (lost revenue due to unfair competition and lost business opportunity does not constitute a loss under CFAA)
    Wire and cable manufacturer sued competitor for, inter alia, violations of Computer Fraud and Abuse Act (CFAA). Competitor moved for summary judgment . . . The District Court, Cedarbaum, J., held that manufacturer lacked standing to assert civil claim based on competitor's alleged violation of CFAA.
  12. EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58 (1st Cir. 2003), (rejecting a CFAA claim based on a “reasonable expectations” test but stating in dicta that “a lack of authorization could be established by an explicit statement on the website restricting access”)
    Travel company brought action against maker of “scraper tool” software program provided to competitor that collected pricing information from the travel company's public website, alleging violations of the Computer Fraud and Abuse Act (CFAA) and the Copyright Act, and seeking preliminary injunction under both acts. The United States District Court for the District of Massachusetts, Morris E. Lasker, J.FN*, granted preliminary injunction under the CFAA but denied preliminary injunction under the Copyright Act. Software maker appealed. The Court of Appeals, Boudin, Chief Circuit Judge, held that: (1) reasonable expectations test was not the proper gloss for determining lack of authorization for purpose of CFAA provision setting forth offense of fraudulently accessing a protected computer without authorization; (2) software maker was bound by terms of preliminary injunction even though it was not named in the injunction; and (3) injunction did not violate software maker's First Amendment rights.
  13. Ingenix, Inc. v. Lagalante, 2002 U.S. Dist. LEXIS 5795 (E.D. La. 2002). The court held that plaintiff had properly alleged damages in excess of the statutory minimum due to the cost of hiring forensic experts to recover the deleted files and carry out an investigation on the laptops and email servers.
    Appeal was taken from a preliminary injunction of the United States District Court for the District of Mississippi, Walter L. Nixon, Jr., Chief Judge, staying demand for arbitration of contract dispute between general contractor and city. The Court of Appeals, Jerre S. Williams, Circuit Judge, held that: (1) an order granting a stay of arbitration pending outcome of litigation is an appealable interlocutory order; (2) general contractor's claim was arbitrable; and (3) district court abused its discretion in staying arbitration.
  14. EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001)
    Tour company sued competitor and individual executives of competitor, alleging that competitor's use of “scraper” software program to systematically glean company's prices from its website violated Computer Fraud and Abuse Act (CFAA), Copyright Act, and Racketeer Influenced and Corrupt Organizations Act (RICO). Company moved for preliminary injunction on CFAA claim. The United States District Court for the District of Massachusetts, Lasker, Senior District Judge, granted injunction, and competitor appealed. The Court of Appeals, Coffin, Senior Circuit Judge, held that: (1) use of “scraper” program “exceeded authorized access” within meaning of CFAA, assuming program's speed and efficiency depended on executive's breach of his confidentiality agreement with company, his former employer, and (2) company's payment of consultant fees to assess effect on its website was compensable “loss” under CFAA.
  15. Thurmond v. Compaq Computer Corp., 171 F.Supp.2d 667 (E.D. Tex. 2001) Holding that losses suffered by unnamed members of proposed class made up of buyers of allegedly defective computers could not be used to CFAA damage threshold. Noted in dicta that if the defective program corrupted $5,000 worth of data, then Plaintiffs would have met the statutory minimum.
    Buyers of personal computers sued manufacturer under Computer Fraud and Abuse Act (CFAA), alleging sale of machines containing defective floppy diskette controllers, and asserting state-law claims including breach of contract. Manufacturer moved for summary judgment. The District Court, Heartfield, J., held that: (1) showing of “damage” is required for CFAA civil claim; (2) fact question existed as to whether buyers suffered “impairment to the integrity” of their data within meaning of CFAA; (3) damages allegedly suffered by unnamed proposed class members could not be used to satisfy Act's threshold damages requirement; and (4) damages resulting from transmissions to multiple computers could not be aggregated to meet threshold.
  16. Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc., 119 F.Supp.2d 1121 (W.D. Wash. 2000)(finding that insiders with authorization to use a system can lose that authorization when they act as agents of an outside organization)
    Employer of former employees, alleged to have appropriate trade secrets stored on employer's computers, sued competitor which allegedly received secrets, under Computer Fraud and Abuse Act (CFAA). Competitor moved to dismiss. The District Court, Zilly, J., held that: (1) for purposes of stating claim under CFAA, former employees lost access to computers when they allegedly became agents of competitor; (2) CFAA was not limited to situations in which national economy was affected; (3) fraud provision of CFAA did not require showing of common law elements; (4) provision penalizing infliction of damage on protected computers was not limited to conduct of outsiders; and (5) damage claim was stated, even though appropriation did not affect integrity of secrets within employers' computers.
  17. International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418, 420-21 (7th Cir. 2006) (holding that an employee's access to data became unauthorized when breach of his duty of loyalty terminated his agency relationship).
    Former employer brought action against former employee, alleging violation of the Computer Fraud and Abuse Act. The United States District Court for the Northern District of Illinois, Wayne R. Andersen, J., dismissed action. Former employer appealed . . . The Court of Appeals, Posner, Circuit Judge, held that: (1) employee's alleged installation of program on employer's computer that caused deletion of files would violate the Computer Fraud and Abuse Act, and (2) Court of Appeals would not determine whether files destroyed were confidential, as would arguably be permitted by employment contract.
  18. Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238, 253 (S.D.N.Y. 2000) (terms of use notice)
    19. Internet domain name registrar sued competitor providing website host services, alleging breach of contract, trespass to chattels, breach of Computer Fraud and Abuse Act and violation of Lanham Act. Registrar moved for preliminary injunction. The District Court, Jones, J., held that: (1) registrar satisfied requirements for issuance of preliminary injunction barring competitor from offering website hosting services to registrar's new registrants, by means of direct mail or telephone solicitation; (2) requirements were satisfied for injunction based on commission of trespass to chattels; (3) requirements were satisfied for injunction barring violation of Computer Fraud and Abuse Act; and (4) requirements were satisfied in connection with violations of Lanham Act.
  19. America Online, Inc. v. LCGM, Inc., 46 F.Supp.2d 444, 450-51 (E.D. Va. 1998) (holding that AOL members acted without authorization when they used AOL network to send unsolicited bulk emails in violation of AOL's member agreement)
    20. Internet service provider brought action against operators of web sites, and principals of those operators, alleging that defendants sent unauthorized and unsolicited bulk e-mail advertisements to provider's customers, in violation of state and federal law. On provider's motion for summary judgment, the District Court, Lee, J., held that: (1) operators' use of provider's Internet domain name violated Lanham Act's prohibition on false designations of origin; (2) operators' use of domain name constituted dilution; (3) operators violated Computer Fraud and Abuse Act; (4) operators violated Virginia Computer Crimes Act; (5) operators' conduct amounted to trespass to chattels under Virginia law; and (6) fact issues precluded sum
  20. America Online, Inc. v. National Health Care Discount, Inc., 121 F.Supp.2d 1255 (N.D. Iowa 2000) (noting that no other published decision contains the same interpretation as America Online, Inc. v. LCGM, Inc. on the issue of unauthorized access)
    21. Internet service provider (ISP) brought action against Iowa corporation engaged in selling discount optical and dental service plans, alleging that corporation hired e-mailers to send unauthorized and unsolicited bulk e-mail advertisements to ISP's customers, in violation of state and federal law. On ISP's motion for summary judgment, the District Court, Zoss, United States Magistrate Judge, held that: (1) non-statutory claims were governed by Virginia law, rather than Iowa law; (2) genuine issues of material fact precluded summary judgment on ISP's claims under the Computer Fraud and Abuse Act (CFAA); (2) genuine issues of material fact precluded summary judgment for ISP on its claim of unjust enrichment under Virginia law; (3) genuine issues of material fact precluded summary judgment on grounds that corporation was liable for trespass to chattels and violation of Virginia Computer Crimes Act (VCCA) based upon acts of e-mailers.
  21. Vi Chip Corp. v. Lee, 438 F.Supp.2d 1087, 1100 (N.D.Ca. 2006) (applying the holding of Citrin to an employee who deleted data after being informed that his employment was to be terminated)
    22. Electrical engineering company involved in manufacture and sale of integrated circuits, as employer, brought action against former chief executive officer (CEO) claiming breach of contract in connection with employee agreement, breach of fiduciary duty, trade secret misappropriation, violation of Computer Fraud and Abuse Act (CFAA), and conversion on allegations that CEO stole confidential and proprietary information. Former CEO counterclaimed alleging misappropriation, unjust enrichment, and intentional interference with contractual relations and prospective economic advantage, and sought declaratory relief regarding ownership of intellectual property embodied in relevant patent applications. Employer brought motion for summary judgment . . . The District Court, Hamilton, J., held that:(1) consultant agreement only transferred ownership in all technology expressly “produced by or created for” contracting party after execution of agreement;(2) consulting agreement only bound those named parties to agreement;(3) CEO expressly assigned all chip technology to corporation upon which CEO worked as employee;(4) patent assignment form was adequately supported by consideration;(5) patent assignment form conveyed to assignee exclusive rights to same technology that was source for CEO's subsequent utility patents;(6) company set up as joint venture could not be considered stranger to original joint venture agreement;(7) CEO violated confidentiality provision in employee agreement; and(8) CEO breached fiduciary duty owed to corporate employer.
  22. Lockheed Martin Corp. v. Speed, 2006 WL 2683058 at *5-7 (M.D. Fla. 2006) (criticizing Citrin)
    23. This matter comes before the Court upon the Motion to Dismiss by Defendants Kevin Speed (“Speed”) and Steve Fleming (“Fleming”) (Doc. 53), to which Plaintiff Lockheed Martin Corporation (“Lockheed” or “the company”) responded in opposition (Doc. 71), and the Motion to Dismiss by Patrick St. Romain (“St.Romain”) (Doc. 68), to which Lockheed responded in opposition (Doc. 75). Lockheed alleges that three of its former employees accessed Lockheed computers, copied proprietary information, and delivered trade secrets to Defendant L-3 Communications Corporation (“L-3”) in violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. For the reasons herein stated, the Court grants the Motions to Dismiss.
  23. Role Models America, Inc. v. Jones, 305 F.Supp.2d 564 (D. Md. 2004)
    24. Private school sued its former principal and Internet-based university in which he had enrolled, alleging violation of Computer Fraud and Abuse Act (CFAA) and misappropriation of trade secrets. University moved to dismiss . . . The District Court, Blake, J., held that: (1) university did not violate CFAA, but (2) fact issue existed as to whether university misappropriated school's trade secrets.
  24. YourNetDating v. Mitchell, 88 F.Supp.2d 870, 871 (N.D. Ill. 2000) (granting temporary restraining order where defendant installed code on plaintiff's web server that diverted certain users of plaintiff's website to pornography website)
    25. Internet dating service sought temporary restraining order (TRO) prohibiting a former programmer from “hacking” the dating service's website and diverting its clients and users to a porn site. The District Court, Bucklo, J., held that dating service was entitled to TRO.
  25. HUB Group, Inc. v. Clancy, 2006 WL 208684 (E.D. Pa. 2006) (downloading employer's customer database to a thumb drive for use at a future employer created sufficient damage to state claim under the CFAA)
    26. Plaintiff, HUB Group, Inc. (“HUB”) seeks a preliminary injunction temporarily barring defendant, Jeffrey Clancy, from contacting, soliciting, or servicing any of the 29 customers he serviced during his final year of employment with HUB. HUB contends that Clancy stole secret information regarding those current and former HUB clients, and that he should not be allowed the opportunity to use that information to unfairly compete against HUB. HUB's complaint alleges violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, et. seq., Misappropriation of Trade Secrets, Breach of Contract, Breach of Fiduciary Duty, Conversion, Tortious Interference with an Economic Advantage, and Unfair Competition. This court entered a temporary restraining order on May 4, 2005 directing the defendant to cease using or disclosing any confidential or proprietary information that Mr. Clancy obtained from HUB. On August 23, 2005, a hearing was held so the court could consider evidence as to whether its temporary restraining order should remain in place. Based upon my findings of fact after careful consideration of the evidence from the hearing . . . I will dissolve the temporary injunction entered on May 4, 2005.
  26. LVRC Holdings v. Brekka, No. 07-17116, (9th Cir. Sept. 15, 2009).
    LVRC Holdings, LLC (LVRC) filed this lawsuit in federal district court against its former employee, Christopher Brekka, his wife, Carolyn Quain, and the couple’s two consulting businesses, Employee Business Solutions, Inc., a Nevada corporation (EBSN), and Employee Business Solutions, Inc., a Florida corporation (EBSF). LVRC alleged that Brekka violated the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, by accessing LVRC’s computer “without authorization,” both while Brekka was employed at LVRC and after he left the company. See 18 U.S.C. § 1030(a)(2), (4). The district court granted summary judgment in favor of the defendants. We affirm. Because Brekka was authorized to use LVRC’s computers while he was employed at LVRC, he did not access a computer “without authorization” in violation of § 1030(a)(2) or § 1030(a)(4) when he emailed documents to himself and to his wife prior to leaving LVRC. Nor did emailing the documents “exceed authorized access,” because Brekka was entitled to obtain the documents. Further, LVRC failed to establish the existence of a genuine issue of material fact as to whether Brekka accessed the LVRC website without authorization after he left the company.

Retrieved from "http://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29"