Ad Astra Law Group, LLP

Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act, July 2014 through February 2015 – Part One

Author: Scripta Ad Astra Staff

This week, we will have a two-part series on all of the substantive California district court Computer Fraud and Abuse Act opinions from July 2014 through February 2015. These posts are a follow up to a three – part series I wrote last summer discussing CFAA opinions from January 2014 through June 2014.

I decided to include some 2015 opinions in this Round Up because (1) there were not that many substantive opinions in the latter half of 2014 and (2) because I was a bit tardy on getting this post up – I figured I would bring you up to speed.

The next post will be on Friday, March 20. I hope you check it out!

Sprint Solutions, Inc. v. Pacific Cellupage Inc., 2014 U.S. Dist. LEXIS 101397 (C.D. Cal. July 21, 2014)

Judge: Christina A. Snyder, United States District Judge.

NovelPoster Files Amicus Brief in United States v. Nosal

Written by Michael S. Dorsi

San Francisco-based NovelPoster, having settled its Computer Fraud and Abuse Act (“CFAA”) claim against Javitch Canfield Group, filed a brief as amicus curiae in the Ninth Circuit Court of Appeals case of United States v. Nosal (9th Cir. Case Nos. 14-10037 and 14-10275).

While the NovelPoster and Nosal cases originated differently — NovelPoster was a civil action and Nosal is a criminal prosecution — both cases touched on an important question: is a person liable under the Computer Fraud and Abuse Act for acting without authorization — a term that applies equally in civil lawsuits and criminal prosecutions — if the actions in question did not involve circumventing a technical or code-based access barrier.

Lenovo and Superfish Sued Under The Computer Fraud and Abuse Act.

Written by Keenan W. Ng

It was recently discovered that Lenovo has been selling laptops with preinstalled adware that creates a catastrophic security hole in the web browser leaving users vulnerable to hacks. Superfish, a small company in Palo Alto, develops the adware. Plenty has been written about the technical aspects of the security flaw and more will be written going forward. As the ramifications of the Superfish vulnerability play out in the community, at least two lawsuits* have been filed. More lawsuits certainly will come. One of these cases, Sterling International Consulting Group (“SICG”) v. Lenovo, Inc. and Superfish, Inc.(collectively, “Lenovo”), alleges violations of the Computer Fraud and Abuse Act. SICG seeks class action certification and was filed in the Northern District of California. The problem with Sterling is that the plaintiffs may have a hard time establishing the authorization element of the CFAA.

Allegations

Company Seeks To Regain Stolen Domain Names Using CFAA

Written by Keenan W. Ng

An interesting Computer Fraud and Abuse Act case was recently filed in Virginia. In AcmeBilling Company v. John Doe, Plaintiff, Acme, who maintains numerous websites hosted by GoDaddy, alleges cyber criminals in China stole its domain names. These cyber criminals stole the domain names by gaining unauthorized access to Acme’s domain management account and altering the domain registration records for accounts owned and used by Acme. While Acme was able to recover some of its domain names by working with GoDaddy, GoDaddy unfortunately informed Acme the Chinese domain name registrar who had 14 of their domain names refused to return the websites.

Ninth Circuit Opinion Confirms That Websites Should Probably Have Clickwrap Agreements To Bind Their Customers

Written by Keenan W. Ng

Recently, the Ninth Circuit in Nguyen v. Barnes &Noble, Inc. held that “where a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on—without more—is insufficient to give rise to constructive notice.”

In 2011, plaintiff purchased two Hewlett-Packard Touchpads from the Barnes & Noble website during a fire sale. Unfortunately, despite receiving a confirming email of his purchase, plaintiff’s order was cancelled due to high demand. Plaintiff filed suit alleging he had to purchase another tablet at a higher price. Defendant argued that plaintiff must arbitrate the matter per the browsewrap terms of use agreement.

Congress Readies Itself to Tackle Cybersecurity Legislation

Written by Keenan W. Ng

With Congress coming back from its summer recess, it will be focusing on a few cybersecurity related bills. One of the most controversial of these bills is the Cybersecurity Information Sharing Act of 2014 (“the Act”), introduced by Senator Dianne Feinstein (D-CA) and Senator Saxby Chambliss (R-GA) for the fourth consecutive year. The Act is supposed to “improve cybersecurity in the United Sates through enhanced sharing of information about cybersecurity threats, and for other purposes.” While some of the ideas and the language behind the Act seem reasonable and commonsense, the devil is in the details- or rather, the definitions in the Act- and could have some very interesting implications for individuals and businesses.

Ninth Circuit Affirms That Yelp! Can Use Hardball Sales Tactics To Sell Advertising To Businesses

Author: Scripta Ad Astra Staff

On Tuesday, the Ninth Circuit affirmed a district court ruling in Levitt v. Yelp! Inc. dismissing an action by a group of small businesses that Yelp! extorted, or used extortionate sales tactics, to induce small businesses to purchase advertising with Yelp! in violation of the federal Hobbs Act (civil extortion) and the California Unfair Competition Law. The plaintiffs generally claimed that Yelp! sales people contacted them about purchasing advertising services in connection with their Yelp! pages. When the plaintiffs declined to purchase the advertising, the plaintiffs alleged that Yelp! manipulated its service to lead to a downgrade in the businesses ratings. The plaintiffs alleged that such tactics included removing positive reviews, re-posting negative reviews that had previously been taken down, allowing more negative reviews to appear first, and even authored negative reviews.

Ninth Circuit Finds That FedEx Drivers Are Employees and Not Independent Contractors

Author: Scripta Ad Astra Staff

An interesting opinion in Alexander v. FedEx came out of the Ninth Circuit on Wednesday holding that FedEx drivers and delivery people were improperly classified as independent contractors instead of employees because of the level of control that FedEx maintains over those drivers. I find the opinion “interesting” because I never would have thought the people driving in the FedEx branded trucks, FedEx branded uniforms, using FedEx technology, delivering packages to FedEx customers in areas designated by FedEx, on FedEx’s schedule, would have been classified as anything other than an employee.

Federal Judge Rules Against NCAA In Antitrust Lawsuit

Author: Wendy Hillger & Scripta Ad Astra Staff

It has been a little over a week since U.S. District Judge Claudia Wilken of the Northern District of California issued her August 8, 2014 landmark ruling against the National Collegiate Athletic Association (“NCAA”) in O’Bannon v. NCAA. While it is too early to know the ramifications of the ruling (the NCAA has already stated it will appeal), the opinion has roundly been seen as favorable for collegiate athletes.

How The Challenge Started
The road to get to this ruling did not start with the lead plaintiff, former UCLA basketball star, Ed O’Bannon, simply filing suit. Rather, Mr. O’Bannon stood on the accomplishments of an evolution in public opinion and challenges that chipped away at the NCAA’s “defense of amateurism”.

The challenge to NCAA’s reign was, in part, started by the very man who helped commercialize college sports, Sonny Vaccaro. After spending decades building endorsement relationships between shoe companies such as Nike, Adidas, and Reebok, with universities all over the country, Mr. Vaccaro eventually soured on what he saw as colleges taking advantage of athletes. While universities and the NCAA were making money hand-over-fist from merchandising, television rights, and other endorsement deals, they were withholding those revenues from the athletes (called “student-athletes” by the NCAA for the purposes of avoiding paying workers compensation insurance), suggesting that these athletes were playing as students and amateurs, not professionals, and thus not entitled to that money.

S.D.N.Y. Affirms Order To Microsoft To Hand Over Data Stored Overseas Pursuant To A Stored Communications Act Warrant

Author: Scripta Ad Astra Staff

On Thursday, July 31, 2014, Microsoft lost a challenge to an April 25, 2014 order denying its motion to quash a subpoena issued by the federal government pursuant to the Stored Communications Act (“SCA”) for email communications located on Microsoft servers in the Ireland. Issuing her ruling from the bench, U.S. District Judge Loretta Preska stated that “Congress intended in this statute for ISPs to produce information under their control, albeit stored abroad, to law enforcement in the United States … As [Magistrate Judge James Francis IV] found, it is a question of control, not a question of the location of that information.”

Luckily for Microsoft, Judge Preska stayed the implementation of her ruling so that Microsoft could appeal to the Second Circuit. While we wait for that to occur, it might be worthwhile to go back and examine what Judge Francis’ April 25, 2014 Order said.