Author: Scripta Ad Astra Staff
This is part two of a three-part series on federal district court opinions in California related to the CFAA. The first part can be found here. The third part will be posted on Friday, July 25, 2014. Stay tuned and check it out.
Enki Corp. v. Freedman, 2014 U.S. Dist. LEXIS 9169 (N.D. Cal. Jan. 23, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge.
Author: Scripta Ad Astra Staff
This is the third part of three part-series on federal district court opinions in California regarding the CFAA. The first part of this series can be found here. The second part of this series can be found here.
Overall, California district courts have regularly followed the holdings in Nosaland Brekka regarding “use” versus “access.” In summary, courts in the Ninth Circuit have generally held that the CFAA does not prohibit misusing information, such as in a trade secrets misappropriation violation: if you are allowed to access information, what you do with that information is not a violation of the CFAA, even if it is contrary to the interests of your employer. On the other hand, if were not allowed to access information – say you quit or were fired – then a CFAA claim could likely withstand Ninth Circuit scrutiny.
It will be interesting to see how the courts make their decisions, especially as the divide between employment-based CFAA claims (“inside hacker” claims) and non-employment-based (external “hacker” claims) become more prevalent. Of course, you can always come back to Scripta Ad Astra to read about the latest CFAA, computer crimes, and cyber security developments.
NetApp, Inc. v. Nimble Storage, 2014 U.S. Dist. LEXIS 65818 (N.D. Cal. May 12, 2014)
Judge: Lucy H. Koh, United States District Judge.
Written by Keenan W. Ng
It was recently discovered that Lenovo has been selling laptops with preinstalled adware that creates a catastrophic security hole in the web browser leaving users vulnerable to hacks. Superfish, a small company in Palo Alto, develops the adware. Plenty has been written about the technical aspects of the security flaw and more will be written going forward. As the ramifications of the Superfish vulnerability play out in the community, at least two lawsuits* have been filed. More lawsuits certainly will come. One of these cases, Sterling International Consulting Group (“SICG”) v. Lenovo, Inc. and Superfish, Inc.(collectively, “Lenovo”), alleges violations of the Computer Fraud and Abuse Act. SICG seeks class action certification and was filed in the Northern District of California. The problem with Sterling is that the plaintiffs may have a hard time establishing the authorization element of the CFAA.
Allegations
Author: Scripta Ad Astra Staff
This week, we will have a two-part series on all of the substantive California district court Computer Fraud and Abuse Act opinions from July 2014 through February 2015. These posts are a follow up to a three – part series I wrote last summer discussing CFAA opinions from January 2014 through June 2014.
I decided to include some 2015 opinions in this Round Up because (1) there were not that many substantive opinions in the latter half of 2014 and (2) because I was a bit tardy on getting this post up – I figured I would bring you up to speed.
The next post will be on Friday, March 20. I hope you check it out!
Sprint Solutions, Inc. v. Pacific Cellupage Inc., 2014 U.S. Dist. LEXIS 101397 (C.D. Cal. July 21, 2014)
Judge: Christina A. Snyder, United States District Judge.
Author: Scripta Ad Astra Staff
On Thursday, July 24, 2014, Congressman Darrell Issa (R- CA 49), Chairman of the House Oversight Committee, held a hearing on the Federal Trade Commission’s prosecution of LabMD for alleged data security breaches leading to the release of its customer’s personal data. Needless to say, Congressman Issa was not happy with the FTC.
Background of FTC v. LabMD
On August 28, 2013, the FTC filed an administrative complaint against LabMD alleging a variety of data security breaches that lead to the release of consumer information. LabMD conducts clinical laboratory tests on specimen samples from consumers and reporting test results to consumers’ health care providers.
Read More >
Since 2004, an independent company has researched and reviewed attorneys in California and each summer released a list of the top 5% of attorneys in the state. These top 5% of attorneys are dubbed Super Lawyers and the title is an enormous honor. Attorneys under 40 who have been practicing for less than 10 years who otherwise make the cut are called Rising Stars.
Ad Astra Law Group, LLP, is proud to announce that David Nied has again earned the Super Lawyer title, as he has every year since 2005. Keeping with our astral theme, Katy Young and Michael Dorsi proudly don the Rising Star label. This year is Katy Young’s second consecutive Rising Star award and Michael Dorsi’s first.
All of our lawyers are talented practitioners and together we make an unstoppable team. Congratulations to our Super Lawyers!
Author: Michael Dorsi
Last summer, a federal judge in Pennsylvania ruled in favor of unsealing Bill Cosby’s sworn testimony concerning the use of Quaaludes (Methaqualone) in sexual assaults against women.[1] The result should stand as a warning to litigants: you cannot guarantee that a sealed document will remain sealed.
Both federal[2] and California[3] law permit filing motions under seal — out of public view — but both impose restrictions and somewhat unpredictable tests.
In federal cases, Federal Rule of Civil Procedure 26 controls. The Rule is very vague, stating “The court may, for good cause, issue an order to protect a party or person from annoyance, embarrassment, oppression, or undue burden or expense . . . .” A similarly vague test applies in California.”[4] While cases on the subject give attorneys a guide on what subjects to address, outcomes remain difficult to predict.
The fact that both parties to a case agree to seal records is insufficient.[5] California law explicitly states “The court must not permit a record to be filed under seal based solely on the agreement or stipulation of the parties.”[6] Courts faced with two-party motions to seal often reject those motions, viewing it as their job to police the public interest in knowledge of what happens in courts.
What happened in the Cosby case is similar. Both parties had wanted certain records sealed. Due to an unusual posture (explored in Part II of this series), the Court did not rule on sealing until years later the Associated Press sought the records. When it comes to filing under seal, there are no guarantees, even years after a case is closed.
[1] See Order (link), Memorandum Order (link).
[2] Fed. R. Civ. Proc. 26(c)(1)(F), (H).
[3] Cal. Rules of Court 2.550, 2.551.
[4] Cal. Rule of Court 2.550(d) (“The court may order that a record be filed under seal only if it expressly finds facts that establish: (1) There exists an overriding interest that overcomes the right of public access to the record; (2) The overriding interest supports sealing the record; (3) A substantial probability exists that the overriding interest will be prejudiced if the record is not sealed; (4) The proposed sealing is narrowly tailored; and (5) No less restrictive means exist to achieve the overriding interest.”)
[5] See Savaglio v. Wal–Mart Stores, Inc., 149 Cal.App.4th 588, 600 (2007).
[6] Cal. Rule of Court 2.551(a).
Author: Michael Dorsi
The Cosby case presented an unusual situation. The filings under seal were pending future review concerning sealing when the case settled. As a result, the Court did not rule until the Associated Press sought review years later.[1]
Settlements sometimes preserve confidentiality, but they cannot be relied on to happen at the right time. Sometimes litigants need to make a motion, and need to present the evidence they want sealed in order to provide adequate support for the motion. This can be a tricky situation for counsel.
The timing of motions permits state-court litigants more room to maneuver on noticed motions, at least compared to federal court litigants in the Northern District of California. California permits a party to file a redacted motion and conditionally lodge the un-redacted version of the motion under seal.[2]
Because the timing rules are the same for the motion to seal and any other motion other than summary judgment, the underlying motion often will be heard on the same or a later date than the motion to seal.
If the moving party prevails on the motion to seal, then that party is secure — at least for the time being. If the moving party loses a motion to seal, the filing under seal is returned to the moving party unless that party directs otherwise.[3] If the moving party also loses the underlying motion, then the moving party may be perfectly happy to have the moving papers not appear in the file. The difficult situation arises when the moving party prevails on the underlying motion but loses the motion to seal. At that point, the litigant must decide what is more important: obtaining relief on the motion or keeping the records out of public view.
| Underlying Motion Granted, Motion to Seal Granted (moving party satisfied) | Underlying Motion Granted, Motion to Seal Denied (moving party’s dilemma) |
| Underlying Motion Denied, Motion to Seal Granted (moving party maintains confidentiality) | Underlying Motion Denied, Motion to Seal Denied (moving party has option to withdraw sealed papers)[4] |
As a result, in California state court, a moving party that arranges the calendar well can guarantee that the motion to seal only matters if the party wins the motion.
In federal court, the Northern District’s local rules prevent this situation by employing an administrative motion process, which causes the motion to seal to be fully briefed in five days.[5] and that motion to be decided promptly, well before any ruling on the underling motion.[6]
[1] Memorandum Order (link)
[2] Cal. Rule of Court 2.551(b)(4).
[3] Cal. Rule of Court 2.551(b)(6).
[4] This blog post does not explore whether withdrawing such papers has an effect on preserving rights for appeal. As with any litigation decision, parties should consult with an attorney.
[5] N.D. Cal. L.R. 7-11.
[6] N.D. Cal. L.R. 7-11(c), 79-5(f).
Author: Michael Dorsi[1]
Tomorrow the United States Court of Appeals for the Ninth Circuit will hear argument in United States v. Nosal, a case testing the meaning of the federal computer crime laws.
Petitioner David Nosal was convicted of a felony for his participation in a conspiracy by former employees of the executive search firm Korn/Ferry. The trial court found Nosal guilty of violating the federal Computer Fraud and Abuse Act[2] (“CFAA”) because his co-conspirators[3] used a password belonging to a then-employee of Korn/Ferry. After a jury trial, the district court concluded that the co-conspirators’ access was not authorized, and that using a current employee’s password falls within the CFAA.
This is the third time that the Ninth Circuit will hear argument in this case. In 2011, a three-judge panel considered an appeal of the dismissal of several charges. That panel reversed the district court, but on review en banc in 2012, the Ninth Circuit reversed the panel decision and affirmed the district court’s dismissal of causes of action. That decision held that the CFAA only prohibited wrongful access to — not wrongful use — protected computers and material found on those computers. Judge Kozinski’s opinion for the en banc panel[4] suggested that the court was concerned about the broad reach of the statute, but stopped short of striking down the statute for unconstitutional vagueness and overbreadth. That opinion considered but did not conclude that circumvention of a technological access barrier would be required to find a CFAA violation.
Interestingly, one of the eleven judges from the en banc decision in 2012, Judge M. Margaret McKeown, is on tomorrow’s panel. And during the en banc oral argument, Judge McKeown engaged in a brief colloquy with defense attorney Ted Sampsell-Jones, attempting to distinguish the charges now on appeal from those on appeal during the 2011 oral argument. Judge McKeown and Mr. Sampsell-Jones considered an analogy between passwords and keys to doors. Judge McKeown appeared to be under the impression that the defendants had kept their working passwords — like keeping a key after leaving — when in fact they used the password of a current employee. The text of the exchange suggests that Judge McKeown may not be as supportive of the defense argument now as she was in 2011–12:
“Mr. Sampsell-Jones: I don’t think that’s quite the same as picking a lock or stealing.
Judge McKeown: Well the one who’s left, has a key that he or she didn’t, quote, turn in, so to speak.
Mr. Sampsell-Jones: No the one who’s left doesn’t have a key anymore. The one who has left gets the key consensually from the one who is still there.
Judge McKeown: That’s called hacking.”[5]
While a single question is not entirely useful in forecasting the outcome, it will be interesting to see if Judge McKeown revisits the same question tomorrow.
[1] Mr. Dorsi is an associate at Ad Astra Law Group, counsel for amicus curiae NovelPoster. NovelPoster’s brief can be found here. All briefs are available online on a page hosted by the Electronic Frontier Foundation.
[2] The Computer Fraud and Abuse Act is codified at 18 U.S.C. § 1030. Mr. Nosal was convicted for his violation of 18 U.S.C. § 1030(a)(4).
[3] There are also arguments about whether Mr. Nosal can be guilty by way of conspiracy for these actions. Those arguments will not fit into a brief blog post, but are addressed in the briefs.
[4] 676 F.3d 854 (9th Cir. 2012).
[5] Oral Argument, Nosal, supra, 676 F.3d 854, at 46:45–47:10, available at http://www.ca9.uscourts.gov/media/view_video.php?pk_vid=0000006176.
Among the questions posed in the Ninth Circuit Court of Appeals case of United States v. Nosal is whether a person can be convicted under an “anti-hacking statute” if they do not circumvent a technical or code-based access barrier. Ross Todd from The Recorder[1] interviewed Ad Astra associate Michael Dorsi and quoted Mr. Dorsi on the difficulty of defining a technical access barrier. The underlying events in the Nosal case took place in 2004. As stated in The Recorder:
Dorsi said one need only look at how long Nosal’s case has been pending to see the problem with tying CFAA allegations to some sort of technology-based standard.
Said Dorsi, “If we do end up with a ‘technological access barrier’ standard we will constantly be catching up with the question of ‘What is a barrier?’
In addition to its work on NovelPoster, Ad Astra Law Group presently represents workers’ compensation law firm Reyes & Barsoum in ongoing CFAA litigation in Los Angeles County Superior Court against another law firm, Knox Ricksen.
[1] Ross Todd, Nosal Appeal Could Extend Limits on Computer Hacking Law, The Recorder, October 16, 2015, available at http://www.therecorder.com/id=1202740085781/Nosal-Appeal-Could-Extend-Limits-on-Computer-Hacking-Law
