Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act – January 2014 through June 2014 – Part One

Author: Scripta Ad Astra Staff

This week, we will have a three-part series on all of the substantive district court opinions in California regarding the Computer Fraud and Abuse Act (“CFAA”) (18 § U.S.C. 1030) for the first part of 2014 – January through June. We are concentrating on California because that is where most of the Ninth Circuit opinions are generated – not surprising given that Silicon Valley and many technology firms are located in California and within the Ninth Circuit’s jurisdiction.

The CFAA is important to businesses small and large because it provides them the opportunity to seek recourse for unauthorized access to data and information they store and protect on their internal servers or on the cloud.  CFAA violations address outside computer “hackers” as they are commonly perceived in the media, but also “inside” hackers: former employees or business partners that have found ways to access information from their former business associates which they are no longer supposed to view.  The CFAA does not address how information is used once it is acquired, but only covers the initial access of information that one has no authority to view or exceeded his or her authority in so viewing.

Over the next week – Monday, Wednesday, and Friday – we will provide a roundup of the first six months of published California federal opinions regarding the CFAA.

Oracle Am., Inc. v. TERiX Computer Co., 2014 U.S. Dist. LEXIS 561 (N.D. Cal. Jan. 3, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge

Read More >

Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act – January 2014 through June 2014 – Part Two

Author: Scripta Ad Astra Staff

This is part two of a three-part series on federal district court opinions in California related to the CFAA.  The first part can be found here.  The third part will be posted on Friday, July 25, 2014.  Stay tuned and check it out.

Enki Corp. v. Freedman, 2014 U.S. Dist. LEXIS 9169 (N.D. Cal. Jan. 23, 2014)
Judge: Paul S. Grewal, United States Magistrate Judge.

Read More >

Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act – January 2014 through June 2014 – Part Three

Author: Scripta Ad Astra Staff

This is the third part of three part-series on federal district court opinions in California regarding the CFAA.  The first part of this series can be found here.  The second part of this series can be found here.

Overall, California district courts have regularly followed the holdings in Nosaland Brekka regarding “use” versus “access.”  In summary, courts in the Ninth Circuit have generally held that the CFAA does not prohibit misusing information, such as in a trade secrets misappropriation violation: if you are allowed to access information, what you do with that information is not a violation of the CFAA, even if it is contrary to the interests of your employer.  On the other hand, if were not allowed to access information – say you quit or were fired – then a CFAA claim could likely withstand Ninth Circuit scrutiny.

It will be interesting to see how the courts make their decisions, especially as the divide between employment-based CFAA claims (“inside hacker” claims) and non-employment-based (external “hacker” claims) become more prevalent. Of course, you can always come back to Scripta Ad Astra to read about the latest CFAA, computer crimes, and cyber security developments.

NetApp, Inc. v. Nimble Storage, 2014 U.S. Dist. LEXIS 65818 (N.D. Cal. May 12, 2014)
Judge: Lucy H. Koh, United States District Judge.

Read More >

Lenovo and Superfish Sued Under The Computer Fraud and Abuse Act.

Written by Keenan W. Ng

It was recently discovered that Lenovo has been selling laptops with preinstalled adware that creates a catastrophic security hole in the web browser leaving users vulnerable to hacks. Superfish, a small company in Palo Alto, develops the adware. Plenty has been written about the technical aspects of the security flaw and more will be written going forward.  As the ramifications of the Superfish vulnerability play out in the community, at least two lawsuits* have been filed. More lawsuits certainly will come. One of these cases, Sterling International Consulting Group (“SICG”) v. Lenovo, Inc. and Superfish, Inc.(collectively, “Lenovo”), alleges violations of the Computer Fraud and Abuse Act. SICG seeks class action certification and was filed in the Northern District of California. The problem with Sterling is that the plaintiffs may have a hard time establishing the authorization element of the CFAA.

Allegations

Read More >

Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act, July 2014 through February 2015 – Part One

Author: Scripta Ad Astra Staff

This week, we will have a two-part series on all of the substantive California district court Computer Fraud and Abuse Act opinions from July 2014 through February 2015. These posts are a follow up to a three – part series I wrote last summer discussing CFAA opinions from January 2014 through June 2014.

I decided to include some 2015 opinions in this Round Up because (1) there were not that many substantive opinions in the latter half of 2014 and (2) because I was a bit tardy on getting this post up – I figured I would bring you up to speed.

The next post will be on Friday, March 20. I hope you check it out!

Sprint Solutions, Inc. v. Pacific Cellupage Inc., 2014 U.S. Dist. LEXIS 101397 (C.D. Cal. July 21, 2014)

Judge: Christina A. Snyder, United States District Judge.

Read More >

Opinion Roundup: California District Courts and the Computer Fraud and Abuse Act, July 2014 through February 2015 – Part Two

Author: Scripta Ad Astra Staff

This is the second part of a two part-series on federal district court opinions in California regarding the CFAA. The first part of this series can be found here.

NetApp, Inc. v. Nimble Storage, Inc., 2015 U.S. Dist. LEXIS 11406 (N.D. Cal. January 29, 2015)(“NetApp II”)

Judge: Lucy H. Koh, United States District Judge

Read More >

I’ve Been Hacked. Have I Been Damaged?

Pleading computer fraud damages

Written by Keenan W. Ng

Plaintiffs seem to have difficulty pleading damages related to computer fraud violations, including the Computer Fraud and Abuse Act (18 U.S.C. §1030), the Stored Communications Act (18 U.S.C. § 2701), the Electronic Communications Privacy Act (18 U.S.C. § 2501), and the California Computer Data Access and Fraud Act (Cal. Penal Code § 502). While litigants simply seem confused as to what they are allowed to ask for, pleading damages is a fairly straightforward process as most courts interpret the requisite sections by their plain meaning.

Computer Fraud and Abuse Act

The CFAA does not allow for traditional compensatory damages. Rather, the statute allows for the recovery of loss and damage as defined by the statute.

Read More >

Attorneys’ Fees for Computer Misuse? What about for Defendants?

Author: Michael Dorsi

Attorneys who have dealt with computer misuse statutes know that while the federal Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, provides federal jurisdiction, California’s Comprehensive Computer Data Access and Fraud Act (“CDAFA”), Cal. Penal Code § 502, has a broader scope and more plaintiff-friendly remedies. Those remedies include attorneys’ fees. But what happens if a plaintiff sues under the CDAFA, and loses. Can the defendant win fees?

There is a frustrating split of authority on this question.

The split is between Swearingen v. Haas Automation, Inc., No. 09CV473 BTM(BLM), 2010 WL 1495204, at *3 (S.D. Cal. Apr. 14, 2010), and US Source LLC v. Chelliah, No. G049481, 2014 WL 6977597, at *6 (Cal. Ct. App. Dec. 10, 2014). Swearingen says fees are for plaintiffs only; US Source says defendants* can win fees as well.

Normally this would be easy to work out. US Source is more recent and decided by the California Court of Appeal on a question of state law. Swearingen is a federal district court decision, so it is not binding on anyone (beyond its own case). Going forward, US Source ought to control.Read More >