Computer Fraud and Abuse Act

A recent motion for preliminary approval of a class action settlement filed in federal court in Georgia will bring to a close claims asserted on behalf of a class of Porsche owners for a purportedly botched over-the-air (“OTA”) software update sent to their vehicles. But a recent decision by a California federal court suggests that manufacturers may be able to avoid claims for violation of the Computer Fraud and Abuse Act (“CFAA”) so long as they do not “blatantly misdescribe” the OTA updates they transmit to vehicle owners. Taken together, these cases signal the challenges automakers will face in defending software malfunction cases and the benefits of robust disclosure when transmitting OTA software updates.Continue Reading Computers on Wheels: One OEM Settles Claims While Another Scores a Win in Cases Involving Allegedly Botched OTA Updates

The Department of Justice recently announced a revision of its policy concerning charging violations of the Computer Fraud and Abuse Act (the “CFAA”). Following recent decision from the Supreme Court and appellate courts that seemingly narrow the scope of civil liability under the CFAA, the DOJ’s new policy may likewise limit criminal prosecutions under the law.

As regular readers of this blog are well aware, the CFAA provides that “[w]hoever … intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer … shall be punished” by fine or imprisonment.” The DOJ’s announced policy, however, now directs that “good-faith security research” should not be charged. “Good faith security research” means “accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”
Continue Reading DOJ Announces It Will Not Charge CFAA Violations for Good-Faith Security Research

A non-fungible token (“NFT”) is a type of financial asset that is made up of digital data stored in a blockchain. Clear as mud, right? The person or entity that owns the NFT records the ownership in the blockchain, which allows NFTs to be sold and traded. NFTs typically are made up of digital files such as photos, videos, and music. This can even expand to internet viral memes, like Disaster Girl, which became an NFT valued at $401,718.00. The market value of the NFT is linked directly to the digital file that it represents. And more critically, each NFT is uniquely identifiable, so in that way, is different from a cryptocurrency which is fungible.
Continue Reading NFT Company Seeks to Avail Itself of Trade Secret Protections

In September 2019, the Ninth Circuit held that hiQ Labs, Inc.’s (“hiQ”) collection and use of information that LinkedIn users shared on their public profiles did not violate the Computer Fraud and Abuse Act (“CFAA”) because the data was publicly available and therefore did not fall within the scope of the CFAA. Following the Ninth Circuit’s order, the Supreme Court issued a decision in Van Buren v. United States, wherein the Supreme Court held, in a 6-3 ruling, that a former Georgia police officer did not “exceed authorized access” within the meaning of the CFAA by accessing a state law enforcement computer database containing license plate information to determine whether an individual was an undercover officer. The Supreme Court concluded that an individual “exceeds authorized access” when he accesses a computer with authorization but then obtains information located in particular areas of that computer—such as files, folders, or databases—that are off-limits to him.
Continue Reading Ninth Circuit Reaffirms that Data Scraping from Public Websites Does Not Violate the Computer Fraud and Abuse Act

What You Need to Know about the Recent Cases and Developments in Trade Secrets, Restrictive Covenants, and Computer Fraud

Thursday, January 27, 2022
2:00 p.m. to 3:00 p.m. Eastern
1:00 p.m. to 2:00 p.m. Central
12:00 p.m. to 1:00 p.m. Mountain
11:00 a.m. to 12:00 p.m. Pacific

REGISTER HERE

In the first installment of the 2022 Trade Secrets Webinar Series,
Continue Reading Upcoming Webinar! 2021 Trade Secrets & Non-Competes Year in Review

In a long-awaited decision, the Supreme Court resolved a circuit split about whether an individual with access to a computer system violates the Computer Fraud and Abuse Act (“CFAA”) by accessing information for an improper purpose. By a 6-3 decision authored by Justice Barrett, the Court held that an individual does not “exceed authorized access” within the meaning of the CFAA by misusing access to obtain information that is otherwise available to that person. While the case heard by the high court was a criminal case involving a former law enforcement officer’s criminal conviction, the decision nonetheless has broad ramifications for trade secrets and restrictive covenant litigation, as CFAA claims were often brought against employees who misused access rights to misappropriate information. The CFAA is a criminal statute that also provides a civil remedy, and CFAA claims were commonly raised to acquire federal subject matter jurisdiction, especially prior to the enactment of the Defend Trade Secrets Act in 2016, which provided an independent private cause of action in federal court for trade secret misappropriation.
Continue Reading Supreme Court Resolves Circuit Split on Access Under Computer Fraud and Abuse Act

Legal analytics powerhouse Lex Machina recently released its 2020 Trade Secret Litigation Report, which highlights federal litigation trends in the last decade, as well as the last year specifically. While it’s very much an open question whether these trends will continue in light of the COVID-19 pandemic (more on that in our next  post), the report identifies some interesting data. In addition to some of the highlights contained in the official report, a deep dive of Lex Machina’s case repository reveals even more granular trends, demonstrating the wealth of information that can be gleaned and theories that can be tested from the data compiled from the more than 1.7 million federal cases in Lex Machina’s database. In fact, we have to admit that many of our own assumptions were turned upside down upon digging into the voluminous data available on the Lex Machina website! Expect to see a guest post from Lex Machina soon explaining how this data is sourced and what subscribers can do with it.

Some of the key findings in the report and/or associated data:
Continue Reading A Decade of Data Whets the Appetite for Data Nerds: Lex Machina Releases 2020 Report on Trade Secret Litigation

While it can be hard to remember in a world dominated by COVID-19 headlines, the wheels of justice have not stopped turning at the Supreme Court—even if Justices are now hearing argument remotely. On Monday, April 20, SCOTUS granted a petition for certiorari in a case that may finally provide clarity to a question that has troubled defense attorneys and trade secrets practitioners alike for many years: what does it mean to “exceed authorized access” under the Computer Fraud and Abuse Act?
Continue Reading CFAA Battle Heading to the Supreme Court

One of the first things a company should do when it suspects that its trade secrets have been compromised or that an employee has violated post-employment restrictive covenants is to conduct an investigation. Doing so will identify and ensure preservation of evidence supporting any claims, and is critical to the ability to demonstrate the need for emergency injunctive relief, especially at a time when courts are taking a rigorous approach to what constitutes a “litigation emergency.” Conducting a prompt investigation also helps to avoid any potential defenses of delay, bad faith, or a failure to investigate.
Continue Reading Conducting Trade Secret and Restrictive Covenant Investigations Remotely