CFAA

Subscribe to CFAA via RSS
peter-broomfield-m3m-lnR90uM-unsplash

A recent motion for preliminary approval of a class action settlement filed in federal court in Georgia will bring to a close claims asserted on behalf of a class of Porsche owners for a purportedly botched over-the-air (“OTA”) software update sent to their vehicles. But a recent decision by a California federal court suggests that manufacturers may be able to avoid claims for violation of the Computer Fraud and Abuse Act (“CFAA”) so long as they do not “blatantly misdescribe” the OTA updates they transmit to vehicle owners. Taken together, these cases signal the challenges automakers will face in defending software malfunction cases and the benefits of robust disclosure when transmitting OTA software updates.

Continue Reading Computers on Wheels: One OEM Settles Claims While Another Scores a Win in Cases Involving Allegedly Botched OTA Updates

The Department of Justice recently announced a revision of its policy concerning charging violations of the Computer Fraud and Abuse Act (the “CFAA”). Following recent decision from the Supreme Court and appellate courts that seemingly narrow the scope of civil liability under the CFAA, the DOJ’s new policy may likewise limit criminal prosecutions under the law.

As regular readers of this blog are well aware, the CFAA provides that “[w]hoever … intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer … shall be punished” by fine or imprisonment.” The DOJ’s announced policy, however, now directs that “good-faith security research” should not be charged. “Good faith security research” means “accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”
Continue Reading DOJ Announces It Will Not Charge CFAA Violations for Good-Faith Security Research

A non-fungible token (“NFT”) is a type of financial asset that is made up of digital data stored in a blockchain. Clear as mud, right? The person or entity that owns the NFT records the ownership in the blockchain, which allows NFTs to be sold and traded. NFTs typically are made up of digital files such as photos, videos, and music. This can even expand to internet viral memes, like Disaster Girl, which became an NFT valued at $401,718.00. The market value of the NFT is linked directly to the digital file that it represents. And more critically, each NFT is uniquely identifiable, so in that way, is different from a cryptocurrency which is fungible.
Continue Reading NFT Company Seeks to Avail Itself of Trade Secret Protections

In September 2019, the Ninth Circuit held that hiQ Labs, Inc.’s (“hiQ”) collection and use of information that LinkedIn users shared on their public profiles did not violate the Computer Fraud and Abuse Act (“CFAA”) because the data was publicly available and therefore did not fall within the scope of the CFAA. Following the Ninth Circuit’s order, the Supreme Court issued a decision in Van Buren v. United States, wherein the Supreme Court held, in a 6-3 ruling, that a former Georgia police officer did not “exceed authorized access” within the meaning of the CFAA by accessing a state law enforcement computer database containing license plate information to determine whether an individual was an undercover officer. The Supreme Court concluded that an individual “exceeds authorized access” when he accesses a computer with authorization but then obtains information located in particular areas of that computer—such as files, folders, or databases—that are off-limits to him.
Continue Reading Ninth Circuit Reaffirms that Data Scraping from Public Websites Does Not Violate the Computer Fraud and Abuse Act

In a long-awaited decision, the Supreme Court resolved a circuit split about whether an individual with access to a computer system violates the Computer Fraud and Abuse Act (“CFAA”) by accessing information for an improper purpose. By a 6-3 decision authored by Justice Barrett, the Court held that an individual does not “exceed authorized access” within the meaning of the CFAA by misusing access to obtain information that is otherwise available to that person. While the case heard by the high court was a criminal case involving a former law enforcement officer’s criminal conviction, the decision nonetheless has broad ramifications for trade secrets and restrictive covenant litigation, as CFAA claims were often brought against employees who misused access rights to misappropriate information. The CFAA is a criminal statute that also provides a civil remedy, and CFAA claims were commonly raised to acquire federal subject matter jurisdiction, especially prior to the enactment of the Defend Trade Secrets Act in 2016, which provided an independent private cause of action in federal court for trade secret misappropriation.
Continue Reading Supreme Court Resolves Circuit Split on Access Under Computer Fraud and Abuse Act

Legal analytics powerhouse Lex Machina recently released its 2020 Trade Secret Litigation Report, which highlights federal litigation trends in the last decade, as well as the last year specifically. While it’s very much an open question whether these trends will continue in light of the COVID-19 pandemic (more on that in our next  post), the report identifies some interesting data. In addition to some of the highlights contained in the official report, a deep dive of Lex Machina’s case repository reveals even more granular trends, demonstrating the wealth of information that can be gleaned and theories that can be tested from the data compiled from the more than 1.7 million federal cases in Lex Machina’s database. In fact, we have to admit that many of our own assumptions were turned upside down upon digging into the voluminous data available on the Lex Machina website! Expect to see a guest post from Lex Machina soon explaining how this data is sourced and what subscribers can do with it.

Some of the key findings in the report and/or associated data:
Continue Reading A Decade of Data Whets the Appetite for Data Nerds: Lex Machina Releases 2020 Report on Trade Secret Litigation

Please join us for a one-hour CLE webinar on Wednesday, November 14, 2018, at 1:00 p.m. Eastern / 12:00 p.m. Central / 10:00 a.m. Pacific.

Trade secret misappropriation is increasingly gaining the attention of law enforcement authorities. This reality creates different dynamics and risks depending on whether a company is being accused of wrongdoing or is the victim of such
Continue Reading Upcoming Webinar! Criminal Trade Secret Theft Update

In what appears to be a first under the Defend Trade Secrets Act (“DTSA”), a United States District Judge has thrown out claims against an alleged trade secret thief on the basis of the DTSA’s immunity for confidential disclosures to attorneys in the course of investigating a suspected violation of the law. Christian v. Lannett Co., Inc., No. 16-cv-00963-CDJ, 2018 WL 1532849 (E.D. Pa. Mar. 29, 2018).

Certain Trade Secret Disclosures to Attorneys or the Government Are Protected

The DTSA exempts from both criminal and civil liability any trade secret disclosure made in confidence to a federal, state, or local official or to an attorney if the disclosure is made “solely for the purpose of reporting or investigating a suspected violation of law.” 18 U.S.C. § 1833(b)(1).
Continue Reading Defend Trade Secrets Act First: Claim Tossed Based on Whistleblower Immunity

Continuing our annual tradition, we present the top developments/headlines for 2017/2018 in trade secret, computer fraud, and non-compete law.

1. Notable Defend Trade Secrets Act Developments

Just two years after its enactment, the Defend Trade Secrets Act (“DTSA”) continues to be one of the most significant and closely followed developments in trade secret law. The statute provides for a federal civil cause of action for trade secret theft, protections for whistleblowers, and new remedies (e.g., ex parte seizure of property), that were not previously available under state trade secret laws.
Continue Reading Top Developments/Headlines in Trade Secret, Computer Fraud, and Non-Compete Law in 2017/2018