The Computer Fraud and Abuse Act is the most frequently used law for combating computer fraud. Practically speaking, the Computer Fraud and Abuse Act is the king of all computer fraud laws.
Steven Brower, Presentations, Publications and Speeches
It is, therefore, important that litigation attorneys have a working knowledge of what it covers, the basics of how it is used, and the issues that generally pose the most difficulty and are the most frequently litigated. The CFAA, as a body of law, is still in its infancy. The number of cases applying the CFAA is substantial because of the frequency with which it is used and the complexity of its statutory language.
- Credit card fraud and ID theft statistics - aginanglobal.ga!
- Related posts.
- ID Theft Ring Attacked Retailers on Multiple Levels!
- The Art of Agile Development: Pragmatic guide to agile software development.
This has led to conflicting interpretations and applications of various provisions by both judges and scholars. The Computer Fraud and Abuse Act is not even thirty years old, with its origins dating back to the early s when federal law enforcement agencies were concerned that, due to the nature of emerging computer crimes, the wire and mail fraud provisions of the federal criminal code were no longer adequate tools for fighting computer related criminal activity.
Government computers. The CFAA has been amended frequently to enable it to keep abreast with technological advances. The CFAA prohibits ten general types of activity for which civil liability may be imposed when one:. A information contained in a financial record of a financial institution, or of a card issuer. B intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage;  or. C intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.
A such trafficking affects interstate or foreign commerce; . A threat to cause damage to a protected computer; . B threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; . C demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion[.
The CFAA also prohibits conspiracies to commit the foregoing conduct as well as attempts at committing such conduct. Section g of the CFAA authorizes a civil action to seek remedies of compensatory damages and injunctive relief by one who suffers damage or loss from the CFAA violation. Questions of what constitutes damage and loss are frequently litigated and, therefore, will be discussed in more detail in Section III. Damage relates to the initial showing that must be made to satisfy the necessary conditions for bringing a civil CFAA claim.
The limitation period for bringing a claim for a violation of the CFAA is two years from the date of the wrongful act or the date of the discovery of the damage. A significant strategic consideration for many attorneys is choosing the court in which to try a case. Federal courts do not have exclusive jurisdiction over CFAA claims. Rather, federal and state courts have concurrent jurisdiction to decide claims under the CFAA.
Mazur , a federal district court did exactly that and remanded a previously removed CFAA claim back to the state court on an abstention basis. In another removal case, Landmark Credit Union v.
How to find out if your information was stolen
Doberstein ,  a federal district court analyzed the CFAA claim upon which the removal was premised and determined that because the CFAA claim appeared to be pretextual and not a seriously viable claim—along with the fact that the CFAA claim and the rest of the case was premised on a state law contract claim—the federal law claim was entirely derivative of state law issues, and, therefore, the case did not arise under federal law. While computer fraud is obviously an integral part of the CFAA, its reach goes far beyond computer fraud as that term is used in this Article.
As previously mentioned, subsections a 2 and a 4 are the most useful CFAA subsection for litigators. With an understanding of the elements of the most useful causes of action for business related claims under the CFAA, it is helpful to explore the burden by which these elements must be pleaded and proven. Similarly, the burden of proof for a CFAA claim is not the same as common law fraud.
Rather, to defraud under the CFAA simply means wrongdoing and does not require proof of common law fraud.
McMillian ,  the court provided a summary of what types of damages have been found to be recoverable for a CFAA violation:. Further, interpreting the statute to limit the recovery of lost revenue would lead to absurd results. Courts have also found that loss of business and business goodwill constitutes recoverable damages under the CFAA.
The CFAA does not permit recovery of exemplary damages. Litigation strategy often places a higher value on the ability to obtain injunctive relief, for which the CFAA provides,  than on damages or attorneys fees. On January 27, , the court entered the temporary restraining order prohibiting Hotz and others from engaging in the following activities:. In chess this would have been checkmate. By March 31, —less than three months after the case was filed—the parties settled and agreed to a Final Judgment Upon Consent and Permanent Injunction.
The Permanent Injunction essentially prohibits the same activities that were included in the Temporary Restraining Order and Preliminary Injunction—permanently—and also provides that any violation thereof constitutes irreparable harm to Sony entitling it to immediate relief—another temporary restraining order  —and stipulated liquidated damages of ten thousand dollars per violation capped at a maximum amount of two hundred and fifty thousand dollars. Had Sony not been able to obtain the Temporary Restraining Order or Preliminary Injunction, it is quite unlikely that this case would have settled on these terms this quickly.
Successfully obtaining injunctive relief won this case, just as it wins many cases. These are highly effective strategic devices that any litigators, business or otherwise, would want in their arsenal. Within the customary lifespan of a body of law, the CFAA is still in its infancy. The interpretation and application of its provisions are continuously evolving, and will continue to be refined through the judicial process as courts struggle with the meanings and inner workings of its key provisions.
In what may seem counterintuitive, the litigation of these issues is positive for its development and refinement. These decisions, United States v. Kramer  and United States v. Given all of this uncertainty, attorneys must stay abreast of the prevailing developments within their jurisdiction on various issues and be methodical in asserting or defending against a CFAA claim to ensure that all of the procedural requirements are satisfied.
Many of the CFAA decisions are rulings on motions to dismiss for failure to state a claim on the grounds that various procedural requirements have not been met. The court observed that the definition of computer in the CFAA is exceedingly broad:.
This definition captures any device that makes use of an electronic data processor, examples of which are legion. Accord Orin S. These functions are the essence of its operation. The court acknowledged that a normal cell phone might not easily fit within the colloquial definition of computer, but that it was bound to follow the definition set forth in the CFAA. Finally, the court analyzed the specific operations and specifications of the cell phone at issue and determined that the phone contained a lithium ion battery, had 5 MB of memory, was capable of running software, used a graphics accelerator to run its display images, and contained a software copyright notice, all of which sufficiently demonstrated that the phone makes use of an electronic data processor.
This is certainly true of the author, whose first computer was a TI—99 made by Texas Instruments that had a 3. The smart phone is an exponentially more powerful computer. A video gaming system? Hotz was a Sony PlayStation3 gaming system. A website? The CFAA requires more than simply using a computer in the commission of a wrongful act.
It requires the improper access of a computer. Much has changed, however, during the drafting of this Article. Leading up to April 28, , there was what on the surface appeared to be a conflict that had two circuit courts of appeal on a collision course, and at least two somewhere in the middle. Then the Ninth Circuit filed its opinion in United States v. Nosal  and seemed to meld together some of those conflicts in a way that could have a profound impact on the various theories of access jurisprudence, as Subsection III. How well the other circuit courts will receive Nosal , including whether the Seventh Circuit will move closer to the middle,  is uncertain.
Millions affected by Capital One data breach
The more immediate question, however, is what has led to all of this confusion. The statutory language is the best place to begin. The access must be knowing or intentional. Third party issues occasionally arise under the CFAA. One court has held that a plaintiff can only bring CFAA claims for wrongful access to its own computers, not the computers of third parties.
Related Computer. Fraud & Security (March 2005)
Copyright 2019 - All Right Reserved