Mark Ishman Summarizes Key Internet Law Cases of 2013 – UNAUTHORIZED ACCESS

Throughout the year of 2013, there have been many noteworthy Internet Law cases.  Any attempt to summarize all of these Internet Law cases would be an epic accomplishment.  Rather then attempt such an astronomical task, Internet Law Attorney, Mark Ishman, has chosen a few Unauthorized Access cases of 2013, and has provided short summaries of them to explain how each of these cases have added clarity to Unauthorized Access Law.

  • Under the Computer Fraud and Abuse Act (CFAA), when employees access electronically stored confidential and proprietary data with permission from their employers, and then later misappropriate such electronically stored data before their company revokes their unlimited access to such data, such misappropriation of electronic data is not “unauthorized access” and does not violate the CFAA.  Aerofoil Techs. AG v. Todaro, 2013 WL 410873 (Southern District of New York 2013); see also <http://www.ishmanlaw.com/hacking-unauthorized-access.php>.  This is beginning to be the majority opinion in most federal circuits.
  • Under the CFAA, despite not having any legitimate reason to copy electronically stored confidential and proprietary data prior to resigning from his employment with his employer to take a position with another company, a former C-level officer was found not to have violated the CFAA because such copying conduct was ruled to be misappropriation, and not the unauthorized access, of data. Integral Dev. Co. v. Tolat, Case No. 3:12-CV-06575 (Northern District of California 2013), available publicly at <https://docs.google.com/file/d/0B4dsXU5JRvyidmxMUlRIOE0wc3M/edit>; see also <http://www.ishmanlaw.com/hacking-unauthorized-access.php>.
  • Under the CFAA, a jury found a man guilty of violating the CFAA for unauthorized access when he competed against his former employer by coaxing his former colleagues who still worked for his former employer to access the electronically stored confidential and proprietary data and provide it to him.  United States v. Nosal, Case No. 3:08-cr-00237 (California 2013);
  • Creating parody social media accounts do not violate the CFAA because defendant’s use of plaintiff’s name and image to create such accounts did not constitute “without authorization” of a protected computer under the CFAA. Matot v. CH, Case No. 6:13-cv-153 (Federal District of Oregon 2013) <http://scholar.google.com/scholar_case?case=14332075485572882838&hl=en&scisbd=2&as_sdt=20000006>. This appears to be the majority opinion among most scholars.
  • Under the CFAA, a publicly accessible website can remove access authorization to one of its users through notice, such as a cease and desist letter.  Thereafter, when such de-authorized user circumvents the website technology to access the website to obtain data, such circumvention is considered “without authorization” and such facts give rise to a bona fide claim under the CFAA.   Craigslist v. 3Taps, et al, Case No. CV12-03816 (Northern District of California 2013), <http://www.volokh.com/wp-content/uploads/2013/08/Order-Denying-Renewed-Motion-to-Dismiss.pdf>. Beware companies that employ scrapping technology;
  • Under the CFAA, when a website user accesses a website and obtains or uses data (e.g., scrapping) from such website in a way that is not authorized by such website, such as the website’s terms of use, then such gathering/scrapping of data “exceeds authorized access,” and violates the CFAA entitling the website to damages for “responding to an offense” and “conducting a damage assessment.”  Facebook, Inc. v. Power Ventures, Inc., Case No. 08-05780 (Central District of California, 2012), cert. denied (Ninth Circuit 2013).
  • The “cloud” is considered a protected computer under the CFAA.  Property Rights Law Group, PC v Lynch, Case No. 13-00273 (District of Hawaii 2013) <>;

If you believe that your computer, website, cloud account, email account, or other device connected to the Internet was accessed without your authorization or access exceeded your authorization, or if you have been wrongly accused of accessing a device connected to the Internet without authorization, please contact Computer Law Attorney Mark Ishman at the Ishman Law Firm at (919) 468-3266 or mishman @ ishmanlaw.com.  To learn more about computer law, visit Mark Ishman’s computer hacking law web-page http://www.ishmanlaw.com/hacking-unauthorized-access.php.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>