Computer Fraud (CFAA)

Constitutional Challenge to CFAA Survives Motion to Dismiss as D.C. Court Weighs in on Circuit Split

On March 30, 2018, in Sandvig v. Sessions, the U.S. District Court for the District of Columbia allowed one of several constitutional challenges to the Computer Fraud and Abuse Act to survive a motion to dismiss.  In doing so, the district court highlighted and analyzed the split between circuits in interpreting the “exceeds authorization” provision and joined the Second, Fourth, and Ninth Circuits in finding that exceeding authorization means exceeding authorized access and not merely authorized use. READ MORE

David Nosal Raises Unusual Fairness Argument in Yet Another Attempt to Avoid 366-Day Prison Sentence

Just over four years ago, in January 2014, a court sentenced former Korn/Ferry regional director David Nosal to one year and one day in prison for violations of the federal Computer Fraud and Abuse Act and the Espionage Act.  Nosal appealed the sentence, but his appeals ultimately failed: the U.S. Court of Appeals for the Ninth Circuit upheld Nosal’s sentence, and the U.S. Supreme Court denied review of the case.  Luckily for Nosal, his 2014 motion for release pending appeal was granted, so he has not served any time during the four years of appeals. READ MORE

Nosal Reply Brief Sets Stage for SCOTUS Cert Decision

The U.S. Supreme Court, which just began a new term on Monday with a full complement of nine justices, is expected to soon decide whether it will hear the appeal of David Nosal, the former Korn Ferry executive whose conviction under the Computer Fraud and Abuse Act was upheld in a controversial and closely-watched Ninth Circuit decision last year.  Nosal submitted his reply brief in support of certiorari on September 19, 2017, responding to the Department of Justice’s opposition submitted two weeks earlier.

READ MORE

PILLOW TALK: A Threat to Trade Secrets?

It turns out that, even in romantic relationships, some things are best kept secret.  On July 7, 2017, Teva Pharmaceuticals USA, Inc. filed a complaint in the Eastern District of Pennsylvania alleging that a former executive disclosed confidential information to a romantic partner who happens to be an executive of one of Teva’s direct competitors. READ MORE

(Alleged) Spammer Squares Off With (Alleged) Hacker, Highlighting Risk of Cyber Threats

What’s in a name?  Obviously a lot, as businesses in all industries invest significant time and money to protect their reputations.  But, in some sectors, the line between positive and pejorative can be quite thin.

Take email marketing and cybersecurity, for example:  What exactly distinguishes a successful high-volume email marketer from a spammer?  And how can we distinguish a well-intentioned security analyst exposing vulnerabilities from a nefarious hacker?  (Those familiar with techspeak will surely recall the familiar “white hat” and “black hat” dichotomy, but even that, as Wired has observed, is subject to gray areas of its own.) READ MORE

Password Sharing Is Not a Crime, Ninth Circuit Reassures in Denial of Nosal’s Request for Rehearing

Since the early days of this blog, we’ve been covering the ongoing legal battle involving ex-Korn Ferry recruiter David Nosal as it winds its way through the courts. The latest chapter in this saga came on December 8, 2016, when a Ninth Circuit panel clarified that the Computer Fraud and Abuse Act (CFAA) does not criminalize innocent password sharing, in a published opinion denying Nosal’s request for a rehearing en banc. READ MORE

Amendment to Federal Criminal Procedural Rule Could Impact Trade Secret Cases

Much attention, including here at Trade Secrets Watch, has been focused in recent weeks on the Defend Trade Secret Act (“DTSA”), which overwhelmingly passed both houses of Congress in April and was signed into law by President Obama on May 11th. The DTSA gives companies new tools for combatting alleged trade secret theft, including a direct path to federal court via the addition of a private right of action to the Economic Espionage Act (EEA) and the ability to apply for ex parte seizure orders to prevent propagation or dissemination of stolen trade secrets. READ MORE

Ninth Circuit Hears Oral Arguments in United States v. Nosal, Part II

On October 20, 2015, a three judge panel of the Ninth Circuit heard oral arguments in Round II of United States v. David Nosal.  Both sides generally stuck with arguments from their briefs, with Nosal’s counsel arguing that upholding Nosal’s  conviction under the Computer Fraud and Abuse Act (the “CFAA”) would lead to criminalization of relatively minor misappropriations of information, and the government arguing that the precedent would only apply in the employment context. READ MORE

Final TPP Language on Trade Secret Protection Disclosed

On October 5, 2015, years of protracted negotiations of the Trans-Pacific Partnership Agreement (“TPP”) concluded. The TPP is a proposed trade agreement between 12 Pacific Rim nations that lowers trade barriers such as tariffs, establishes intellectual property protections, creates labor and environmental standards, and creates a framework for resolving disputes between member nations. The 12 nations participating in those negotiations are Singapore, Brunei, New Zealand, Chile, Australia, Peru, Vietnam, Malaysia, Mexico, Canada, Japan, Colombia, Philippines, Thailand, Indonesia, Taiwan, South Korea, and the United States. Conspicuously absent are the People’s Republic of China, Macao, Russia, and North Korea. READ MORE

Think Before You Tack CFAA Claims on to Your Trade Secret Misappropriation Case

Before you include a Computer Fraud and Abuse Act (“CFAA”) claim in a trade secret case, consider carefully: was the data acquired through “unauthorized access” or was it just misused by the defendants? If it was properly accessed (but later misused), your CFAA claim, and the federal question jurisdiction that comes with it, is in jeopardy. In SunPower Corp. v. SunEdison, Inc., Judge Orrick of the Northern District of California recently dismissed the plaintiff’s CFAA claim because the plaintiff failed to allege that the data was accessed without authorization, only that it was later misused.  Because the CFAA claim provided the basis for federal jurisdiction, Judge Orrick indicated that he would dismiss the entire case and not exercise pendent jurisdiction over the remaining thirteen state claims if the CFAA claim could not be properly amended. READ MORE