Computer Fraud (CFAA)

Nosal Returns to the Ninth Circuit Posing the Question: Is a Password a Sufficient “Technological Access Barrier” Under the CFAA?

Observers following the legal issues surrounding the prosecution of David Nosal will be watching closely in 2015 as the former Korn Ferry executive returns to the Ninth Circuit to appeal his 2013 conviction on three counts of violating the Computer Fraud and Abuse Act. READ MORE

Trade Secrets Watch 2013 Year-in-Review

It’s been a hot year in the trade secrets field, with some huge verdicts and settlements, a renewed spotlight on cyberattacks, and an unusual flurry of trade secrets legislation.  Trade Secrets Watch’s 2013 Year-in-Review highlights the notable trade secrets activity from the past year. READ MORE

CYBERSECURITY UPDATE: New Rules Require Defense Contractors to Protect Technical Information

The U.S. Department of Defense issued final rulemaking on November 18, 2013 that will require DOD contractors to protect from attack confidential technical information on their computer systems, and to report and cooperate with DOD in the event that this information is compromised through a cyberattack.  The rules come nearly two years after draft rules were first announced and in the midst of continuing public concern about the threat of state-sponsored trade secrets theft. READ MORE

GIVE AND TAKE: Lofgren’s Twin Trade Secret Bills Would Curtail Actions Under One Law, Expand Them Under Another

When Rep. Zoe Lofgren, the Silicon Valley Democrat, introduced a pair of bills last month on trade secret misappropriation, we puzzled over her purpose.  Was this a response to the White House’s call for improved federal legislation to protect U.S. trade secrets?  Did the measures mark the start of a comprehensive federal civil “Trade Secrets Act” that would put trade secrets on par with other federally protected intellectual property such as patents, trademarks, and copyrights?

Trade Secrets Watch decided to investigate and tapped our congressional sources for the back story.  Turns out our musings were wrong.

First, a quick backgrounder on federal trade secret protection (and lack thereof): The federal government has declined to go all-in on protecting U.S. trade secrets, leaving this area primarily governed by state law.  When it comes to trade secrets, federal law consists of a patchwork of acts that leave yawning gaps in legal protection.  For example, the federal Economic Espionage Act, known as the EEA, prohibits trade secret theft but is solely a criminal law — it doesn’t provide for a federal civil cause of action (i.e., a right allowing private parties to sue).  And the Computer Fraud and Abuse Act, known as the CFAA, only covers certain types of thefts involving unauthorized access to computers.  It provides for criminal prosecution and grants a victimized company the right to sue.  But in a case last year (United States v. Nosal), the Ninth Circuit U.S. Court of Appeals interpreted the CFAA narrowly, finding that it was primarily intended to curtail hacking and that it does not bar employees from stealing trade secrets from their employers’ computers in more run-of-the-mill cases of trade secret theft.  READ MORE

LEGISLATIVE UPDATE: Rep. Zoe Lofgren Proposes New Legislation, Including a Civil Cause of Action for Trade Secret Misappropriation

We previously reported on the downpour of recent trade secret activity in Congress.  Last week, Congresswoman Zoe Lofgren (D-Cal.) added to the deluge by introducing two bills bearing on trade secret misappropriation: (1) the Private Right of Action Against Theft of Trade Secrets Act of 2013, a bill to amend the Economic Espionage Act to provide for a federal civil cause of action, and (2) Aaron’s Law Act of 2013, a bill to amend the Computer Fraud and Abuse Act in light of computer programmer Aaron Swartz’s suicide.

We’ve updated our primer on the recent trade secret-related legislation READ MORE

Pols Gone Wild: Congress Discovers Trade Secret Theft and Cybersecurity are Problems; We Sort Through the Explosion of Legislation

The revised post is available here.

Trade secret theft and cybersecurity are hot topics in Congress these days, spawning legislative initiatives left and right.  Amid this flurry of legislation, it’s hard to keep all the bills straight.  Trade Secrets Watch took a look at the legislation currently under review, and put together this primer:

Bill Sponsors What’s It About? Status
Cyber Economic Espionage Accountability Act Rep. Mike Rogers
(R-Mich.)Rep. Tim Ryan
  • Introduced June 6, 2013, the bill broadly aims to secure the United States against cyber attacks sponsored by foreign governments.
  • The bill calls for the President to identify foreign government officials whom the President determines, “based on credible information,” are responsible for cyber theft of United States intellectual property.
  • The bill makes the identified persons ineligible to be admitted to the United States.
  • The bill directs the Secretary of State and Secretary of Homeland Security to revoke the visa of any such identified person.
  • The bill imposes financial sanctions, enabling the President to freeze property transactions by the identified individuals.
Referred to the Foreign Affairs, Judiciary and Financial Services Committees.
Deter Cyber Theft Act Sen. Carl Levin
(D-Mich.)et al.
  • Introduced May 7, 2013, the bill would establish a “watch list” and “priority watch list” of countries that facilitate or engage in cyber theft of trade secrets from the United States.
  • As we previously reported, the bill would also require the President to direct U.S. Customs and Border Protection to bar imports from foreign countries on the watch list.
Referred to the Committee on Finance.
Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (“SECURE IT”) Rep. Marsha Blackburn
  • Introduced April 10, 2013, SECURE IT seeks to, among other things, facilitate the sharing of cyber threat information and create new deterrents for cyber criminals.
  • For instance, the act creates a limited exemption from antitrust laws for the sharing of cyber threat information between private entities.  It further provides that an entity may disclose cyber threat information to any entity to assist with the investigation of threats to cybersecurity.  (This portion of the bill might face the same opposition as CISPA — see below.)
  • SECURE IT further requires that federal agencies be informed of significant cyber incidents involving their federal information systems and that agencies adopt technologies to detect and remediate cyber intrusions.
  • The bill aims to amend certain provisions of the Computer Fraud and Abuse Act to include new criminal penalties for “aggravated damage” to certain “critical infrastructure” computers, such as those that control water supplies, electrical power delivery, and financial transactions.
Referred to the House Subcommittee on Crime, Terrorism, Homeland Security, and Investigations.
Cyber Intelligence Sharing and Protection Act (“CISPA”) Rep. Mike Rogers
(R-Mich.)et al.
  • First introduced in the House on November 30, 2011, and most recently re-introduced on February 13, 2013, the act aims to permit information sharing about possible cybersecurity threats among government agencies and private companies.
  • CISPA has divided the House and Senate and has faced opposition by privacy and civil liberties organizations.
The bill passed the House and was referred to the Senate but has not shown signs of advancement.  We reported earlier that the Senate would not be taking up the bill and that President Obama threatened to veto the bill because of privacy concerns.


What trends can we discern from these bills?   READ MORE