The summer of 2012 featured several cases that interpreted the scope and application of the Computer Fraud and Abuse Act (CFAA). The CFAA was passed in 1984 in response to hacking and emerging computer crime. Recent cases include:
August 21:
The U.S. District Court for the Western District of Oklahoma held that an employee who downloaded shareware from the Internet in violation of company policy may be liable under the CFAA for using the downloaded software to obtain confidential company documents. In Musket Corp. v. Star Fuel of Oklahoma LLC, the court held that anyone who is authorized to use a computer for certain purposes but goes past those limitations is considered to have “exceeded authorized access” under the CFAA.
August 2:
The U.S. District Court for the Northern District of California held that a defendant was in violation of the CFAA for knowingly and intentionally circumventing Craigslist’s security features after agreeing to Craigslist’s Terms of Use. The defendant in Craigslist v. Kerbel continued the conduct despite receiving cease and desist letters.
July 26:
The U.S. District Court for the District of South Carolina adopted a narrow interpretation of the CFAA terms “without authorization” and “exceeds authorized access” in WEC Carolina Energy Solutions LLC v. Miller. The court held that the terms only apply in a criminal context when someone obtains or alters information they weren’t authorized to obtain or alter.
June 29:
The U.S. District Court District of New Hampshire held that its defendants could not be sued under the CFAA even though they violated use restrictions. Because the defendants in Wentworth-Douglass Hosp. v. Young & Novis Prof’l Ass’n were provided access passwords by the system owner, they could not have “illegally accessed” the system.
Keith Kupferschmid is General Counsel and SVP, Intellectual Property Policy & Enforcement at SIIA.