August 1, 2013 IT Law Update
Civil Relief Under the Computer Fraud and Abuse Act
The federal Computer Fraud and Abuse Act (CFAA) is a criminal law prohibiting unauthorized access to a protected computer to commit fraud or obtain something of value. The CFAA also allows “[a]ny person who suffers damage or loss by reason of a violation of the Act to maintain a civil action against the violator.” The threshold for damage or loss is $5000.
In July, two courts ruled on civil CFAA claims with interesting results. In Farmers Ins. Exchange v. Steele Ins. Agency, a federal court in California held that claims that departing employees who used others’ passwords to access the employer’s client database fall within the scope of the CFAA. The court went on to dismiss the claims because the employer could not allege present damage or loss of $5000 or more.
In Sprint Nextel Corp. v Simple Cell Inc., Sprint alleged that various defendants violated the CFAA by unlocking and reselling mobile devices without Sprint’s authorization. The federal court in Maryland allowed Sprint to aggregate its damages from “multiple intrusions or violations” in order to meet the $5000 CFAA threshold. Sprint’s alleged damages included responding to defendants’ contacts with Sprint customer service, investigating and taking action to counteract the alleged theft. Access the Sprint decision here.
Contact us at Ossian Law P.C. for more information about civil remedies under the CFAA, or any other information technology law question.