The federal Computer Fraud & Abuse Act (CFAA) was enacted in 1986 to target computer system hackers who either damage the system or take valuable information. The CFAA prohibits “unauthorized access to a protected computer to commit fraud or obtain something of value.” Having both criminal and civil penalties, the scope of the law has broadened over time. Two recent court decisions illustrate this wider scope.

In a July 5, 2016 opinion, a Ninth Circuit Court of Appeals panel upheld the criminal conviction of David Nosal, who was charged with conspiring with former co-workers to access proprietary data from their former firm through a “back door” instead of issued log-ins and passwords.

One week later, another Ninth Circuit panel upheld a lower court decision that Power Ventures, Inc. violated the CFAA by sending email and other electronic messages to Facebook users who had previously consented to receive such messages. According to the court, Facebook “expressly rescinded” its users’ permission when it sent Power Ventures a December 1, 2008 cease and desist letter to stop the campaign. Power Venture’s continued acts of contacting Facebook users after that date were held to be “without authorization”.

The Ninth Circuit’s United States v. Nosal opinion is available here and the Facebook v Power Ventures decision is available here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.