Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Misuse of proprietary data alone doesn't violate CFAA, judge rules

Jaikumar Vijayan | Jan. 30, 2014
Court rules that Computer Fraud and Abuse Act governs how data is accessed, not how it is used by persons with valid access

Enki claimed that Freedman violated CFAA rules by intentionally accessing the company's computers without proper authorization. The company also charged that Freedman exceeding any authorized access by copying and misusing the proprietary data.

Grewal dismissed both claims, noting that CFAA isn't applicable because Freedman used valid login credentials to access the data .

The CFAA imposes liability where the defendant commits certain acts on a "protected computer" either "without authorization" or "in excess of his authorization," the judge said.

Pointing to the Ninth Circuit's ruling on the issue, Grewal said that under the CFAA, unauthorized access only happens when someone accesses a protected system without any permission at all.

"It has further held that an individual does not "exceed authorized access" simply by misusing information that he or she was entitled to view for some other purpose; the CFAA regulates access to data, not its use by those entitled to access it," he said in the ruling.

Such cases underscore the challenges in using the CFAA to deal with those who misappropriate data, Brown said.

Enterprises are bringing claims under the CFAA in order to appear strong, Brown said.

"It elicits discussion about how the cause of action appears in a statute that is part of the federal criminal code. Plaintiffs hope that the specter of federal prosecution--regardless of whether that is a real possibility--will intimidate the defendant," he noted.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.