Tag Archives: CFAA

Is The Hutchins Indictment Over Malware Unconstitutional?

By Alex Berengaut [This article also was published in Law360.] In May 2017, the “WannaCry” malware was used to launch a worldwide ransomware cyberattack. WannaCry encrypted files on victim computers and demanded a ransom payable in bitcoin to provide the encryption key. The attack was stopped when a British security researcher, Marcus Hutchins, accidentally discovered … Continue Reading

Ninth Circuit: CFAA’s Prohibition on Accessing Computer Without Authorization “Unambiguous”

In a decision released Tuesday, the Ninth Circuit held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition on accessing a computer “without authorization” is violated when a person whose access to a computer system has been “affirmatively revoked” nonetheless accesses that computer system by other means. In United States v. Nosal, the Ninth Circuit … Continue Reading

Court Dismisses CFAA, ECPA, and Other Claims in Privacy Class Action Opperman v. Path

On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile … Continue Reading

Amazon Settles “Flash Cookie” Lawsuit

On Thursday, November 15, 2012, Judge Robert S. Lasnick of the Western District of Washington dismissed Del Vecchio v. Amazon, stating that the parties had reached a settlement, the details of which were not disclosed.  The suit had alleged (among other things) that Amazon used Flash cookies to backup and “respawn” browser cookies that plaintiffs … Continue Reading

Federal Court Finds No Violation of Computer Fraud and Abuse Act Where Former Employee Violates Company Policy on Accessing Proprietary Information

In WEC Carolina Energy Solutions LLC v. Miller, the U.S. Court of Appeals for the Fourth Circuit recently ruled that a former employee could not be held liable under the federal Computer Fraud and Abuse Act (“CFAA”), where he lawfully downloaded confidential information from his employer’s computer network and soon thereafter used that information in connection with his … Continue Reading

Court Dismisses CFAA, Trespass Claims Against Amazon

By Brian Ryoo The United States District Court for the Western District of Washington recently dismissed in part an online privacy lawsuit alleging that Amazon “circumvented” browser privacy controls in order to track users’ web browsing activities.  The plaintiffs in Del Vecchio v. Amazon had alleged that Amazon “exploit[ed]” browser controls in Internet Explorer by … Continue Reading

Amazon Case Dismissed; No Adequate Facts Pled To Establish Plausible Harm

The United States District Court for the Western District of Seattle recently dismissed an online privacy case involving the alleged improper use of browser and Flash cookies in Del Vecchio v. Amazon.  Finding that the plaintiff “simply not plead adequate facts to establish any plausible harm,” this opinion follows closely on the heels of several … Continue Reading

In re iPhone Application Litigation Dismissed

Yesterday, Judge Lucy Koh of the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss the consolidated, amended complaint in In re iPhone Application Litigation for lack of Article III standing, with leave to amend.  In finding lack of standing, the Court stated that plaintiffs’ allegations were “clearly insufficient” as … Continue Reading

Privacy Lawsuit Against Cable One Dismissed

Today the District Court for the Northern District of Alabama dismissed the class action lawsuit filed against our client, Cable One, Inc., for lack of subject matter jurisdiction because the named plaintiff lacked standing.  The litigation arose out of a limited test of NebuAd Inc.’s “deep packet inspection” technology, which was used to create anonymous, … Continue Reading

Apple Sued Again For Alleged Privacy Violations

For the fourth time in the past two months, Apple has been sued for allegedly violating the privacy of iPad and iPhone users.  Like the previous three suits (two of which we discussed in this post), Rodimer v. Apple, Inc. [PDF] alleges that Apple transmitted “personal information,” including Unique Device IDs (“UDIDs”) to application developers, who, in … Continue Reading

Ringleader Agrees to Settle Privacy Suits

Ringleader Digital — an online advertising firm specializing in the mobile market — has agreed to settle two putative class actions that were filed against it last fall.  The plaintiffs alleged that Ringleader violated the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030, as well as various state privacy and consumer protection laws, by using HTML5 software to … Continue Reading

Recent CFAA Cases Address Defendants’ Violations of Employer Policies

A recent decision from the Eleventh Circuit highlights an ongoing issue under the Computer Fraud and Abuse Act (“CFAA”): the significance of policy-based restrictions when determining whether a person accessed a protected computer “without authorization” or “exceeded authorized access.” In United States v. Rodriguez [PDF], the Eleventh Circuit upheld the criminal conviction of a Social Security … Continue Reading

Quantcast, Clearspring Agree to Settle “Flash Cookies” Suits

Just two days after the Director of the FTC’s Bureau of Consumer Protection announced that the agency would not tolerate an “arms race” aimed at developing technologies that subvert user choice regarding online tracking, two firms accused of employing such technologies agreed to settle lawsuits against them.  Quantcast and Clearspring–which provide web analytics and certain functionality to consumer-facing websites–were named in several … Continue Reading
LexBlog