By Alex Berengaut [This article also was published in Law360.] In May 2017, the “WannaCry” malware was used to launch a worldwide ransomware cyberattack. WannaCry encrypted files on victim computers and demanded a ransom payable in bitcoin to provide the encryption key. The attack was stopped when a British security researcher, Marcus Hutchins, accidentally discovered … Continue Reading
In a decision released Tuesday, the Ninth Circuit held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition on accessing a computer “without authorization” is violated when a person whose access to a computer system has been “affirmatively revoked” nonetheless accesses that computer system by other means. In United States v. Nosal, the Ninth Circuit … Continue Reading
By Jim Garland On Tuesday, President Obama introduced a legislative proposal on privacy and data security that seeks to strengthen and clarify law enforcement’s ability to investigate and prosecute cybercrimes.… Continue Reading
On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile … Continue Reading
From electronic surveillance to healthcare privacy to drones, Congress is planning to consider a wide range of privacy legislation this year. The Edward Snowden leaks about the National Security Agency and the recent data breaches at retailers are likely to keep privacy and data security on the top of many lawmakers’ agendas. After the jump … Continue Reading
On Thursday, November 15, 2012, Judge Robert S. Lasnick of the Western District of Washington dismissed Del Vecchio v. Amazon, stating that the parties had reached a settlement, the details of which were not disclosed. The suit had alleged (among other things) that Amazon used Flash cookies to backup and “respawn” browser cookies that plaintiffs … Continue Reading
In WEC Carolina Energy Solutions LLC v. Miller, the U.S. Court of Appeals for the Fourth Circuit recently ruled that a former employee could not be held liable under the federal Computer Fraud and Abuse Act (“CFAA”), where he lawfully downloaded confidential information from his employer’s computer network and soon thereafter used that information in connection with his … Continue Reading
By Brian Ryoo The United States District Court for the Western District of Washington recently dismissed in part an online privacy lawsuit alleging that Amazon “circumvented” browser privacy controls in order to track users’ web browsing activities. The plaintiffs in Del Vecchio v. Amazon had alleged that Amazon “exploit[ed]” browser controls in Internet Explorer by … Continue Reading
The United States District Court for the Western District of Seattle recently dismissed an online privacy case involving the alleged improper use of browser and Flash cookies in Del Vecchio v. Amazon. Finding that the plaintiff “simply not plead adequate facts to establish any plausible harm,” this opinion follows closely on the heels of several … Continue Reading
Yesterday, Judge Lucy Koh of the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss the consolidated, amended complaint in In re iPhone Application Litigation for lack of Article III standing, with leave to amend. In finding lack of standing, the Court stated that plaintiffs’ allegations were “clearly insufficient” as … Continue Reading
Today the District Court for the Northern District of Alabama dismissed the class action lawsuit filed against our client, Cable One, Inc., for lack of subject matter jurisdiction because the named plaintiff lacked standing. The litigation arose out of a limited test of NebuAd Inc.’s “deep packet inspection” technology, which was used to create anonymous, … Continue Reading
For the fourth time in the past two months, Apple has been sued for allegedly violating the privacy of iPad and iPhone users. Like the previous three suits (two of which we discussed in this post), Rodimer v. Apple, Inc. [PDF] alleges that Apple transmitted “personal information,” including Unique Device IDs (“UDIDs”) to application developers, who, in … Continue Reading
Ringleader Digital — an online advertising firm specializing in the mobile market — has agreed to settle two putative class actions that were filed against it last fall. The plaintiffs alleged that Ringleader violated the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030, as well as various state privacy and consumer protection laws, by using HTML5 software to … Continue Reading
A recent decision from the Eleventh Circuit highlights an ongoing issue under the Computer Fraud and Abuse Act (“CFAA”): the significance of policy-based restrictions when determining whether a person accessed a protected computer “without authorization” or “exceeded authorized access.” In United States v. Rodriguez [PDF], the Eleventh Circuit upheld the criminal conviction of a Social Security … Continue Reading
Just two days after the Director of the FTC’s Bureau of Consumer Protection announced that the agency would not tolerate an “arms race” aimed at developing technologies that subvert user choice regarding online tracking, two firms accused of employing such technologies agreed to settle lawsuits against them. Quantcast and Clearspring–which provide web analytics and certain functionality to consumer-facing websites–were named in several … Continue Reading
