The Supreme Court’s recent decision in Van Buren v. United States, — S. Ct. —-, 2021 WL 2229206 (2021) resolved a longstanding Circuit split regarding the scope of liability under the Computer Fraud and Abuse Act of 1986 (CFAA), 18 U.S.C. § 1030 et seq. As we previewed last year, Van Buren addressed whether a person “exceeds authorized access” within the meaning of the CFAA when accessing information on a computer for an improper purpose. In an Opinion authored by Justice Barrett, the Supreme Court ruled, 6-3, that the CFAA does not cover those who have improper motives for obtaining computerized information they are otherwise authorized to access.  
Continue Reading Supreme Court Narrows The Scope of Liability Under The Computer Fraud and Abuse Act

As if 2020 hasn’t caused enough hardship and headaches for employers already, the FBI and U.S. Cybersecurity Infrastructure Security Agency (“CISA”) recently issued a joint Cybersecurity Advisory Alert warning employers about the rise in voice phishing, or “vishing,” scams targeting remote workers.
Continue Reading Cybercrime 2020 – The Rise of “Vishing”

A brazen and sophisticated computer intrusion into the records of over 145 million Americans launched from computer hackers based in China led to recent criminal prosecutions under the Computer Fraud and Abuse Act. [1] Courts are willing to extend American law beyond U.S. boundaries often when criminal misconduct takes place overseas that injures Americans. The Constitution grants Congress broad powers to enact laws with extraterritorial scope.[2] The Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”),  is one such statute that provides criminal and civil remedies resulting from unauthorized access to computers used in interstate commerce or communications.[3]  And, it further provides for extraterritorial jurisdiction for criminal or civil violations of the CFAA. Increasingly, U.S.-based companies have become victims of significant computer misconduct launched from overseas.[4]  And, with the increased widespread use of social media platforms during the Covid-19 pandemic, computer mischief in an effort to gain confidential business information is on the rise.[5]
Continue Reading Extraterritorial Application of the Computer Fraud and Abuse Act

Companies routinely use Non-Disclosure Agreements (NDAs) to protect confidential information shared with potential acquirers, consultants, and other third parties.  But companies cannot merely rely on stock NDAs to protect that information.  They should understand each NDA’s procedures for designating information as “Confidential” (and ensure compliance with them), and grasp the interplay between NDAs and state trade secret laws in terms of imputing duties of confidentiality.
Continue Reading 4 Steps to More Effectively Use NDAs to Protect Confidential Information