by ·0 Comments

A civil CFAA claim for damages requires damage to computers, systems, or data Schatzki v. Weiser Capital Mgmt, LLC, 2012 WL 2568973 (S.D.N.Y. July 3, 2012)

As I said in a previous post, we are seeing more activity dealing with the Computer Fraud and Abuse Act (CFAA).  The CFAA is both a criminal and civil statute.  The CFAA imposes criminal penalties on someone who  “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer”  or “intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.”  A civil claim is available if, in addition to establishing the elements of a criminal violation, the plaintiff can show “damage or loss” as a result of the violation.  The damage or loss must be at least $5,000.00.

Schatzki is the latest case to read the terms “damage” and “loss” narrowly.  The defendants in the case allegedly obtained information from plaintiff’s computer systems without authorization and trafficked in computer passwords.  This access enabled the defendants to obtain valuable private and confidential information about the plaintiff’s clients, the plaintiffs said.  As a result, the plaintiffs had to hire consultants and incur legal fees.

The court said that the plaintiffs did not show the required “damage” or “loss,” and here’s why.  The plaintiffs failed to allege that the defendants’ access to the computer system damaged the data accessed or the system itself, or that the costs to recover the system/data exceeded $5,000.  The court also would not allow the plaintiffs to base their CFAA claim on other kinds of damages like lost profits, invasion of privacy, trespass to personal property, or misappropriation of confidential data.

LegalTXT Lesson: Quantify your damages if you are bringing a civil claim under the CFAA.  Also, remember that the CFAA is more in the nature of an anti-hacking statute than an anti-misappropriation statute.  Attempts to seek damages under the CFAA on a theory that someone gained access to electronic information and used it for improper purposes might not go very far.

by ·0 Comments

Not knowing others can see your Facebook comments doesn’t mean you can sue for invasion of privacy. —  Sumien v. Careflite, 2012 WL 2579525 (Tex. Ct. App. July 5, 2012)

This case goes into the category of “what you don’t know can hurt you.”  Two emergency medical technicians (Sumien and Roberts) had an exchange on the Facebook wall of another co-worker in which they made derogatory comments about a patient they had transported via ambulance.  Haynes, the sister of a compliance officer of employer of the two technicians (CareFlite), saw Roberts’ comments and was offended.  Haynes notified her sister (Calvert), who had access to the comments because she was Facebook friends with Roberts.  After Haynes complained to the management of CareFlite, Sumien and Roberts were terminated.  They sued CareFlite for unlawful termination and invasion of privacy.  The trial court granted summary judgment to CareFlite on all claims, and one of the technicians (Sumien) appealed.  The only issue in the appeal was whether the trial court should have granted summary judgment on the intrusion upon seclusion claim.

One of the requirements of an “intrusion into seclusion” claim is, unsurprisingly, an intentional intrusion into the seclusion or private affairs of another.  Sumien argued that CareFlite intruded upon his seclusion because one of its employees read his comments.  Sumien claimed to be unaware that Roberts’ Facebook friends (including Calvert) could see the comments he posted on Roberts’ wall.  Too bad, said the court.  The comments were visible to the Roberts’ friends, and so there was no intrusion into a private matter.

LegalTXTS Lesson: Know your privacy settings, and think through who could see what you share in the social media space.  This seems rather obvious, but then again, there are those who don’t do this and then claim their privacy is invaded.  The other point is that a intrusion into seclusion claim based on material posted on a social media network probably is difficult to win.  Some courts, like the one who ordered Twitter to comply with a subpoena last week, simply don’t regard posts on social media private at all.