Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
www.solidcounsel.com
www.solidcounsel.com
Computer Fraud & Cybersecurity
 What is fraud?
 Fraud 2.0
 Intersection between computer fraud /
h...
www.solidcounsel.com
Key Computer Fraud Laws
 Computer Fraud and Abuse Act (Federal)
 Breach of Computer Security (Texas...
www.solidcounsel.com
CFAA Overview
 What is the CFAA?
 What Does the CFAA Protect?
 What are the CFAA’s Elements?
 Key...
www.solidcounsel.com
What is the CFAA?
www.solidcounsel.com
The CFAA is …
 Computer Fraud and Abuse Act (CFAA)
 Fed Criminal Law – 18 USC § 1040
 Inspired by ...
www.solidcounsel.com
What does the CFAA Protect?
www.solidcounsel.com
Elements: Broadest CFAA Claim
1. Intentionally access protected
computer;
2. Without authorization or...
www.solidcounsel.com
Protected Computer
“If a device is ‘an electronic … or other high
speed data processing device perfor...
www.solidcounsel.com
Access Crime
CFAA prohibits the access of a
protected computer that is:
 Without authorization, or
...
www.solidcounsel.com
Key Issues: Circuit Split
Trilogy of Access Theories
 Strict Access (2nd, 4th & 9th Cir.)
 Agency (...
www.solidcounsel.com
Key Issues: Civil Remedy
Loss
 $5,000 jurisdictional threshold
 Damage ≠ damages ≠ loss
(or)
Interr...
www.solidcounsel.com
What Qualifies as “Loss”?
 Investigation and response costs
 Forensics investigation
 Diagnostic m...
www.solidcounsel.com
What is Not “Loss”?
 Lost revenue (unless interruption)
 Value of trade secrets
 Lost profits
 Lo...
www.solidcounsel.com
Texas Hacking Laws
 Breach of Computer Security (BCS)
 Criminal law – Tex Penal Code § 33.02
 Harm...
www.solidcounsel.com
Texas Hacking Laws
Key Elements
 knowingly and intentionally accesses a computer,
computer network, ...
www.solidcounsel.com
Key Issues: Effective Consent
Effective Consent
 Spouses do not have effective consent to surreptiti...
Shawn Tuma
Cybersecurity Partner
Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: www.sha...
Upcoming SlideShare
Loading in …5
×

Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes

263 views

Published on

Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes is a presentation that Shawn Tuma delivered to the Intellectual Property Section Track at the State Bar of Texas Annual Meeting in Fort Worth, Texas on June 17, 2016. This presentation focused on the practical "how to" for practitioners to use the Computer Fraud and Abuse Act (CFAA) and the Texas Breach of Computer Security (BCS) and Harmful Access by Computers Act (HACA) statutes to combat privileged-user / insider misuse as well as outsider threats.

Published in: Law
  • Be the first to comment

Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes

  1. 1. www.solidcounsel.com
  2. 2. www.solidcounsel.com Computer Fraud & Cybersecurity  What is fraud?  Fraud 2.0  Intersection between computer fraud / hacking & cybersecurity / data breach  The irony …
  3. 3. www.solidcounsel.com Key Computer Fraud Laws  Computer Fraud and Abuse Act (Federal)  Breach of Computer Security (Texas)  Harmful Access by Computer Act (Texas)  Unauthorized access / “hacking” laws  Focus on the device / network
  4. 4. www.solidcounsel.com CFAA Overview  What is the CFAA?  What Does the CFAA Protect?  What are the CFAA’s Elements?  Key Issues for CFAA Claims
  5. 5. www.solidcounsel.com What is the CFAA?
  6. 6. www.solidcounsel.com The CFAA is …  Computer Fraud and Abuse Act (CFAA)  Fed Criminal Law – 18 USC § 1040  Inspired by War Games  Civil Claim (1994 Amend)  Most important computer fraud / cybersecurity law
  7. 7. www.solidcounsel.com What does the CFAA Protect?
  8. 8. www.solidcounsel.com Elements: Broadest CFAA Claim 1. Intentionally access protected computer; 2. Without authorization or exceeding authorized access; 3. Obtained information from any protected computer; and 4. Victim incurred a loss to one or more persons during any 1-year period of at least $5,000
  9. 9. www.solidcounsel.com Protected Computer “If a device is ‘an electronic … or other high speed data processing device performing logical, arithmetic, or storage functions,’ it is a computer. This definition captures any device that makes use of an electronic data processor, examples of which are legion.” United States v. Kramer, 631 F.3d 900, 901 (8th Cir. 2011)  Protected = connected to the Internet  Online, cloud-type accounts, etc. 
  10. 10. www.solidcounsel.com Access Crime CFAA prohibits the access of a protected computer that is:  Without authorization, or  Exceeds authorized access,  Where the person accessing:  Obtains information  Causes damage  Commits a fraud  Traffics in passwords  Obtains something of value  Commits extortion  Transmits damaging info
  11. 11. www.solidcounsel.com Key Issues: Circuit Split Trilogy of Access Theories  Strict Access (2nd, 4th & 9th Cir.)  Agency (7th Cir)  Intended-Use (1st, 3rd, 5th, 8th, 11th)  U.S. v. John, 597 F.3d 263 (5th Cir. 2010)  Policy Essentials: limit authorization  Cover use of computer and data  Restrict duration (i.e., terminate right)  Restrict purpose (i.e., business use)  Hunn v. Dan Wilson Homes, Inc., 789 F.3d 573 (5th Cir. 2015) (to enforce policies, owner must enforce)
  12. 12. www.solidcounsel.com Key Issues: Civil Remedy Loss  $5,000 jurisdictional threshold  Damage ≠ damages ≠ loss (or) Interruption of service
  13. 13. www.solidcounsel.com What Qualifies as “Loss”?  Investigation and response costs  Forensics investigation  Diagnostic measures  Restoration & replacement  Value of employees’ time  Attorney’s fees if leading investigation (sometimes)
  14. 14. www.solidcounsel.com What is Not “Loss”?  Lost revenue (unless interruption)  Value of trade secrets  Lost profits  Lost customers  Lost business opportunities  Privacy & PII
  15. 15. www.solidcounsel.com Texas Hacking Laws  Breach of Computer Security (BCS)  Criminal law – Tex Penal Code § 33.02  Harmful Access by Computer Act (HACA)  Civil action – Tex Civ Prac Rem § 143.001  Broader language  More claimant friendly than CFAA  Generally follows CFAA on access  Attorney’s fees recoverable  Injunctive relief, maybe exemplary dmgs
  16. 16. www.solidcounsel.com Texas Hacking Laws Key Elements  knowingly and intentionally accesses a computer, computer network, or computer system;  without the effective consent of the owner, or  In violation of clear and conspicuous prohibition or agreement Consent is not effective if:  induced by deception or coercion;  used for a purpose other than that for which the consent was given;  (others excluded)
  17. 17. www.solidcounsel.com Key Issues: Effective Consent Effective Consent  Spouses do not have effective consent to surreptitiously access a partner’s password-protected device that they treat as being the other spouses’ device. Miller v. Talley Dunn Gallery, LLC, 2016 WL 836775 (Tex. App.—Dallas, Mar. 3, 2016)  There was effective consent to access a co-worker’s device that was knowingly left open and unsecured. Knepp v. State, 2009 WL 638249 (Tex. App.—Dallas, March 13, 2009, no pet.)  Privileged users do not have effective consent to misuse their authorized access for non-intended uses such as corrupting files before quitting or taking data to use for a competitor.
  18. 18. Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. Shawn Tuma is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full- service commercial law firm in Texas that represents businesses of all sizes throughout the United States and around the world.  Board of Directors, North Texas Cyber Forensics Lab  Board of Directors & General Counsel, Cyber Future Foundation  Texas SuperLawyers 2015-16 (IP Litigation)  Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)  Council, Computer & Technology Section, State Bar of Texas  Chair, Civil Litigation & Appellate Section, Collin County Bar Association  College of the State Bar of Texas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar of Texas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  North Texas Crime Commission, Cybercrime Committee  Infragard (FBI)  International Association of Privacy Professionals (IAPP)  Information Systems Security Association (ISSA)  Board of Advisors, Optiv Security  Editor, Business Cybersecurity Business Law Blog

×