Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes

www.solidcounsel.com
Computer Fraud & Cybersecurity
 What is fraud?
 Fraud 2.0
 Intersection between computer fraud /
hacking & cybersecurity / data breach
 The irony …

Key Computer Fraud Laws
 Computer Fraud and Abuse Act (Federal)
 Breach of Computer Security (Texas)
 Harmful Access by Computer Act (Texas)
 Unauthorized access / “hacking” laws
 Focus on the device / network

CFAA Overview
 What is the CFAA?
 What Does the CFAA Protect?
 What are the CFAA’s Elements?
 Key Issues for CFAA Claims

What is the CFAA?

The CFAA is …
 Computer Fraud and Abuse Act (CFAA)
 Fed Criminal Law – 18 USC § 1040
 Inspired by War Games
 Civil Claim (1994 Amend)
 Most important computer fraud /
cybersecurity law

What does the CFAA Protect?

Elements: Broadest CFAA Claim
1. Intentionally access protected
computer;
2. Without authorization or exceeding
authorized access;
3. Obtained information from any
protected computer; and
4. Victim incurred a loss to one or more
persons during any 1-year period of at
least $5,000

Protected Computer
“If a device is ‘an electronic … or other high
speed data processing device performing
logical, arithmetic, or storage functions,’ it is
a computer. This definition captures any
device that makes use of an electronic data
processor, examples of which are legion.”
United States v. Kramer, 631 F.3d 900, 901 (8th Cir. 2011)
 Protected = connected to the Internet
 Online, cloud-type accounts, etc. 

Access Crime
CFAA prohibits the access of a
protected computer that is:
 Without authorization, or
 Exceeds authorized access,
 Where the person accessing:
 Obtains information  Causes damage
 Commits a fraud  Traffics in passwords
 Obtains something of value  Commits extortion
 Transmits damaging info

Key Issues: Circuit Split
Trilogy of Access Theories
 Strict Access (2nd, 4th & 9th Cir.)
 Agency (7th Cir)
 Intended-Use (1st, 3rd, 5th, 8th, 11th)
 U.S. v. John, 597 F.3d 263 (5th Cir. 2010)
 Policy Essentials: limit authorization
 Cover use of computer and data
 Restrict duration (i.e., terminate right)
 Restrict purpose (i.e., business use)
 Hunn v. Dan Wilson Homes, Inc., 789 F.3d 573 (5th Cir.
2015) (to enforce policies, owner must enforce)

Key Issues: Civil Remedy
Loss
 $5,000 jurisdictional threshold
 Damage ≠ damages ≠ loss
(or)
Interruption of service

What Qualifies as “Loss”?
 Investigation and response costs
 Forensics investigation
 Diagnostic measures
 Restoration & replacement
 Value of employees’ time
 Attorney’s fees if leading
investigation (sometimes)

What is Not “Loss”?
 Lost revenue (unless interruption)
 Value of trade secrets
 Lost profits
 Lost customers
 Lost business opportunities
 Privacy & PII

Texas Hacking Laws
 Breach of Computer Security (BCS)
 Criminal law – Tex Penal Code § 33.02
 Harmful Access by Computer Act (HACA)
 Civil action – Tex Civ Prac Rem § 143.001
 Broader language
 More claimant friendly than CFAA
 Generally follows CFAA on access
 Attorney’s fees recoverable
 Injunctive relief, maybe exemplary dmgs

Texas Hacking Laws
Key Elements
 knowingly and intentionally accesses a computer,
computer network, or computer system;
 without the effective consent of the owner, or
 In violation of clear and conspicuous prohibition or
agreement
Consent is not effective if:
 induced by deception or coercion;
 used for a purpose other than that for which the
consent was given;
 (others excluded)

Key Issues: Effective Consent
Effective Consent
 Spouses do not have effective consent to surreptitiously access
a partner’s password-protected device that they treat as being
the other spouses’ device. Miller v. Talley Dunn Gallery, LLC,
2016 WL 836775 (Tex. App.—Dallas, Mar. 3, 2016)
 There was effective consent to access a co-worker’s device that
was knowingly left open and unsecured. Knepp v. State, 2009
WL 638249 (Tex. App.—Dallas, March 13, 2009, no pet.)
 Privileged users do not have effective consent to misuse their
authorized access for non-intended uses such as corrupting
files before quitting or taking data to use for a competitor.

Shawn Tuma
Cybersecurity Partner
Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: www.shawnetuma.com
web: www.solidcounsel.com
This information provided is
for educational purposes only,
does not constitute legal
advice, and no attorney-client
relationship is created by this
presentation.
Shawn Tuma is a business lawyer with an internationally recognized
reputation in cybersecurity, computer fraud and data privacy law. He is a
Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-
service commercial law firm in Texas that represents businesses of all
sizes throughout the United States and around the world.
 Board of Directors, North Texas Cyber Forensics Lab
 Board of Directors & General Counsel, Cyber Future Foundation
 Texas SuperLawyers 2015-16 (IP Litigation)
 Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)
 Council, Computer & Technology Section, State Bar of Texas
 Chair, Civil Litigation & Appellate Section, Collin County Bar
Association
 College of the State Bar of Texas
 Privacy and Data Security Committee, Litigation, Intellectual
Property Law, and Business Sections of the State Bar of Texas
 Information Security Committee of the Section on Science &
Technology Committee of the American Bar Association
 North Texas Crime Commission, Cybercrime Committee
 Infragard (FBI)
 International Association of Privacy Professionals (IAPP)
 Information Systems Security Association (ISSA)
 Board of Advisors, Optiv Security
 Editor, Business Cybersecurity Business Law Blog

Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes

More Related Content

What's hot

Similar to Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes

More from Shawn Tuma

Recently uploaded

Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes