On April 20, 2020, the Supreme Court granted cert in Van Buren v. United States, to resolve an important circuit split over the meaning of “authorized access” under the Computer Fraud and Abuse Act (CFAA). This is the Court’s first foray into analyzing the precise contours of CFAA liability. Van Buren may have far-reaching implications for any individual or business operating in the digital domain, as the scope of civil and criminal liability under the CFAA can impact just about any sort of relationship involving access to computer systems, whether it be employer-employee relationships or third-party relationships.

The CFAA was enacted in 1986 as a first-of-its-kind statute designed to combat computer-related crimes, and has become an important and powerful tool for not only for the government but any business seeking to protect its intellectual property and computer systems. The CFAA imposes criminal liability on any person who “intentionally accesses a computer without authorization” or “exceeds authorized access” and, in doing so, obtains information from any protected computer. The CFAA also provides a civil cause of action for similar conduct. See 18 U.S.C. §§ 1030(a)(2), 1030(a)(4), 1030(a)(5)(B)-(C).
Continue Reading “Authorized Access”: The Supreme Court’s First Foray Into The Computer Fraud and Abuse Act

Companies and other organizations increasingly must face serious and complex threats to their business and infrastructure.  Whether the threat is trade secret theft, rogue insiders, cybercrime adversaries, aggressive competitors, or misconduct by business and supply chain partners, companies should remain constantly vigilant and defense ready. Adversaries, including especially cybercriminals operating exclusively in the digital domain, are often highly motivated, sophisticated, resourced, and innovative. The opaque, pervasive, and global nature of modern digital networked environments presents opportunities for criminals. The sophistication and relentless creativity of these bad actors pose significant challenges to companies and law enforcement agencies in being able to detect, assess, mitigate, attribute, and deter these threats. Because available tools and real-world practices to address these threats often outpace the law, companies are called upon to develop their own comprehensive approaches to investigate and remediate these forms of risk. In doing so, companies must be willing to assume a certain level of risk to effectively investigate and obtain sufficient insight to counter the problems.
Continue Reading Complex Threat Investigations: Tips for Investigating Trade Secret Misappropriation and Other Digital Crimes

On September 23rd, 2019, the District Court for the District of Colorado awarded Atlas Biologicals, Inc. a total of $2 million against Defendant Thomas Kutrubes and his company, Peak Serum, Inc. Kutrubes, a part owner and former employee of Atlas, was found liable for trademark infringement, misappropriation of trade secrets, and breach of fiduciary duty.

On May 10, 2019, the Delaware Chancery Court issued an opinion adopting a “narrow approach” in interpreting Section 1030(a)(2)(C) of Computer Fraud and Abuse Act (CFAA). Section 1030(a)(2)(C) imposes liability on a person who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains… information from any protected computer.” 18 U.S.C. §

The Federal Reserve is prepared to ratchet up the penalty for bankers caught misappropriating their employer’s trade secrets. Although bankers were already subject to civil liability under state laws governing trade secrets and breach of contract, the Federal Reserve now appears willing to subject guilty bankers to an outright ban from working with any institution