Privacy and Cybersecurity

The COVID-19 crisis has presented an array of novel issues for companies, including new and unexpected cybersecurity threats. In addition to the now well-known security limitations of video platforms such as Zoom, we are seeing cyber-attacks in the form of COVID-19 related phishing attempts and ransomware attacks. In at least some of these attempted hacks, cybercriminals are hoping to steal trade secrets.

  • Cybercriminals are taking advantage of the novel at-home working environment and the increased fear and uncertainty surrounding the pandemic to launch malware and phishing attacks related to COVID-19.
  • Employees may be more likely to click a link or open an attachment, even though they would never consider doing so in a normal situation at work.
  • Therefore, malware may pose more of a danger than it did when employees primarily accessed their email over their employers’ traditionally more protected systems.
  • Companies should consider putting employees on notice about the COVID-19 related phishing attempts and provide examples of common scams.


Continue Reading COVID-19 and the Unique Opportunity for Phishing

On April 20, 2020, the Supreme Court granted cert in Van Buren v. United States, to resolve an important circuit split over the meaning of “authorized access” under the Computer Fraud and Abuse Act (CFAA). This is the Court’s first foray into analyzing the precise contours of CFAA liability. Van Buren may have far-reaching implications for any individual or business operating in the digital domain, as the scope of civil and criminal liability under the CFAA can impact just about any sort of relationship involving access to computer systems, whether it be employer-employee relationships or third-party relationships.

The CFAA was enacted in 1986 as a first-of-its-kind statute designed to combat computer-related crimes, and has become an important and powerful tool for not only for the government but any business seeking to protect its intellectual property and computer systems. The CFAA imposes criminal liability on any person who “intentionally accesses a computer without authorization” or “exceeds authorized access” and, in doing so, obtains information from any protected computer. The CFAA also provides a civil cause of action for similar conduct. See 18 U.S.C. §§ 1030(a)(2), 1030(a)(4), 1030(a)(5)(B)-(C).
Continue Reading “Authorized Access”: The Supreme Court’s First Foray Into The Computer Fraud and Abuse Act

Companies and other organizations increasingly must face serious and complex threats to their business and infrastructure.  Whether the threat is trade secret theft, rogue insiders, cybercrime adversaries, aggressive competitors, or misconduct by business and supply chain partners, companies should remain constantly vigilant and defense ready. Adversaries, including especially cybercriminals operating exclusively in the digital domain, are often highly motivated, sophisticated, resourced, and innovative. The opaque, pervasive, and global nature of modern digital networked environments presents opportunities for criminals. The sophistication and relentless creativity of these bad actors pose significant challenges to companies and law enforcement agencies in being able to detect, assess, mitigate, attribute, and deter these threats. Because available tools and real-world practices to address these threats often outpace the law, companies are called upon to develop their own comprehensive approaches to investigate and remediate these forms of risk. In doing so, companies must be willing to assume a certain level of risk to effectively investigate and obtain sufficient insight to counter the problems.
Continue Reading Complex Threat Investigations: Tips for Investigating Trade Secret Misappropriation and Other Digital Crimes

Chinese national and materials scientist Hongjin Tan has pled guilty to stealing from his former employer Phillips 66 (“Phillips”) more than $1 billion in trade secrets related to next generation battery technology.

DOJ announced Tan’s guilty plea this week which revealed that he copied substantial research and development files that he knew contained protected company

We invite you to join Crowell & Moring’s second installment of our “Safeguarding Your Secrets in the Digital Age” webinar series: Reasonable Precautions to Protect Trade Secrets in The Digital Age, taking place on Tuesday, October 8th at 12:00 pm (EDT).

During this webinar, Crowell & Moring Counsel Kate Growley and Julia Milewski

Applying the trade secret label to diversity initiatives is growing in popularity in recent years.

This issue has arisen in the context of public records requests, as companies with government contracts are subject to the Labor Department’s anti-discrimination arm and are required to provide diversity information in the form of EEO-1 reports. Several companies have

On January 25, 2019, the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corp. ruled unanimously that plaintiffs do not need to allege “some actual injury or adverse effect” in order to challenge alleged violations of Illinois’ Biometric Information Privacy Act (BIPA). In so doing, the Supreme Court expressly held that the loss of