Cover Image

Not for Sale



View/Hide Left Panel
Click for next page ( 28


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 27
27 Thus, the section "outlaws illegal entry, not larceny."303 the CFAA have broader applicability as the Act applies A person with authorized access to a database does not to "damage caused by unauthorized access or access in violate the section no matter how malicious or larce- excess of authorization to a computer system...."317 For nous the intended use of that access.304 example, the statute applies to anyone who "intention- Communications are in electronic storage within the ally accesses a computer without authorization or ex- meaning of the SCA even when "the storage is transi- ceeds authorized access, and thereby ob- tory and lasts for only a few seconds."305 Moreover, in- tains...information from any protected computer if the formation stored on a server and conveyed from a pri- conduct involved an interstate or foreign communica- vate Web site to users is subject to the SCA,306 as well as tion...."318 The CFAA is applicable also to anyone who information held temporarily in random access mem- knowingly and with intent to defraud, accesses a pro- 307 ory. tected computer without authorization, or exceeds author- In In re Intuit Privacy Litigation,308 the plaintiffs al- ized access, and by means of such conduct furthers the in- leged that the defendant implanted "cookies" on their tended fraud and obtains anything of value, unless the computer hard drives when they visited certain Web object of the fraud and the thing obtained consists only of sites. The court held that for there to be a violation of the use of the computer and the value of such use is not 319 Section 2701, a defendant need not "be a third party to more than $5,000 in any 1-year period... an electronic communication [that] eventually [is] in The Act is applicable also to anyone, inter alia, who electronic storage in a facility" or even that there be a "knowingly causes the transmission of a program, in- communication at all with the defendant.309 All that is formation, code, or command, and as a result of such required for a violation of the statute is the defendant's conduct, intentionally causes damage without authori- "act of accessing electronically stored data."310 Although zation, to a protected computer," or who "intentionally presumably not applicable to transit agencies and real- accesses a protected computer without authorization" time data, Section 2702(a) of the SCA prohibits volun- and recklessly causes damage or causes damage320 and tary disclosure of a customer's electronic data by per- by such conduct caused or would have caused "loss to 1 sons or entities providing an electronic communication or more persons during any 1-year period...aggregating service311 or providing a remote computing service to the at least $5,000 in value...."321 public. Although the term "damage" under the statute Although the SCA provides for criminal liability, an means "any impairment to the integrity or availability aggrieved party may bring a civil action for a violation of data, a program, a system, or information,"322 a defen- of the Act, subject to a 2-year statute of limitations,312 dant's alleged access to and disclosure of trade secrets and recover actual damages and "any profits made by a may constitute "an impairment [of] the integrity of 313 violation," plus "attorney's fees and other litigation data...or information."323 Moreover, the unauthorized 314 costs." If damages are awarded, the amount is to be access to or disclosure of information may constitute an 315 for no less than $1,000. impairment even though there was no physical change in or erasure of data.324 B. Computer Fraud and Abuse Act Some courts have found that a license that prohibits The Computer Fraud and Abuse Act (CFAA),316 a using a Web site or online database for a certain pur- somewhat complicated statute, appears to be directed pose may subject someone to a Section 1030(a)(2)(c) primarily at the prevention of unauthorized disclosure claim if the party, nevertheless, accesses information of data involving the national defense or foreign rela- online and uses it for a purpose for which the party had tions of the United States. However, other provisions of agreed not to use the information.325 Moreover, it has been held that a violation of a subscription agreement, 303 such as the unauthorized sharing of a subscriber's con- Sherman, 94 F. Supp. 2d at 821. 304 Id. 317 305 Charles Schwab & Co., Inc. v. Carter, 2005 U.S. Dist. Columbia Pictures, Inc. v. Bunnell, 245 F.R.D. 443, 450 LEXIS 5611, at *9 (N.D. Ill. 2005). (C.D. Cal. 2007) (citation omitted). 318 306 18 U.S.C. 1030(a)(2)(c) (2009). Steiger, 318 F.3d at 1047 (citing Konop v. Hawaiian Air- 319 lines, Inc., 302 F.3d 868, 876 (9th Cir. 2002)). Id. 1030(a)(4) (2009). 320 307 Columbia Pictures, Inc., 245 F.R.D. at 446 (a ruling in- Id. 1030(a)(5)(i), (ii), and (iii) (2009). 321 volving discovery). Id. 1030(a)(5)(B) (2009). 308 322 138 F. Supp. 2d 1272 (C.D. Cal. 2001). Id. 1030(e)(8) (2009). 309 323 Id. at 127576. Shurguard Storage Ctrs., Inc. v. Safeguard Self Storage, 310 Id. at 1276 (footnote omitted). Inc., 119 F. Supp. 2d 1121, 1126 (W.D. Wash. 2000) (holding 311 that the plaintiff's complaint stated a claim and denying de- Sherman & Co., 94 F. Supp. 2d at 820. 312 fendant's motion to dismiss). 18 U.S.C. 2707(f) (2009). 324 313 Id. Id. 2707(c) (2009). 325 314 See, e.g., EF Cultural Travel BV v. Explorica, Inc., 274 Id. 2707(b)(3) (2009). F.3d 577 (1st Cir. 2001), and Register.com v. Verio, 356 F.3d 315 Id. 2707(c) (2009). 393 (2d Cir. 2004) (plaintiff failed to show $5,000 in damage as 316 Id. 1030 (2009), et seq. required by statute).