Event Title
Standing Under the Computer Fraud and Abuse Act
Speaker Bio
Michael O'Connor is the global head of litigation for a major financial technology company. From 2018 to 2019, he taught tech law courses at Penn State University Park. Before that, he litigated technically focused cases at major D.C. law firms for clients including Daimler, Sony, U.S. Steel, and Barnes & Noble. His scholarship focuses on applying traditional legal principles to modern technical statutes and situations. He is a 2009 graduate of the University of Pennsylvania Law School and 2005 graduate of Penn State University. Following law school graduation, he clerked for Judge D. Brooks Smith on the U.S. Court of Appeals for the Third Circuit.
Presentation Type
Article
Start Date
20-3-2020 10:00 AM
End Date
20-3-2020 10:30 AM
Description
The Computer Fraud and Abuse Act (CFAA) provides civil and criminal penalties for computer intrusion. Current scholarship seeks to determine when a putative defendant has accessed a system without authorization. But no academic articles address who can bring suit for the intrusion. The system owner seems the natural complainant; after all, the CFAA punishes cyber-trespass. But the few courts to address the issue thus far have come to a surprising and contrary conclusion: anyone with confidential information on the system may bring suit. This turns the CFAA from a cyber-trespass statute into a more expansive tool, guarding against trade secret theft and other offenses normally governed by very different caselaw. Resolving this question has profound implications in an era when confidential documents get routinely stored on Dropbox, Google Drive, Amazon Web Services, and similar platforms. This Article will examine whether courts are correct to accord such broad standing to complainants and whether this comports with the Supreme Court’s views on constitutional standing. This Article will also consider whether this broad concept of CFAA standing makes sense in light of the statute’s history and purpose, and what effect it has on ideas about digital ownership generally.
Standing Under the Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act (CFAA) provides civil and criminal penalties for computer intrusion. Current scholarship seeks to determine when a putative defendant has accessed a system without authorization. But no academic articles address who can bring suit for the intrusion. The system owner seems the natural complainant; after all, the CFAA punishes cyber-trespass. But the few courts to address the issue thus far have come to a surprising and contrary conclusion: anyone with confidential information on the system may bring suit. This turns the CFAA from a cyber-trespass statute into a more expansive tool, guarding against trade secret theft and other offenses normally governed by very different caselaw. Resolving this question has profound implications in an era when confidential documents get routinely stored on Dropbox, Google Drive, Amazon Web Services, and similar platforms. This Article will examine whether courts are correct to accord such broad standing to complainants and whether this comports with the Supreme Court’s views on constitutional standing. This Article will also consider whether this broad concept of CFAA standing makes sense in light of the statute’s history and purpose, and what effect it has on ideas about digital ownership generally.