A recent ruling in Parziale v. HP, Inc., arising out of the implementation by Hewlett-Packard (“HP”) of a remote firmware update on many models of the company’s printers, highlights the potentially broad application of the Computer Fraud and Abuse Act (“CFAA”). It also serves as a reminder to technology companies that when distributing software and firmware updates, they must be mindful of providing specific advance notice that such updates may impact product or computer performance.

The Computer Fraud and Abuse Act

In 1986, Congress enacted the CFAA, reportedly in response to concerns arising from the Matthew Broderick film War Games, in which a teenage computer hacker accesses a U.S. Defense Department computer, unintentionally starts the launch sequence on the U.S. nuclear arsenal thinking it is a computer game, and comes close to starting World War III. Saving us all from annihilation, Broderick teaches the computer that when it comes to global thermonuclear war, “the only winning move is not to play.”

The CFAA is the primary computer crime law in the United States. Over the years, it has been amended several times and has broad application. The CFAA criminalizes fraud and certain other specified activities in connection with unauthorized access to computers. The CFAA also provides for civil remedies based on the same prohibited conduct.
Continue Reading Avoiding Claims Under the Computer Fraud and Abuse Act in Connection with Software and Firmware Updates

“Web scraping” or “web harvesting”—the practice of extracting large amounts of data from publicly available websites using automated “bots” or “spiders”—accounted for 18% of site visitors and 23% of all Internet traffic in 2013. Websites targeted by scrapers may incur damages resulting from, among other things, increased bandwidth usage, network crashes, the need to employ anti-spam and filtering technology, user complaints, reputational damage and costs of mitigation that may be incurred when scrapers spam users, or worse, steal their personal data.

Though sometimes difficult to combat, scraping is quite easy to perform. A simple online search will return a large number of scraping programs, both proprietary and open source, as well as D.I.Y. tutorials. Of course, scraping can be beneficial in some cases. Companies with limited resources may use scraping to access large amounts of data, spurring innovation and allowing such companies to identify and fill areas of consumer demand. For example, Mint.com reportedly used screen scraping to aggregate information from bank websites, which allowed users to track their spending and finances. Unfortunately, not all scrapers use their powers for good. In one case on which we previously reported, the operators of the website Jerk.com allegedly scraped personal information from Facebook to create profiles labeling people “Jerk” or “not a Jerk.” According to the Federal Trade Commission (FTC), over 73 million victims, including children, were falsely told they could revise their profiles by paying $30 to the website.

Website operators have asserted various claims against scrapers, including copyright claims, trespass to chattels claims and contract claims based on allegations that scrapers violated the websites’ terms of use. This article, however, focuses on another tool that website operators have used to combat scraping: the federal Computer Fraud and Abuse Act (CFAA).


Continue Reading Data for the Taking: Using the Computer Fraud and Abuse Act to Combat Web Scraping

In two recent decisions issued within a day of each other, two influential federal courts limited the scope of three important federal laws used to prosecute criminal conduct involving computers.  On April 10, 2012, the Ninth Circuit limited the scope of criminal liability for prosecutions under the Computer Fraud and Abuse Act, and on the