The Computer Fraud and Abuse Act (18 U.S.C. 1030) was intended to criminalize criminal hacking into protected computers. However, one of its effects (unintended -?) was to create a private cause of action which is very easy to bring in today’s business environment. Essentially, in almost any commercial dispute where a computer is or has been involved to store or process relevant (and important) information, a litigant may raise a CFAA claim merely arguing that the opposing party "exceeded authorization" when accessing information  stored on a computer and can therefore be liable under CFAA for damages if the damages exceed $5,000.

In the past, courts have struggled to decide what exactly constitutes damages under CFAA. For example, we have discussed cases  holding that lost productivity constitutes damages while lost profits does not. A recent case from the Fifth Circuit fleshes the damages argument a little bit further. In Fiber Systems Intl v. Roehrs, the Fifth Circuit held that hiring a data loss consultant for a cost of $26,000 to analyze potential loss of information after defendants allegedly copied information on their way out of the company does constitute damages under CFAA and satisfies the $5,000 minimum.

Fiber Sys. Int’l v. Roehrs, 470 F.3d. 1150. Full opinion.

No Responses to “More on CFAA Damages”

No comments yet

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>