The Firm recently filed an appellate brief in Herrick v. Grindr along with co-counsel Carrie Goldberg Law PLLC, on behalf of Plaintiff-Appellant Matthew Herrick. Mr. Herrick was the victim of a stalker who used the popular dating App Grindr as a means to stalk him, sending over 1100 men via the App, to his work and home believing that Mr. Herrick had rape fantasies. Mr. Herrick repeatedly went to the police and obtained a restraining order against his stalker to no avail. He appealed to Grindr for help, but they did nothing to help him despite roughly 50 requests. Mr. Herrick then sued Grindr. Grindr invoked what’s known as Communications Decency Act § 230 limited immunity and got the suit dismissed at the trial court level. We look forward to working further with Carrie Goldberg Law on this important case that has attracted significant attention.
The Electronic Privacy Information Center filed an Amicus Brief on our behalf, here’s their web page about the case with links to the relevant documents: https://epic.org/amicus/230/grindr/
Computer Fraud and Abuse Act
Updates and commentary on the “worst law in technology.” The CFAA is a federal civil and criminal statute (18 U.S.C. § 1030) that prohibits unauthorized access or damage to a computer. Whatever that means. We litigate civil and criminal CFAA cases nationally.
Court Upholds Chelsea Manning’s CFAA Convictions
Why the manner in which a system is accessed should have bearing on whether that access was authorized–when a user is otherwise authorized– is not fully explained and raises a host of questions. For instance, if she was authorized to “click through” to the DOD servers, as the court says, why should it matter that she skipped the intermediate step? In other words, why should authorization turn on whether something was directly or indirectly downloaded when the user was authorized to access the servers in question? If I’m authorized to enter a house, does it matter if I go in through the door or a window? Would you ever understand your authorization to enter a place you were allowed to enter to be contingent on the manner you entered that place? The court’s reasoning is conclusory on this point.
A civil CFAA Ticketmaster bot scraping case that made it past the motion to dismiss stage
The case has a useful summary of the circuit split (a disagreement as to the interpretation of federal law between the different federal appeals courts nationally) on the scope of CFAA loss. This just serves as another reminder as to what an interpretive mess the CFAA is. There are circuit splits on the meaning of its three key, operative terms: Authorization; Damage; and Loss. We’re planning on spending our July writing about it and will keep you posted when we have something fun to read.
An update on U.S. v. Nosal in the Ninth Circuit
The District Court in that case issued a new restitution order after the last remand from the Ninth Circuit. Don’t confuse criminal restitution with CFAA Loss. They’re two different things.
Computer Crime & Procedure
Non-CFAA Computer Crime. You know, identity theft, access device fraud, cyberstalking, internet speech, and the like. It’s the wild wild west out there, and we’ve seen some weird stuff.
Call of Duty “Swatting” Indictment
On the “Swatting” Indictment: While we think the Swatting behavior at issue here to be stupid, dangerous, and worthy of some sort of punishment, we think the Indictment is dangerous because of its potential implications beyond the four corners of this case.
Controversial Cyber Crime Bill Vetoed by Georgia’s Governor
The poorly drafted bill provided for expansive liability beyond even the broad parameters of the CFAA. It’s murky standards potentially criminalized a large amount of legitimate information security research. It also legalized “hacking back” attacks, where someone who’s system has been hacked attacks the attacker.
Cybersecurity and Data Breaches
Your behavioral response to the breach can be far more damaging than the hack itself. That’s because your business reputation and legal and regulatory standing are on the line.
The European Union’s GDPR Rules
They Might Apply to You Too
You’ve probably seen a barrage of emails in the last few days from websites and other services announcing changes to their privacy policies. They arise as a result of changes to the European Union’s data protection rules, the General Data Protection Regulation (GDPR). If your business offers goods or services in the EU, it might have to comply as well, even if you have no physical presence in the EU.
What We’re Reading
Rachel Kushner’s “The Mars Room.” Kushner’s latest novel of life in a California women’s prison.
Emilie Morin’s “Beckett’s Political Imagination.” Morin dispells the myth that Samuel Beckett’s works aren’t political.
Michel de Montaigne’s “Essays” We can’t believe we waited this long to read these pithy and acute observations.
What We’re Looking At
At the Met Breuer: “Like Life: Sculpture, Color, and the Body.” A stunning survey of western sculpture grouped by subject, including a life size sculpture of utilitarian and panopticon theorizer Jeremy Bentham containing his skeleton.
I’m getting asked a lot of questions about the Assange indictment because it involves the Computer Fraud and Abuse Act. And extradition. Two things we’ve got some experience with through representing Lauri Love and others.