E-Commerce Law Week, Issued 373

Courts Ponder the Uses, and Limits, of the CFAA as a Civil Cause of Action in Security Suits
With computer security lawsuits on the rise, the federal Computer Fraud and Abuse Act (CFAA) has been getting lots of attention lately.  In fact, three federal courts have weighed in recently on the scope of the statute’s civil cause of action provision, 18 U.S.C. § 1030(g), which allows plaintiffs to recover for certain "losses" caused by unauthorized access to "protected" computer systems (i.e., any computer used in interstate or foreign commerce or communication).  In Schwab & Co., Inc., v. Carter, the U.S. District Court for the Northern District of Illinois, Eastern Division, adopted a broad interpretation of the CFAA, ruling that a claim could proceed against the employer of the person who engaged in the unauthorized access, based on a theory of vicarious liability.  In two other cases, however, the courts limited the scope of the CFAA’s application.  In Civic Center Motors, Ltd., v. Mason Street Import Cars, Ltd., the U.S. District Court for the Southern District of New York held that “losses” are compensable under the CFAA  "only when they result from damage to, or the inoperability of, the accessed computer system."  And, in SecureInfo Corp. v. Telos Corp., the U.S. District Court for the Eastern District of Virginia ruled that the CFAA did not permit a plaintiff to recover damages where there was no actual unauthorized access to a protected computer by the defendants, but merely a  breach of a computer software license agreement. 

Outsourcing Law Enforcement? Congress Considers Making Financial Companies Responsible for Enforcing the Internet Gambling Ban
In the near future, the federal government may be looking to banks and credit card companies to aid in efforts to limit Internet gambling. Specifically, recently proposed legislation would have required banks and credit card companies to block payments to Internet gambling sites, essentially placing the onus on the financial institutions for regulating the gambling activity. Although this particular proposal failed, in the event that such legislation eventually passes, the impact on the banking and credit card companies could be significant. Senator Kyl’s amendment, SA 1718, would have required them to develop procedures through which they would identify and block restricted transactions by means of codes in authorization messages or by other means, and to prevent the acceptance of products or services of the payment system in connection with a restricted transaction. The burden of monitoring each transaction and evaluating whether payment would violate the legislation could be quite costly and time-consuming, and could slow down service to customers. And, of course, there is no logical reason that this approach to online activity need stop with online gambling. Congress could decide to put the burden on banks and credit card companies (or online payment services or auction companies or even ISPs, for that matter) to cut off the flow of funds to off-shore purveyors of other unlawful or objectionable material as well, such as obscene material or child pornography, or to require such companies to authenticate purported merchants who might be fraudsters. Indeed, once Congress gets the hang of outsourcing law enforcement, traditional roles may be hard to recover.

Global Warning to US on Internet Governance
Not long after Hurricanes Katrina and Rita raised attention to the apparent risks associated with global warming, drawing criticism of the Bush Administration position on the issue, the United States finds itself increasing isolated on another international issue -- Internet governance.  On September 30, in Geneva, the third and final meeting of the Preparatory Committee for the World Summit on the Information Society (WSIS) concluded with some rather definitive statements from US allies that they will not support continued US dominance in management of the Internet.  One option that has been mooted (and opposed by the US) is a greater role for the International Telecommunication Union in Internet governance.  This is certain to be hotly debated at the WSIS in Tunisia in December.  The nightmare scenario is that a bad outcome could ultimately lead to competing US and international Internet infrastructures. While such an outcome is unlikely, the US will face a concerted attack on its Internet governance role, and the increasing isolation of the US on a variety of other international issues is likely to make it harder for the US to defend its position.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.