Orin Kerr writes: The Ninth Circuit Court of Appeals has handed down a groundbreaking decision today on the federal computer hacking law, the Computer Fraud and Abuse Act (CFAA). In HiQ Labs v. LinkedIn, the court held that scraping a public website is likely not a CFAA violation. Under the new decision, violating the CFAA…
Category: Federal
DoD Releases Public Draft of Cybersecurity Maturity Model Certification and Seeks Industry Input
Susan B. Cassidy, Samantha Clark, Ryan Burnette and Ian Brekke of Covington & Burling write: On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within…
Capital One Hack Prosecution Raises New and Old Questions about Adequacy of CFAA
Timothy H. Gray, Ethan Kisch and Michael F. Buchanan of Patterson Belknap write: On August 28, 2019, almost a month after Paige A. Thompson was arrested based on allegations that she hacked into servers rented by Capital One Financial Corporation, a criminal indictment was returned charging her with one count each of computer and wire…
LinkedIn Can’t Block Analytics Company From Scraping Profiles
Wendy Davis reports: LinkedIn can’t rely on a 33-year-old anti-hacking law to prevent prevent the analytics firm HiQ Labs from mining data, a federal appellate court ruled Monday. The ruling, issued by a three-judge panel of the 9th Circuit Court of Appeals, leaves in place an injunction that requires LinkedIn to allow publicly available data…
FTC Takes Tougher Data Security Stance After LabMD Fight
Sara Merken reports: The Federal Trade Commission is issuing specific data security requirements to companies as part of agency settlements, policing businesses more aggressively than before, attorneys and former staff said. Proposed settlements reached this year with LightYear Dealer Technologies LLC, ClixSense.com, Unixiz Inc, and D-Link Systems Inc. show what the FTC is expecting in…
AU: Breach notification rules for new government data scheme, but no consent for sharing
Rohan Pearce reports: New legislation that will enable data collected by public sector agencies to be more easily shared is expected to be accompanied by new rules for data breach notifications, a discussion paper released today by the government said. The government in May 2018 said it would introduce a new data sharing and release…