Cyber Attacks and Network Disruptions

The ever-expanding world of technology brings with it the threat of cyber attacks that can affect everything from a personal email account to an entire corporate database. While there are many types of cyber attacks, some of the most common include but may not be limited to, ransomware, scareware, BOTS, viruses, trojans, and malware (i.e., malicious software).

Both federal and state governments have passed legislation to combat the growing threats of cyber attacks. In 1986, the United States Congress passed the Electronic Communications Privacy Act (ECPA), under 18 U.S.C. §§ 2510-2522, which protects wire, oral, and electronic data against unauthorized wiretapping. The ECPA came under criticism for its failure to effectively apply to changing technological advancements, including new methods of storing data. In the same year, Congress passed the Stored Communications Act (SCA), under 18 U.S.C. §§ 2701-2712, which addressed third-party responsibility to release stored information. The SCA calls into discussion people's right to be secure against "unreasonable searches and seizures" under the Fourth Amendment to the United States Constitution where courts compel social networking websites, message boards, and other Internet Service Providers to release privately stored data.

Since 1996, the Computer Fraud and Abuse Act (CFAA), under 18 U.S.C. § 1030, has made it a federal violation to intentionally access a government computer without authorization and obtain protected information. Disrupting federal networks is subject to a fine, imprisonment and even investigation by the United States Secret Service. A subject of constant litigation, the Ninth Circuit recently interpreted the reach of the CFAA in United States v. Nosal. The Ninth Circuit found that employees who access company websites do not violate the CFAA where they have authority to use the websites, even if the employees unlawfully use information they gathered from the website. The USA PATRIOT ACT has since amended the breadth and application of the CFAA in light of related anti-terrorism legislation.

California has specific state legislation to protect against cyber attacks. For example, California Civil Code § 1798.82 compels California citizens and businesses to report any instance of an unauthorized breach in data security. Furthermore, California Penal Code § 502 makes it a criminal offense to intentionally access and alter privately stored data.

So, cyber activity begs the question of whether courts can consider electronically stored data as "personal property" and apply trespass to chattel standards to find damages. In 1996, Thrifty-Tel, Inc. v. Bezenek first introduced the notion that electronic data can be "personal property" subject to protection under tort law. Four years later, in eBay Inc. v. Bidder's Edge, eBay successfully argued that Bidder's Edge trespassed on eBay chattel when it used web crawlers to monitor and gather data. However, the California Supreme Court overruled this holding in 2003 in Intel Corp. v. Hamidi. There, the court found that a former Intel employee's emails to current Intel employees did not constitute a trespass to chattel and was not subject to common law trespass protection.