Computer Fraud and Abuse – United States v. Nosal; Facebook v. Vachani

August 25, 2016 - from DisputeSoft

Two cases recently coming out of the 9th Circuit Court of Appeals decided issues related to the Computer Fraud and Abuse Act (CFAA) and “access without authorization.” United States v. Nosal, a criminal case, involved a former employee accessing a computer system with borrowed login credentials from a current employee. Facebook v. Vachani, a civil case, involved a different social media outlet accessing Facebook’s computer system on the basis of user-granted access. In both cases, the Court decided that the parties accessed the system “without authorization,” despite being given “authorization” by a user or other authorized party. Specifically, the Court decided:

(1) In Nosal, a former employee whose access credentials have been revoked acts without authorization when the employee knowingly accesses a computer system using a borrowed login credential; and

(2) In Facebook, a third party who has been granted access by a user does not receive authority to access the entire system, but only to the user’s account; and receiving a cease and desist letter renders a party liable for CFAA violation for continued use.


These decisions make a case for the notion of dual authorization regarding access to computer systems and accounts. Access is not authorized when either: (1) permission has been explicitly revoked and a party continues to access the system with borrowed credentials; or (2) a party knowingly continues to access a computer system based solely on permission from a user. This represents the multi-dimensional nature of access; it is granted by either a user to a user’s account, or by the system’s owner to the entire system. Permission to access must originate from the party with the authority to grant access to the thing for which access is sought. Many articles discuss these cases in the context of password sharing practices with respect to Netflix and HBOGo accounts, and how password sharing may now be considered a federal crime under CFAA.

Read more about the United States v. Nosal decision here
Read more about the Facebook v. Vachani decision here

Tata Consultancy Services and Orange County, CA Settle Marathon Software Failure Suit for $26M

August 24, 2016 - from Orange County Executive Office

On August 19, Orange County, California received notification that India’s largest IT firm, Tata Consultancy Services, had wired $26 million to the County Treasurer-Tax Collector, officially ending a 3-year lawsuit between the two parties. More than 6 years ago, Orange County hired Tata to replace the county’s automated property tax system by 2010. After a 3-year extension plagued by delays, Orange County terminated the contract and sued Tata over the failed project, alleging fraud. Orange County claimed the IT firm had lied about its capabilities and was intentionally stretching out the contract in an attempt to make more money. The $26 million settlement is the largest amount recovered by the county in more than 20 years.

Read the Press Release here
Read the Settlement Agreement here

What Every Attorney Needs to Know about Computer Forensics, Part 3: What Criminal Defense Attorneys Need to Know about Computer Forensics

July 6, 2016 - from DisputeSoft's G. Hunter Jones

When our computer forensics experts are engaged on a criminal case, our client is almost always counsel for the defense. Most law enforcement jurisdictions have in-house Computer Forensics specialists; thus most of our forensic engagements come from defense counsel rather than the prosecution. Thus, most of the work performed by our Computer Forensics experts is directed toward rebutting or challenging evidence presented by the prosecution.

Evidence derived from Computer Forensics can come from a wide array of sources – computers, tablets, smart phones, cameras (including surveillance cameras), GPS units, cell towers, or any other digital device that tracks and retains information about its user or its user’s activities. This information can be used to show where a person was at a specific time, what the person searched for, looked at, or took pictures of, who the person corresponded with and what he/she said, and, in the case of surveillance footage, exactly what a person was doing at a specific time in a specific place. TV crime shows usually tell us how such information is used by law enforcement to find and convict perpetrators, but sometimes such evidence can aid the defense by demonstrating, e.g., alibi, or rebutting the prosecution’s theory by showing that it has misinterpreted the forensic evidence.

In many cases, the best defense-related evidence comes from data overlooked or misinterpreted by the prosecution. Consider the following situations, which DisputeSoft forensic experts regularly encounter during their investigations:

• Alibi evidence – At the time of an alleged robbery, the defendant was online at his home computer updating his own website, adding material clearly of his own theme and style. Capturing this evidence from his computer and from the website showed that he was posting those updates and not committing the robbery at the time in question;
• Alibi evidence – During the evening of a charged assault, usage and activity data in the alleged victim’s laptop showed that she was so busy with online games, social media, and e-mail that there was no time at which she could have been attacked as claimed;
• Interpretation of evidence – The prosecution relied on cell-tower data to show that the defendant was in the vicinity of the crime. However, an independent review of the data showed that the prosecution’s cell tower analysis ignored the sector information, which shows in which direction the user of the phone was located from the tower. In fact, while the cell-tower data shows that the defendant was in the vicinity, it also shows that that the he was in a sector well removed from the specific site of the robbery.

When the defense needs to rebut or challenge forensic evidence presented by the prosecution, analysis by a computer forensics defense expert can provide essential information about a person’s activities and location at a particular date and time.

However, more often than not, the prosecution’s forensic digital evidence is compelling, and the defendant is far more likely to be convicted than he has recognized. In such cases, the forensic defense expert’s greatest value is in assisting defense counsel to understand the forensic evidence and how it is likely to be seen by the trier of fact. Sometimes, the greatest value of the defense expert is to assist defense counsel in persuading the defendant to seek a reasonable plea, rather than going to trial.

DisputeSoft has been involved in such an outcome on a wide range of criminal cases, such as cases involving collecting and trafficking in pirated movies (and similarly with child pornography), creating a false identity on social networks to use in seeking underage partners, and destroying digital evidence in order to conceal illegal activity.