California Comprehensive Computer Data Access and Fraud Act

Last updated March 17, 2019

The California Comprehensive Computer Data Access and Fraud Act is in §502 of the California Penal Code.

The Penal Code of California forms the basis for the application of criminal law in the American state of California. It was originally enacted in 1872 as one of the original four California Codes, and has been substantially amended and revised since then.

The Comprehensive Computer Data Access and Fraud Act (Penal Code Section 502) affords protection to individuals, businesses, and governmental agencies from tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems. It allows for civil action against any person convicted of violating the criminal provisions for compensatory damages. [1]

Penalties Under the CCCDAFA:

According to the California Comprehensive Computer Data Access and Fraud Act, violations of the law are subject to criminal penalties. For violating some of the more major premises of the Act, the punishment can be up to a $10,000 fine and a 3-year prison term. [2]

Notable cases:

'People v. Hawkins' (2002) [3] [4]
- Hawkins had source code from his previous employer on his home machine. [3]
'Facebook v. ConnectU', LLC, (2007) [5]
- ConnectU gathered Facebook data using bots [6]
Facebook, Inc. v. Power Ventures, Inc.
- Power Ventures scraped data from Facebook [5]
Facebook, Inc. v. John Does 1-10 (2007) [7] [8]
- Various people, including some associated with Istra Holdings, scraped Facebook for data. [7]
SCEA v. George Hotz et al. (2011)
- Jailbreaking of the PlayStation 3 by George Hotz & associates of fail0verflow
George Francis Hotz, alias geohot, is an American hacker and creative consumer known for unlocking the iPhone, allowing the phone to be used with other wireless carriers, contrary to AT&T's and Apple's intentions. He developed the limera1n jailbreak tool and bootrom exploit for iOS. He is also noted for his technical efforts and publicity with reverse engineering the PlayStation 3 video game console, and for subsequently being sued by and settling with Sony. As of September 2015, he is working on his vehicle automation machine learning company comma.ai.

ConnectU was a social networking website launched on May 21, 2004, that was founded by Harvard students Cameron Winklevoss, Tyler Winklevoss, and Divya Narendra in December 2002. Users could add people as friends, send them messages, and update their personal profiles to notify friends about themselves. Users were placed in networks based upon the domain name associated with the email address they used for registration.

Facebook, Inc. v. Power Ventures, Inc. is a lawsuit brought by Facebook in the United States District Court for the Northern District of California alleging that Power Ventures Inc., a third-party platform, collected user information from Facebook and displayed it on their own website. Facebook claimed violations of the CAN-SPAM Act, the Computer Fraud and Abuse Act ("CFAA"), and the California Comprehensive Computer Data Access and Fraud Act. According to Facebook, Power Ventures Inc. made copies of Facebook's website during the process of extracting user information. Facebook argued that this process causes both direct and indirect copyright infringement. In addition, Facebook alleged this process constitutes a violation of the Digital Millennium Copyright Act ("DMCA"). Finally, Facebook also asserted claims of both state and federal trademark infringement, as well as a claim under California's Unfair Competition Law ("UCL").

PlayStation 3 seventh-generation and third home video game console developed by Sony Interactive Entertainment

The PlayStation 3 (PS3) is a home video game console developed by Sony Computer Entertainment. It is the successor to PlayStation 2, and is part of the PlayStation brand of consoles. It was first released on November 11, 2006, in Japan, November 17, 2006, in North America, and March 23, 2007, in Europe and Australia. The PlayStation 3 competed mainly against consoles such as Microsoft's Xbox 360 and Nintendo's Wii as part of the seventh generation of video game consoles.

External links

Text of code, at Findlaw [9]

Related Research Articles

The Computer Fraud and Abuse Act (CFAA) is a United States cybersecurity bill that was enacted in 1984 as an amendment to existing computer fraud law, which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization. Prior to computer-specific criminal laws, computer crimes were prosecuted as mail and wire fraud, but the applying law was often insufficient.

The Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003, signed into law by President George W. Bush on December 16, 2003, established the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions.

Trespass to chattels is a tort whereby the infringing party has intentionally interfered with another person's lawful possession of a chattel. The interference can be any physical contact with the chattel in a quantifiable way, or any dispossession of the chattel. As opposed to the greater wrong of conversion, trespass to chattels is argued to be actionable per se.

Web scraping, web harvesting, or web data extraction is data scraping used for extracting data from websites. Web scraping software may access the World Wide Web directly using the Hypertext Transfer Protocol, or through a web browser. While web scraping can be done manually by a software user, the term typically refers to automated processes implemented using a bot or web crawler. It is a form of copying, in which specific data is gathered and copied from the web, typically into a central local database or spreadsheet, for later retrieval or analysis.

The multinational technology corporation Apple Inc. has been a participant in various legal proceedings and claims since it began operation and, like its competitors and peers, engages in litigation in its normal course of business for a variety of reasons. In particular, Apple is known for and promotes itself as actively and aggressively enforcing its intellectual property interests. From the 1980s to the present, Apple has been plaintiff or defendant in civil actions in the United States and other countries. Some of these actions have determined significant case law for the information technology industry and many have captured the attention of the public and media. Apple's litigation generally involves intellectual property disputes, but the company has also been a party in lawsuits that include antitrust claims, consumer actions, commercial unfair trade practice suits, defamation claims, and corporate espionage, among other matters.

Susan Yvonne Illston is a San Francisco, California-based Senior United States District Judge of the United States District Court for the Northern District of California, which lies within the jurisdiction of the United States Court of Appeals for the Ninth Circuit.

National Federation of the Blind v. Target Corporation, 452 F. Supp. 2d 946, was a class action lawsuit in the United States that was filed on February 7, 2006 in the Superior Court of California for the County of Alameda, and subsequently moved to federal court. The case challenged whether the Americans with Disabilities Act of 1990, specifically Title III's provisions prohibiting discrimination by "places of public accommodation" apply to websites and/ or the Internet, or are restricted to physical places.

In the United States, there is no federal law regulating the practice of tattooing. However, all 50 states and the District of Columbia have statutory laws requiring a person receiving a tattoo be 18 years or older. This is partially based on the legal principle that a minor cannot enter into a legal contract or otherwise render informed consent for a procedure. Most states permit a person under the age of 18 to receive a tattoo with permission of a parent or guardian, but some states outright prohibit tattooing under a certain age regardless of permission, with the exception of medical necessity.

The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. In addition, the DMCA heightens the penalties for copyright infringement on the Internet. Passed on October 12, 1998, by a unanimous vote in the United States Senate and signed into law by President Bill Clinton on October 28, 1998, the DMCA amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of the providers of online services for copyright infringement by their users.

Doe v. MySpace, 528 F.3d 413, is a 2008 Fifth Circuit Court of Appeals ruling that affirmed a lower court decision finding that MySpace was immune under the Communications Decency Act of 1996 from liability resulting from a sexual assault of a minor.

Facebook, Inc. v. StudiVZ Ltd. was a federal lawsuit filed on July 18, 2008, by Facebook, Inc. in the United States District Court for the Northern District of California against StudiVZ Ltd., a UK company with its principal place of business in Germany. StudiVZ had launched a website which was alleged to be visually and functionally similar to Facebook's site. Facebook filed a similar lawsuit the same day in the German regional court of Stuttgart and an additional related lawsuit on November 19, 2008, in the German regional court of Cologne. In May 2009 the Court in California issued an order indicating its view that Germany was the more appropriate forum for the dispute, but withheld issuing a final order on the question until further review of the issues of personal jurisdiction could be addressed. The parties subsequently settled the California case, but continued the litigation in Germany in which the regional court of Cologne held that StudiVZ did not violate any intellectual property rights held by Facebook.

Edelson PC is an American law firm that focuses on public client investigations, class actions, mass tort, and consumer protection laws. Edelson has been endorsed as among the elite of privacy litigation by the United States District Court for the Northern District of Illinois.

Lane v. Facebook was a class-action lawsuit in the United States District Court for the Northern District of California regarding internet privacy and social media. In December 2007, Facebook launched Beacon, which resulted in users' private information being posted on Facebook without consent. Facebook ended up terminating the Beacon program, and created a $9.5 million fund for privacy and security. There was no money awarded to Facebook users that were affected negatively by the Beacon program.

SCEA v. Hotz was a lawsuit in the United States by Sony Computer Entertainment of America against George Hotz and associates of the group fail0verflow for jailbreaking and reverse engineering the PlayStation 3.

Gordon v. Virtumundo, Inc., 575 F.3d 1040, is a 2009 court opinion in which the United States Court of Appeals for the Ninth Circuit addressed the standing requirements necessary for private plaintiffs to bring suit under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or CAN-SPAM Act of 2003, 15 U.S.C. ch. 103, as well as the scope of the CAN-SPAM Act's federal preemption. Prior to this case, the CAN-SPAM Act's standing requirements had not been addressed at the Court of Appeals level, and only the Fourth Circuit had addressed the CAN-SPAM Act's preemptive scope.

Lee v. PMSI, Inc., No. 10-2094, was a case in the United States District Court for the Middle District of Florida about whether the Computer Fraud and Abuse Act (CFAA) makes it illegal for an employee to violate an employer's acceptable use policy. The court ruled that violating an employer's policy did not "exceed authorization" as defined by the CFAA and was not illegal under the act.

Atari Games Corp. v. Nintendo of America Inc., 975 F.2d 832, is a United States Court of Appeals for the Federal Circuit case, in which the court held that Atari Games engaged in copyright infringement by copying Nintendo's lock-out system, the 10NES. The 10NES was designed to prevent Nintendo's video game console, the Nintendo Entertainment System (NES), from accepting unauthorized game cartridges. Atari, after unsuccessful attempts to reverse engineer the lock-out system, obtained an unauthorized copy of the source code from the Copyright Office and used it to create its 10NES replica, the Rabbit. The case involved copyright infringement claims by Nintendo and a defense based on fair use and copyright misuse by Atari.

Craigslist Inc. v. 3Taps Inc., 942 F.Supp.2d 962 was a Northern District of California Court case in which the court held that sending a cease-and-desist letter and enacting an IP address block is sufficient notice of online trespassing, which a plaintiff can use to claim a violation of the Computer Fraud and Abuse Act.

References

↑ STATUTORY PROVISIONS ca.gov, retrieved from sam.dgs.ca.gov on 2011 03 06
↑ The California Comprehensive Computer Data Access and Fraud Act, laws.com, retrieved from fraud.laws.com on 12 27 2012
1 2 People v. Hawkins (2002) 98 Cal. App. 4th 1428 [-- Cal.Rptr.2d --] :: Justia Law justia.com, retrieved from law.justia.com on 2011 03 06
↑ Intellectual property and computer crimes Peter Toren, Law Journal Press, 2003, page 9-20, via books.google.com on 2011 03 06
1 2 When Is Data Scraping Breaking and Entering?, Baer Crossey, baercrossey.com, retrieved 2011 03 06. Crossey gives the case identifying info as follows: 489 F.Supp.2d 1087 (N.D.Cal. 2007)
↑ Technology amp; Marketing Law Blog: Facebook v. ConnectU Update, Eric Goldman, (Law school professor), 2007 Dec, retrieved from blog.ericgoldman.org on 2011 03 06
1 2 Porn spammers' lust for Facebook data lands them in court By Jacqui Cheng , Ars Technica, December 17, 2007 , retrieved from arstechnica.com on 2011 03 06
↑ Facebook, Inc. v. John Does 1-10 :: Justia Dockets, filings, justia.com, retrieved from dockets.justia.com on 2011 03 06
↑ California Code - Chapter 5: Larceny [484. - 502.9.] findlaw.com, retrieved from codes.lp.findlaw.com on 2011 03 06

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[cagov1-1] STATUTORY PROVISIONS ca.gov, retrieved from sam.dgs.ca.gov on 2011 03 06

[lawscom1-2] The California Comprehensive Computer Data Access and Fraud Act, laws.com, retrieved from fraud.laws.com on 12 27 2012

[justiacom-3] 1 2 People v. Hawkins (2002) 98 Cal. App. 4th 1428 [-- Cal.Rptr.2d --] :: Justia Law justia.com, retrieved from law.justia.com on 2011 03 06

[peter_toren2003-4] Intellectual property and computer crimes Peter Toren, Law Journal Press, 2003, page 9-20, via books.google.com on 2011 03 06

[baercrosseycom-5] 1 2 When Is Data Scraping Breaking and Entering?, Baer Crossey, baercrossey.com, retrieved 2011 03 06. Crossey gives the case identifying info as follows: 489 F.Supp.2d 1087 (N.D.Cal. 2007)

[ericgoldmanorg-6] Technology amp; Marketing Law Blog: Facebook v. ConnectU Update, Eric Goldman, (Law school professor), 2007 Dec, retrieved from blog.ericgoldman.org on 2011 03 06

[arstechnicacom1-7] 1 2 Porn spammers' lust for Facebook data lands them in court By Jacqui Cheng , Ars Technica, December 17, 2007 , retrieved from arstechnica.com on 2011 03 06

[justiacom1-8] Facebook, Inc. v. John Does 1-10 :: Justia Dockets, filings, justia.com, retrieved from dockets.justia.com on 2011 03 06

[findlawcom1-9] California Code - Chapter 5: Larceny [484. - 502.9.] findlaw.com, retrieved from codes.lp.findlaw.com on 2011 03 06

California Comprehensive Computer Data Access and Fraud Act

Contents

See also

External links

Related Research Articles

References