Assignment task: Questions about Cybersecurity and Privacy law.
1. The strongest argument for the claim that Lori violates the CFAA.
2. The strongest argument for the claim that Lori does not violate the CFAA.
3. Evaluate which argument is better.
Anna uses Wireshark to see where medical and fitness apps on smartphones send their data. She connects a laptop and a phone to the same wireless network. When she does so, Wireshark lets her see all traffic over the wireless network, not just the traffic on her laptop. So she can see where the phone is sending data. She discovers a lot that is not disclosed in the Terms of Use Agreements and Privacy Policies for various apps. However, those Terms of Use Agreements and Privacy Policies prohibit monitoring data flows using technologies like Wireshark. (The terms of Use Agreements and Privacy Policies are on the websites associated with the app, not on the apps themselves).
One of the apps, BeFit, objects, and it sends Anna a letter stating that she is no longer authorized to monitor data flows in or out of BeFit. Lori continues to monitor BeFit after receiving the letter. BeFit, sues Anna under the Computer Fraud and Abuse Act (CFAA), 18 USC 1030 (a)(2)(C). This section makes it illegal to (1) intentionally access a computer (2) without authorization, and (3) thereby obtain information. Assume that monitoring the data flows of the apps counts as access to them (and so as access to a computer) for purposes of the Computer Fraud and Abuse Act. Assume Lori accesses a computer, and assume the damage and loss requirements of the CFAA are fulfilled.