The recent computer hacking news helps to show the importance of the recently passed Florida’s Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“CADRA”) (CADRA Full Text). As you may have already heard, there are serious allegations that the St. Louis Cardinals “password guessed” the General Manager’s password on the Houston Astros’ computer system. Unfortunately, the known facts of this matter point out the holes in the Federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”). Assume for a second though that either th Cardinals or the Astros’ had computers in Florida or business operations in Florida AND that the events occurred after CADRA’s effective date of October 1, 2015. In that scenario the application and likely violation of CADRA is clear, where the CFAA violation is not so clear.
Under this hypothetical, under CADRA, personnel in the Cards organization were not authorized to access the Astros’ computers. The Cards did not have a password, assigned to them by the Astros’ organization. A password is a technological access barrier or “TAB” defined in CADRA. The violation was “knowingly and with intent to cause harm or loss: obtain[ing] information from protected computer without authorization and, as a result, causes harm or loss.” CADRA §668.803(1) (herein “§803(1)”). Since CADRA defines harm, loss and damage as including remediation, the Astros were harmed. §§802(5)(a).
The CFAA violation is not so clear. For example, did the snooping into the Cards’ computer cause more than $5,000 worth of damage? Some federal courts do not include remediation costs as part of CFAA damage. It is uncertain that the federal prosecutors will initiate an investigation without some large dollar damage to the Astros.
This event establishes the value of CADRA to the computer owners in Florida. For more information on CADRA, please contact our office.