The Case of the Vanishing Twitter Account and CFAA Liability
By Saad Gul and Michael E. Slipsky
Last week, an unknown Twitter contractor briefly suspended President Trump’s Twitter account. The episode lasted 11 minutes. On its face, it may seem like a relatively small matter, but existing law could make a federal case out of it.
The Computer Fraud and Abuse Act (CFAA) prohibits unauthorized access to a protected computer system. It also bans use beyond authorized access. Courts around the country have diverged widely on what constitutes unauthorized access. One judge has observed that sharing a Netflix password could technically violate the statute.
The CFAA also provides for civil penalties, paving the way for a potential civil lawsuit against the Twitter contractor.
Legal liability may hinge on the contractor’s duties. For instance, if tasked with monitoring high-profile accounts, the contractor may at least arguably have been acting within the scope of his or her responsibilities. On the other hand, if those duties had no connection with the president’s account, any defenses would be far more tenuous.
Twitter itself may want to act to discourage future self-appointed censors. And even if the company does not act, federal prosecutors may feel unable to pass on such a high-profile instance.
CFAA experts will be watching future developments with interest. Courts, academics, and attorneys may diverge widely on their views of the CFAA applications in many instances: some like it, some would block it, and others are more muted in their criticism. But virtually all agree that the current state of the law is a mess. The case of the vanishing account may provide the perfect vehicle to rationalize the scope and enforcement of the law. One thing is for certain, this story will be worth following.
Saad Gul and Mike Slipsky, editors of NC Privacy Law Blog, are partners with Poyner Spruill LLP. They advise clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. Saad (@NC_Cyberlaw) may be reached at 919.783.1170 or firstname.lastname@example.org. Mike may be reached at 919.783.2851 or email@example.com.