Stanford Center for Internet and Society

Phillips raised several challenges to his conviction under the Computer Fraud and Abuse Act for intentionally accessing a protected computer without authorization. The Fifth Circuit, holding that questions of “authorization” should be understood with reference to “expected norms of intended use,” rejected these challenges and upheld Phillips’ conviction.

United States v. Cristopher Andrew Phillips, No. 05-51271 (5th Cir. Jan. 24, 2007).

Plaintiff Therapeutic Research Faculty brought suit in the Eastern District of California against defendants NBTY, Rexall Sundown, and Le Naturiste. Plaintiff alleged that NBTY had violated the terms of a single user license for plaintiff’s database by sharing access and information with its employees and with the other defendants. Defendants moved to dismiss eight of plaintiff’s claims: direct, contributory, and vicarious copyright infringement; violations of the Computer Fraud and Abuse Act, Title II of the Electronic Communications Privacy Act, and the California Comprehensive Data Access and Fraud Act; trespass; and misappropriation of trade secret. The court held that violation of a single user license by allowing access to copyrighted content by multiple users constituted unauthorized access and infringed the exclusive rights of copyright holders, and that a confidential username and password can be a trade secret,and therefore denied the motion to dismiss.

Therapeutic Research Faculty v. NBTY, Inc., No. 2:05-cv-2322-GEB-DAD (E.D. Cal. Jan. 25, 2007)