9 minute read
Dead Celebrities and Digital Doppelgangers
Washington State Passes New Anti-SLAPP Statute
Effective July 25, 2021, the state of Washington has a new antiSLAPP statute—replacing the version that the Washington Supreme Court declared invalid in 2015. The statute restores important defenses for news organizations, political groups, and other speakers and publishers against defamation and similar claims.
The Uniform Public Expression Protection Act, a modified version of which Washington adopted, is designed to deter meritless litigation that targets the exercise of free speech. Like its predecessor, Wash. Rev. Code § 4.24.525, the new law allows a defendant to file a special motion for expedited relief if the claim falls within three categories:
• "[C]ommunications in a legislative, executive, judicial, administrative, or other governmental proceeding";
• "[C]ommunication on an issue under consideration or review in a legislative, executive, judicial, administrative, or other governmental proceeding"; and • "[E]xercise of the right of freedom of speech or of the press, the right to assemble or petition, or the right of association, guaranteed by the United States Constitution or
Washington State Constitution, on a matter of public concern."
A court must dismiss the lawsuit if it finds the claims subject to the antiSLAPP statute and that either:
• The responding party fails to establish a prima facie case as to each essential element of the cause of action;
• The moving party establishes that the responding party failed to state a cause of action upon which relief can be granted; or
• The moving party establishes that there is no genuine issue as to any material fact and the moving party is entitled to judgment as a matter of law on the cause of action or part of the cause of action.
In making its decision, a court must "consider the pleadings, the motion, any reply or response to the motion, and any evidence that could be considered in ruling on a motion for summary judgment."
While a motion for expedited relief is pending, all other proceedings, including discovery, are stayed. A court may allow "limited" discovery if a party shows that "specific information is necessary to establish whether a party has satisfied or failed to satisfy" its burden on the merits "and the information is not reasonably available unless discovery is allowed."
If the court grants the motion, the moving party is entitled to its attorneys' fees and costs—so long as the moving party provided the responding party 14 days' notice before filing the motion. If a court denies the motion, the responding party may recover fees and costs if the court finds the motion was "not substantially justified or filed solely with intent to delay the proceeding." In the event of a denial, the moving party also has an automatic right of appeal. The statute contains numerous exemptions, including real property claims, claims for wrongful death or bodily injury, insurance claims, and claims under state labor laws. The statute also exempts claims under the state Consumer Protection Act, those for common law fraud, and those brought against a person selling or leasing goods or services for a communication related to the sale or lease of those goods or services.
However, these last three exemptions are inapplicable for claims arising from the gathering, receiving, posting, or processing of information for communication to the public or for the creation, dissemination, exhibition, or advertisement or promotion of an artistic work; or claims related to the communication, gathering, receiving, posting, or processing of consumer opinions, such as ratings and reviews.
The uniform law replaces Wash. Rev. Code § 4.24.525, which the state Supreme Court held unconstitutional in Davis v. Cox, 183 Wash. 2d 269, 351 P.3d 862 (2015). In Davis, the court found the burden of proof on the responding party—to prove a probability of prevailing on the merits by clear and convincing evidence—invalid.
The uniform law fixes this defect by incorporating the standards needed to defeat a motion to dismiss under Washington Civil Rule 12(b)(6) and 12(c), as well as Washington Civil Rule 56. These rules—for motions to dismiss, motions for judgment on the pleadings, and summary judgment motions—largely mirror the federal rules of civil procedure.
Ambika Kumar, Bruce E. H. Johnson and Eric M. Stahl are partners in the Seattle office of Davis Wright Tremaine.
SCOTUS Limits Reach of Computer Fraud and Abuse Act: Nefarious Reasons Are Not Enough for Criminal Liability
By David M. Gossett, Katherine M. Bolger, John M. Browning, and Michael T. Borgia
In June 2021, the U.S. Supreme Court resolved an important question about the meaning of provisions prohibiting "unauthorized access" or "exceeding authorized access" to computer systems and databases under the Computer Fraud and Abuse Act of 1986 (CFAA). The Court, in a 6-3 decision in Van Buren v. United States, 141 S. Ct. 1648 (2021), sided with lower courts that found the CFAA does not prohibit accessing data for a purpose other than the purpose for which the user was permitted access in the first place. The decision will have farreaching consequences for anyone who uses computers to access and retrieve information digitally.
The CFAA subjects to criminal and civil liability anyone who "intentionally accesses a computer without authorization or exceeds authorized access." 18 U.S.C. § 1030(a)(2). The term "exceeds authorized access" means "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." 18 U.S.C. § 1030(e)(6).
Everyone agrees that these provisions of the CFAA prohibit traditional hacking done for a malicious purpose—for example, breaking into a computer system by using an illegally obtained password to steal data or encrypt files.
They also cover "insider threats"— employees who, for example, have access to a portion of a computer system but who access portions that they are not authorized to access (e.g., restricted systems containing business secrets).
For decades, courts have been divided whether the CFAA also prohibits accessing computer systems or files with permission but for a forbidden reason. Does an employee "exceed[] authorized access" by, for example, downloading materials the employee is allowed to access for work, but with the intent of quitting and taking those materials to another employer?
The facts of Van Buren provide a stark example. A police officer, Nathan Van Buren, was offered $5,000 to check whether someone was an undercover police officer by using a license plate number. Van Buren searched for the number in a license plate database to which he had access, but only for legitimate law enforcement purposes.
In fact, the request was part of a sting operation, and Van Buren was arrested after carrying out the search and offering that he had information to share. Prosecutors charged Van Buren with several crimes, including violations of the CFAA. Van Buren argued that he was authorized to access that database, and the fact he accessed it for an unauthorized reason did not mean he had "exceed[ed] authorized access."
The U.S. Supreme Court agreed. To the majority, the case was simple. The Court relied primarily on the text of the statute, particularly the definition of "exceeds authorized access," to conclude that Van Buren was "entitled" to obtain the material he obtained and in the manner that he obtained it. That he accessed the material for an improper purpose did not change the textual analysis.
The Court also concluded that this reading was more consistent with the overall structure of the CFAA, as it harmonized the analysis under the "without authorization" and "exceeds authorized access" prongs of the statute. Under the majority's reading, both prongs pose a straightforward "gates-up-or-down" inquiry—one either has permission to access a system or part of a system or one does not.
The Court also concluded that the government's reading of the statute would mangle the CFAA's civil liability provisions, reasoning that the statute's civil remedies for "loss" and "damage" are best suited to address the consequences of traditional computer hacking (loss of data, inability to access systems, etc.)—not claims of data "misuse." In fact, the government conceded that the access provisions in the CFAA "prohibit[] only unlawful information 'access,' not downstream information 'misus[e].'"
"Does an employee 'exceed[] authorized access' by, for example, downloading materials the employee is allowed to access for work, but with the intent of quitting and taking those materials to another employer?" "In fact, the government conceded that the access provisions in the CFAA "prohibit[] only unlawful information 'access,' not downstream information 'misus[e].'"
Finally, the Court noted that "the Government's interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity." "If the 'exceeds authorized access' clause criminalizes every violation of a computer-use policy," the Court explained, "millions of otherwise law-abiding citizens are criminals." Any employee who is authorized to use an employer-supplied computer only for business purposes would, for example, violate the CFAA by sending a personal email.
Van Buren is critically important to a vast array of companies. The decision will limit the ability of some companies to use the CFAA to enforce terms of service that prohibit particular uses of their data as well as the ability to punish employee misconduct.
And the decision is a welcome result for computational journalism. As The Markup, a nonprofit news organization that conducts data-driven investigations into digital technology, argued in its amicus brief in the litigation, a different, broader reading would have infringed on established First Amendment protections for journalists. DWT attorneys Kate Bolger, Jack Browning, and David Gossett represented The Markup in the litigation.
David M. Gossett and Michael T. Borgia are partners in the Washington, D.C., office of Davis Wright Tremaine. Katherine M. Bolger is a partner and John M. Browning an associate in the New York office of Davis Wright Tremaine.
Mandatory COVID-19 Vaccination Policies: Issues Every Entertainment Industry Employer Should Consider
By Arielle Spinner and Julie Capell
In an effort to keep cast, crew, and others safe, production companies and distributors are considering whether to require individuals to be fully vaccinated against COVID-19. Vaccination policies play a crucial role in productions’ evolving safety protocols, but there are numerous factors to consider when determining whether to require or encourage vaccination. 1. Is your business required by federal, state, or local law to mandate employee vaccination?
President Biden recently directed federal OSHA to adopt an Emergency Temporary Standard (ETS), expected to be published in the near future, requiring private businesses with 100 or more employees to mandate COVID-19 vaccinations or adopt a mandatory testing policy. Many state and local governments have implemented—or are planning to implement—similar vaccine mandates. Employers with questions about applicable vaccine mandates should contact legal counsel.
2. Is your production permitted by the guilds’ Return-to-Work Agreement or required by a network/ distributor to mandate vaccination?
The guilds’ Return-to-Work Agreement includes specific requirements surrounding when,
