Ryanair DAC v. Expedia, Inc., US District Court for the Western District of Washington, August 6, 2018
United States v. Gasperini, US Court of Appeals for the Second Circuit, July 2, 2018
Defendant Gasperini, an Italian citizen and resident, appealed his conviction for violating various criminal statutes, including the CFAA. The jury found that Gasperini had engaged in a scheme in which thousands of computers, many in the US, fraudulently "clicked" on advertisements on websites he controlled to generate payments from those advertisers. Among other things, Gasperini argued that the CFAA could not apply where the defrauded company was located outside the US.
The Court of Appeals disagreed, noting that different provisions of the CFAA might have different extraterritorial effects but that the issue need not be decided because the conduct in this case should be considered US "domestic." In reaching that conclusion the Court of Appeals stated it was required first to determine the "focus" of the CFAA, and then whether "conduct relevant to" that focus occurred in the US. In the case at bar, the "focus" of the CFAA was found to be "gaining access to computers and obtaining information from them." The relevant conduct, in turn, included Gasperini having accessed, without authorization, nearly 2000 computers in the US, including 200 in the district where he was charged. Because that conduct was substantial enough to constitute a domestic violation, the fact that other conduct occurred outside the US was irrelevant.