Orrick Secures Ninth Circuit Win for Facebook Under Federal Anti-Hacking Statute


In a major decision clarifying liability under a federal anti-hacking statute, the Ninth U.S. Circuit Court of Appeals has sided with an Orrick team’s interpretation of the Computer Fraud and Abuse Act on behalf of Facebook. A unanimous Ninth Circuit panel found that Power.com, a now-defunct social media aggregator, violated the Act by continuing to gather data from Facebook’s user profiles despite receiving cease-and-desist letters from Facebook.

Siding with our team’s legal arguments that the CFAA barred the conduct, the Ninth Circuit concluded that Power.com could be found liable to Facebook. “When Facebook sent the cease and desist letter, Power, as it conceded, knew that it no longer had permission to access Facebook’s computers at all. Power, therefore, knowingly accessed and without permission took, copied, and made use of Facebook’s data,” Judge Susan Graber wrote for the court.

The Ninth Circuit has sent the case back to the lower court for further proceedings consistent with its interpretation of the CFAA. The court also found that Power’s former CEO, Steven Vachani, could be held individually liable for damages as the case progresses. Facebook’s lawsuit stems from Power.com promoting its own website by accessing various proprietary Facebook tools, such the social media site’s event invitations feature and internal messaging system, to deliver tens of thousands of emails after receiving the cease-and-desist letters.

The Orrick team was led by partners Neel Chatterjee and Eric Shumsky, Of Counsel Monte Cooper and associates Rob Uriarte, Brian Goldman and Kayvan Ghaffari. Former associate Morvarid Metanat, now in Facebook’s legal department, also worked on the case.