Accessing Google Drive, Using Inadvertently Revealed Long URL, Can Violate Computer Fraud & Abuse Act
From Greenburg v. Wray, decided yesterday by Judge Douglas Rayes (D. Ariz.) (key legal point highlighted):
Amanda Wray manages a 2,000-member Facebook group … “dedicated to propagating anti-mask policies, anti-vaccine policies, anti-LGBTQ policies, and anti-Critical Race Theory policies within the Scottsdale Unified School District.” … Plaintiff[ Mark Greenburg]’s son serves on … the elected governing body that manages Scottsdale Unified No. 48 School District ….
In response to activities by Defendants [Wray and her husband] and the Facebook Group, Plaintiff began collecting information on them, including photographs, video footage, discussions with third parties concerning them, personal comments and thoughts, and political memes. Plaintiff stored these records on his personal “Google Drive” server. Plaintiff specifically shared server access with three individuals (including Plaintiff’s son), who could access the server by signing into their own password-protected Google accounts. Although Plaintiff didn’t realize it at the time, the sharing settings on his Google Drive also allowed anyone to access the server by typing in the exact URL.
In 2021, Plaintiff’s son was accused of defamation. He responded to his accuser by emailing “13 photographs of public Facebook comments, made by his accuser, some of which were stored on the server.” One of the photographs displayed the URL to the Google Drive, and that photograph made its way into Amanda’s possession, where she noticed the URL
Article from Latest