Congressional Rep Mike Honda Sues Challenger Ro Khanna For CFAA Violation Over Access To His Donor List
from the oh-boy dept
So, the CFAA strikes again, and this time right in the heart of a Silicon Valley political fight. If you live in or around the Silicon Valley tech industry, you probably know who Ro Khanna is. He's often been described as the "candidate for Congress that Silicon Valley prefers." It feels like he's been running for Congress against incumbent Rep. Mike Honda forever, but it's really just in the past two elections. Here's a big Bloomberg profile of him from 2013 when he first challenged Honda, losing narrowly to him in the 2014 election, despite having support from many Silicon Valley tech industry stars. This year, he's running again, and in the primary, Khanna narrowly beat Honda, suggesting good things in the general election in November (the top two candidates in the open primary move on to the general election, regardless of party).Khanna is known for his pro-internet views, while Honda has a reputation for not really understanding or caring very much about the internet.
And now... Honda has sued Khanna under one of the most hated laws on the internet, the CFAA (Computer Fraud & Abuse Act). As we've discussed for many years, the CFAA was supposed to be an "anti-hacking law" that was created by politicians who were (literally, no joke) scared by the fictional movie War Games into writing an anti-hacking law in the 1980s. The law has many, many, many problems, but the biggest one, which comes up again and again in cases, is that it has a vague standard of "unauthorized access" or "exceeding authorized access."
Not surprisingly, that's the issue in this case as well. In short, Brian Parvizshahi was (until Thursday night) Khanna's campaign manager. Way back in 2012, Parvizshahi had briefly (as in, for just a few weeks) worked at Arum Group, an organization that helped Mike Honda with fundraising. After he left Arum Group, apparently no one at the company thought to turn off his access to the Dropbox where they stored all their info about donors. Now, to most people, you'd think that the issue here would be Arum Group's bad policies. But, under the CFAA some can argue that continuing to access that file is a form of "unauthorized access."
And that's the central claim here in the lawsuit. Honda claims that Parvizshahi continued to access that Dropbox folder that he was given access to four years ago and which Arum Group never shut down -- and thus he, and the whole Khanna campaign -- violated the CFAA. You can see the full filing here.
Now, we can say that Parvizshahi continually accessing this info -- especially after starting to work for Khanna -- was really, really dumb. Especially since his actions were clearly viewable in Dropbox -- including cases where he supposedly "edited" the files. From the lawsuit, here's just one of many, many images: It is worth noting, though, that some of the screenshots merely show Parvizshahi "adding" the document to his desktop, which might have happened automatically if he was syncing his Dropbox account to his computer, which is the way many people set things up.
One other sketchy thing here is that someone sent a copy of Honda's donor list to San Jose Inside magazine in late 2015 -- and apparently the file they got matched a file in the Dropbox folder that Parvizshahi had accessed.
So while it may have been dumb for him to do so, the real fault here would seem to lie with Arum Group for (1) giving Parvizshahi access on what appears to be his personal Dropbox account, rather than adding a professional account that it controlled and (2) failing to revoke his access after Parvizshahi left, and not even noticing it for years. That seems to be the really negligent move here.
But, with the way courts have been interpreting the CFAA, it does seem entirely possible (if ridiculous) that a California court could interpret this to be a CFAA violation for Parvizshahi at the very least. If that also applies to Khanna, that would seem doubly ridiculous. Either way, as far as I can tell, while Khanna has taken a position on a number of issues related to tech policy, I don't see anything about the CFAA. Perhaps this particular episode will change that.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: brian parvizshahi, campaigns, cfaa, donor lists, hacking, mike honda, ro khanna
Reader Comments
Subscribe: RSS
View by: Time | Thread
Just a thought
[ link to this | view in chronology ]
Re: Just a thought
Yes, it does get that crazy as times.
[ link to this | view in chronology ]
Re: Just a thought
Well, yes, that's an argument -- and similar ones have been made in the past. I think it makes sense, but courts haven't always agreed. And that makes it a risky argument to make in court.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
"Technically he can say it was automated synchronization and good luck to the plaintiff to prove it was not."
He can say that. But if he says that under oath (and he almost certainly will be deposed) then, if it's a lie, he's committing perjury, and now he's potentially facing jail time. If he WAS the one who leaked the list to the paper, how sure is he that it can't be traced back to him if the paper and/or email providers are subpoenaed?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Aiming to take top spot in Funniest Comment already are we?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: TripMN's remark
meant "raises the question".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Trust
Another thing I find interesting is that, at the time they discovered the breach, they apparently felt the need to notify at least five different consulting companies that were apparently already working for them. Do congressional campaigns normally have that many? But maybe that's one reason why they never noticed. Too many people in the campaign, many of which don't even directly work for the campaign. And maybe that's why they didn't do more diligence when the leak came - too many people they didn't really know had access to the list anyway.
[ link to this | view in chronology ]
Even if it was an automatic sync, Parvizshani would have known.
Now, whether Khanna has any culpability is another matter. You'd have to show that he knew, or should have known. Did he think Parvizshani was just a genius at coming up with leads to people with money, or did he hire Parvizshani in the first place knowing that he had Honda's donor list?
[ link to this | view in chronology ]
Request For Judicial Notice
In the absence, though, of any evidence that the purported “Brian Parvizshahi’s LinkedIn profile” was created or controlled by defendant Brian Parvizshahi, I don't think a court should rely on that for the truth of anything contained in the profile.
[ link to this | view in chronology ]
Re: Request For Judicial Notice
Exhibit 2 (doc 5-21) attached to that declaration follows the cover sheet on p.71 in the pdf.
[ link to this | view in chronology ]
Re: Request For Judicial Notice
FRE Rule 201. Judicial Notice of Adjudicative Facts
[ link to this | view in chronology ]
Re: Re: Request For Judicial Notice
[ link to this | view in chronology ]
Voting Record
[ link to this | view in chronology ]
Beckendorf to Podesta
It is a Wikileak of a Podesta email, Mike Honda campaign manager on Ro Khanna
[ link to this | view in chronology ]