Question 1
The Economic Espionage Act has two distinct offenses under §§ 1831 and 1832. What is the key distinction between them, and how does it affect the maximum sentence? A § 1831 requires proof of financial harm; § 1832 does not — both carry the same 10-year maximum B § 1831 requires a foreign government nexus and carries up to 15 years; § 1832 covers private commercial benefit and carries up to 10 years C § 1831 applies only to government contractors; § 1832 applies to private sector employees — both carry up to 15 years D § 1831 applies to digital theft; § 1832 applies to physical theft — the sentence depends on the amount stolen
Question 2
Xu Yanjun, a deputy division director of China's Ministry of State Security, was convicted in S.D. Ohio in 2021 for recruiting GE Aviation engineers to steal turbofan engine designs. His case is historically significant for two reasons. Which answer correctly identifies both? A It was the first EEA conviction and the longest sentence under the CFAA B It was the first successful extradition of a Chinese intelligence officer to face U.S. prosecution, and it resulted in the harshest sentence ever imposed under the EEA — 20 years C It established that CFAA authorized-access doctrine applies to foreign intelligence officers, and Xu was sentenced to 10 years under § 1832 D It proved that the EEA requires proof of financial transfer, and Xu was acquitted on the highest counts
Question 3
Zheng Xiaoqing, a principal engineer at GE Power, exfiltrated thousands of turbine technology files when he left for a Chinese competitor. He embedded the files into the binary code of a sunset photograph using steganography and transmitted them via email. Under which EEA section was he charged, and why — rather than § 1831? A § 1832, because there was no proven nexus to a foreign government instrumentality — the benefit ran to a private commercial competitor B § 1831, because any Chinese national exfiltrating technology is presumed to benefit the Chinese government C § 1832, because steganography is a purely private concealment technique with no government application D § 1831, because GE Power has U.S. government contracts, making all its data national defense information
Question 4
A security researcher reverse-engineers a competitor's IoT firmware to study its authentication protocol. The firmware contains undisclosed proprietary encryption logic the competitor developed at significant cost and kept secret under NDA. The researcher publishes findings that expose the full algorithm. Which of the following best describes the EEA exposure? A None — reverse engineering is expressly exempt under the EEA's independent derivation clause B None — published research always qualifies as independently derived information under § 1839 C Potential § 1832 exposure if the firmware was obtained through unauthorized means or exceeded license scope, because the undisclosed algorithm qualifies as a trade secret under the EEA's § 1839 definition D Potential § 1831 exposure because all cybersecurity research with foreign publication venues benefits a foreign government
Question 5
Chelsea Manning had authorized access as an Army intelligence analyst to SIPRNET, the classified military network. She downloaded approximately 700,000 documents and transmitted them to WikiLeaks. She was convicted under the Espionage Act, not solely under the CFAA. What does her case establish about the Espionage Act's authorization requirement? A Authorized access is a complete defense under the Espionage Act — Manning should not have been convicted B Authorized access is not a defense; the crime under § 793(d) is willful transmission of national defense information to a person not entitled to receive it, regardless of how the information was accessed C The Espionage Act only applies when formal classification markings are present — Manning's conviction was based on classified documents specifically D The Espionage Act requires proof of intent to injure the United States — Manning's conviction was unique because she admitted this intent
Question 6
Reality Winner was identified as the source of a leaked NSA intelligence report through a forensic technique that exploited physical evidence embedded in the printed document she mailed to The Intercept. What technique identified her? A IP address logging on the NSA's internal document management system B Printer steganography — invisible yellow dot patterns encoding the printer's serial number and print date embedded on every printed page C File hash comparison between the published document and NSA's document management system D Email metadata analysis from the encrypted channel she used to contact the journalist
Question 7
California Penal Code § 502 (CDAFA) is generally considered more plaintiff-friendly than the federal CFAA for civil suits. Which of the following correctly identifies the two most significant ways § 502 expands civil liability beyond the federal CFAA? A § 502 covers only intentional acts and requires a $10,000 minimum; CFAA requires only $5,000 but covers negligent acts B § 502 has no $5,000 damage floor for civil suits and expressly provides a private right of action with attorney's fees; CFAA requires $5,000 aggregate annual damage and does not award attorney's fees C § 502 applies nationwide to any server owned by a California company; CFAA is limited to servers physically located in the United States D § 502 criminalizes automated access regardless of server impact; CFAA requires proof of actual data exfiltration
Question 8
Under New York Penal Law § 156.10, what element elevates unauthorized computer access from a Class A misdemeanor (§ 156.05) to a Class E felony (computer trespass)? A The defendant must have caused damage exceeding $50,000, or the access must have lasted more than 24 hours B The defendant must have accessed a government computer specifically — private sector access remains a misdemeanor C The access must have been committed with intent to commit or attempt to commit a felony therein, or the defendant must have caused damage exceeding $1,000 D The defendant must have previously been convicted of a misdemeanor computer offense under § 156.05
Question 9
The trespass to chattels doctrine was significantly limited for digital activity by Intel Corp. v. Hamidi (Cal. 2003). A former Intel employee sent mass emails to Intel workers criticizing the company's employment practices. Intel blocked him repeatedly and he circumvented the blocks. The California Supreme Court ruled against Intel. What was the court's central holding? A Blocking a sender and re-sending constitutes criminal trespass, not a civil tort B Trespass to chattels for electronic intrusions requires actual impairment to the computer's functionality — not merely unwanted use or an unwanted message; Intel's computers were not damaged, degraded, or impaired C Employees have a constitutional right to receive critical communications about their employer, defeating any trespass claim D The trespass to chattels doctrine does not apply to electronic signals under California law — only physical objects qualify as chattels
Question 10
A company discovers that a web scraper is consuming 1.4% of its total server capacity without authorization. The company has blocked the scraper's IP addresses multiple times and the operator has circumvented each block. The company is based in California and wants to pursue all available legal theories. Which combination of claims is available and correctly matched to its requirements? A CFAA only — trespass to chattels is categorically unavailable for scraping after eBay v. Bidder's Edge was overruled B Trespass to chattels (server resource consumption may satisfy Hamidi's functional impairment standard, especially if capacity blocks were circumvented), California § 502 (no damage floor; "disruption" theory), and CFAA § 1030(g) (if $5,000 annual loss threshold can be established) C California § 502 is not available because scraping does not involve "accessing" a computer under California law — only CFAA and trespass to chattels apply D CFAA is unavailable because scrapers do not exceed authorized access under Van Buren — only California § 502 applies