Computer Fraud and Abuse Act (CFAA)/ United States

The Computer Fraud and Abuse Act (CFAA) focuses on providing security to the computers and networks against the unauthorized access. This law was introduced in 1984 when the digital era was just at its beginning.

The law was enacted by the Congress and expands the previously existing privacy laws to a growing concern about computer crimes. The CFAA at the time of its creating was purposed to cover “hacking or trespassing into a computer system or data”. However, the law was not written so effectively and there were continuous advancements in computer crimes.

Therefore, the use and interpretation of CFAA law were extended and amended several times over the years. Since its introduction, the law has been amended six times in 1988, 1994, 1996, 2001, 2002, and 2008.

CFAA Violations

According to CFAA, the following movements fall under the law violation;

• Intentionally accessing a computer device without any authorization or overcrossing the authorize access to obtain protected information.
• Intentionally deceiving the access to a protected computer without authorization or by crossing authorized access to obtain information of worth $5000 or more in a one-year period.
• Intentionally, injecting the transmission of a code, information, program, or command to produce an unauthorized damage to a protected computer.
• Carelessly causing damage to a protected computer through accessing it without authorization.
• To defraud trafficking in passwords or accessing information without any lawful authorization.
• Any kind of cheating or fraud involving computers.

However, the law violation also includes the act to plan conspiracies and attempts to carry out these acts.

As declared by the Federal law, the CFAA violations may cause the punishment up to 10 years on first offense and up to 20 years on the conduct of second offense. You can get details about penalties here.

The Amendments of CFAA

The CFAA law is amended six times since its introduction. The third amendment in 1996 included a major term ‘non-public’ into the law. This refers to the occurrences when an agency authenticates the public to access various aspects of the system.

This amendment makes clear that an individual is given access to certain areas of the system but they are still not permitted to carry out criminal acts. Therefore, the Congress highlighted that a person could be punished under the CFAA even if they have given the privilege to the government-run computer systems.

In this amendment, the prosecution of those individuals was declared who carry out the illegitimate movements on public computers.

In 2002, the amendment also known as ‘Patriot Act’ had given the federal officials more margin to monitor and prosecute the suspected cybercriminals.

The 2008 amendment is known as ‘Identity Theft Enforcement and Restitution Act’ which allows the punishment of for individuals who conspire to carry out cybercrimes, in addition to those who actually do the malicious work.