
Article
This page has been peer-reviewed, fact-checked, and edited by qualified attorneys to ensure substantive accuracy and coverage.
The Computer Fraud and Abuse Act (CFAA) was enacted by Congress in 1986 as an amendment to existing computer fraud law, which had been included in the Comprehensive Crime Control Act of 1984. It was written to limit federal jurisdiction to cases with a compelling federal interest, where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.
The CFAA criminalized additional computer-related acts. Congress included in the CFAA a provision criminalizing trafficking in passwords and similar items. The Act has been amended a number of times, including in 2001 by the USA Patriot Act, and in 2008 by the Identity Theft Enforcement and Restitution Act.
There are seven types of criminal activity enumerated in the CFAA: obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. Attempts to commit these crimes are criminally punishable.
The only computers covered by the CFAA are defined as protected computers. It is defined under the act to mean a computer:
In practice, however, any ordinary computer has come under the jurisdiction of the law, including cell phones, due to the inter-state nature of most internet communication.
In MBTA v. Anderson, the district court found that a violation of the CFAA only occurs if the person knowingly causes the transmission of programmed information to a protected computer. The defendants were not found in violation in this case because were only seeking to transmit information to a non-computer audience. The court found that the MBTA was not likely to succeed on a claim under the CFAA.
In United States v. Neil Scott Kramer, (2011), the 8th Circuit court held that a cell phone fell under the jurisdiction of the Act. Kramer was a court case where a cell phone was used to coerce a minor into engaging sex with an adult. Central to the case was whether a cell phone constituted a computer device. Ultimately, the court held that a cell phone could be considered a computer if the phone performs arithmetic, logical, and storage functions, paving the way for harsher consequences for criminals engaging with minors over cell phones.
The Act makes it a felony to access classified information in a computer without authorization, and a misdemeanor to access financial records or credit histories stored in a financial institution or to trespass into a government computer. Convictions under some provisions of the Act are felonies punishable by a fine, imprisonment for not more than ten years, or both. A violation that occurs after another conviction under Section 1030 is punishable by a fine, imprisonment for not more than twenty years, or both.
The CFAA is primarily a criminal statute. However, in 1994 a civil suit provision was added that provides a private cause of action if a violation causes loss or damage, as those terms are defined in the statute. To state a civil claim for violation of the CFAA, a plaintiff must allege:
Persons found to be civilly liable for a CFAA violation can be responsible for compensatory damages and injunctive or other equitable relief. Furthermore, an action brought under this section must be bought within two years of the date the act is complained or the date of the discovery of the damage.
Sharing several of the same defenses to a charge of defamation, typical defenses for a violation of the CFAA include consent by the third party, the action was done negligently and not knowingly, and that there was no proximate cause between the act allegedly committed and the damage to the plaintiff.
The law concerning the CFAA is complex. If you believe you are a victim of a violation of the CFAA then contact the experienced internet defamation attorneys at Minc Law to evaluate your case. The laws regarding the CFAA vary depending on the state. Call today to find out more information at (216) 373-7706, or fill out our online contact form to set up a meeting.
★★★★★
“Minc Law were very efficient an helpful within their services. Our team are based in the UAE and the process was streamline. Highly recommend.”
OA, July 16, 2021