Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Computer Fraud and Abuse Act
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|1986 United States cybersecurity law}} {{Use mdy dates|date=September 2021}} {{Infobox U.S. legislation | shorttitle = Computer Fraud and Abuse Act | othershorttitles = | longtitle = <!--Starts "An act to..."--> | colloquialacronym = | nickname = | enacted by = <!--Name of Congress. (e.g. 1st, 10th, 100th). Auto-links to corresponding page. Adding other characters breaks the link--> | announced by = <!--like "enacted by" but for proposed/unpassed legislation--> | effective date = | public law url = | cite public law = <!--{{uspl}} can be used--> | cite statutes at large = <!--{{usstat}} can be used--> | acts amended = | acts repealed = | title amended = <!--US code titles changed--> | sections created = <!--{{USC}} can be used--> | sections amended = | leghisturl = | introducedin = <!--House or Senate--> | introducedbill = | introducedby = <!--sponsor(s); use {{uspolabbr}} for party/district--> | introduceddate = | committees = | passedbody1 = | passeddate1 = | passedvote1 = | passedbody2 = | passedas2 = <!-- used if the second body changes the name of the legislation --> | passeddate2 = | passedvote2 = | conferencedate = | passedbody3 = | passeddate3 = | passedvote3 = | agreedbody3 = <!-- used when the other body agrees without going into committee --> | agreeddate3 = <!-- used when the other body agrees without going into committee --> | agreedvote3 = <!-- used when the other body agrees without going into committee --> | agreedbody4 = <!-- used if agreedbody3 further amends legislation --> | agreeddate4 = <!-- used if agreedbody3 further amends legislation --> | agreedvote4 = <!-- used if agreedbody3 further amends legislation --> | passedbody4 = | passeddate4 = | passedvote4 = | signedpresident = | signeddate = | unsignedpresident = <!-- used when passed without presidential signing --> | unsigneddate = <!-- used when passed without presidential signing --> | vetoedpresident = <!-- used when passed by overriding presidential veto --> | vetoeddate = <!-- used when passed by overriding presidential veto --> | overriddenbody1 = <!-- used when passed by overriding presidential veto --> | overriddendate1 = <!-- used when passed by overriding presidential veto --> | overriddenvote1 = <!-- used when passed by overriding presidential veto --> | overriddenbody2 = <!-- used when passed by overriding presidential veto --> | overriddendate2 = <!-- used when passed by overriding presidential veto --> | overriddenvote2 = <!-- used when passed by overriding presidential veto --> | amendments = [[Patriot Act|USA Patriot Act]] | SCOTUS cases = {{ubl|''[[Van Buren v. United States]]'', {{ussc|docket=19-783|volume=593|year=2021}}}} }} The '''Computer Fraud and Abuse Act of 1986''' ('''CFAA''') is a [[United States]] [[cybersecurity]] bill that was enacted in 1986 as an amendment to existing [[computer fraud]] law ({{USC|18|1030}}), which had been included in the [[Comprehensive Crime Control Act of 1984]]. <ref name=FirstEnacted>{{cite web |url=https://www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf |title=Prosecution of Computer |last1=Jarrett |first1=H. Marshall |last2=Bailie |first2=Michael W. |date=2010 |website=justice.gov |publisher=Office of Legal Education Executive Office for United States Attorneys |access-date=June 3, 2013}}</ref> Prior to computer-specific criminal laws, computer crimes were prosecuted as [[mail and wire fraud]], but the applying law was often insufficient.<ref>{{Cite web|title=Who's Responsible? - Computer Crime Laws {{!}} Hackers {{!}} FRONTLINE {{!}} PBS|url=https://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/crimelaws.html|access-date=2021-11-13|website=www.pbs.org}}</ref> The original 1984 bill was enacted in response to concern that computer-related crimes might go unpunished.<ref>{{cite journal |last1=Schulte |first1=Stephanie |title=The WarGames Scenario |journal=Television and New Media |date=November 2008 |volume=9 |issue=6 |pages=487–513 |doi=10.1177/1527476408323345 |s2cid=146669305 }}</ref> The House Committee Report to the original computer crime bill included a statement by a representative of [[GTE]]-owned [[Telenet]] that characterized the 1983 techno-thriller film ''[[WarGames]]''—in which a young teenager (played by [[Matthew Broderick]]) from [[Seattle]] breaks into a U.S. military [[supercomputer]] programmed to predict possible outcomes of [[nuclear war]] and unwittingly almost starts [[World War III]]—as "a realistic representation of the automatic dialing and access capabilities of the [[personal computer]]."<ref>{{Cite interview |last=A representative of GTE Telenet |title=Hearing |type=none |publisher=Subcommittee on Crime |date=November 10, 1983}} Transcribed in: {{Cite report |title=House Report No. 98-894 |last=House Committee on the Judiciary |date=July 24, 1984 |pages=10–11 |id=Accompanies {{USBill|98|HR|5616}}. {{USBill|98|HRept|894|pipe=Metadata on Congress.gov}}. [https://www.govinfo.gov/app/collection/crpt/98/hrpt/ Could become available on GovInfo]. |type=none}} Reproduced in: {{Cite book |title=[[United States Code Congressional and Administrative News]] (U.S.C.C.A.N.) |date=1984 |publisher=West Publishing Co. |edition=98th Congress—Second Session 1984 |volume=4 |publication-place=St. Paul, Minn. |publication-date=<!--1985 but might be confusing to include--> |pages=3689–3710 (whole report), particularly pp. 3695–3696 (specific pages with statement from hearing)}}</ref> The CFAA was written to extend existing [[tort law]] to [[intangible property]], while, in theory, limiting [[Federal jurisdiction (United States)|federal jurisdiction]] to cases "with a compelling federal interest—i.e., where computers of the [[Federal government of the United States|federal government]] or certain [[financial institution]]s are involved or where the crime itself is interstate in nature", but its broad definitions have spilled over into [[contract law]] (see "Protected Computer", below). In addition to amending a number of the provisions in the original ''section 1030'', the CFAA also criminalized additional computer-related acts. Provisions addressed the distribution of [[Malware|malicious code]] and [[denial-of-service attack]]s. Congress also included in the CFAA a provision criminalizing trafficking in [[passwords]] and similar items.<ref name=FirstEnacted /> Since then, the Act has been amended a number of times—in 1989, 1994, 1996, in 2001 by the [[USA PATRIOT Act]], 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act. With each amendment of the law, the types of conduct that fell within its reach were extended. In 2015, President [[Barack Obama]] proposed expanding the CFAA and the [[RICO Act]].<ref>{{Cite web|url=https://obamawhitehouse.archives.gov/the-press-office/2015/01/13/securing-cyberspace-president-obama-announces-new-cybersecurity-legislat|title=Securing Cyberspace – President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts |date=January 13, 2015 |via=[[NARA|National Archives]]|work=[[whitehouse.gov]]|access-date=January 30, 2015 }}</ref> [[DEF CON]] organizer and [[Cloudflare]] researcher [[Marc Rogers (security researcher)|Marc Rogers]], Senator [[Ron Wyden]], and Representative [[Zoe Lofgren]] stated opposition to this on the grounds it would make many regular internet activities illegal.<ref>{{Cite news|url=http://www.huffingtonpost.com/2015/01/20/obama-hackers_n_6511700.html|title=Democrats, Tech Experts Slam Obama's Anti-Hacking Proposal |date=January 20, 2015 |access-date=January 30, 2015 |work=[[Huffington Post]]}}</ref><!-- so what happened with the proposed expansion, and with the opposition by Wyden/Lofgren? --> In 2021, the Supreme Court ruled in [[Van Buren v. United States]] to provide a narrow interpretation of the meaning of "exceeds authorized access".<ref>{{cite web | url = https://www.politico.com/news/2021/06/03/supreme-court-cybercrime-law-491764 | title = Supreme Court narrows scope of sweeping cybercrime law | first1= Eric | last1 =Geller | first2 = Josh | last2= Gerstein |date = June 3, 2021 | accessdate = June 3, 2021 | work = [[Politico]] }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)