Computer Fraud and Abuse Act of 1984 (CFAA)
| Computer Fraud and Abuse Act | |
|---|---|
| CITATION | 18 USC § 1030 et seq. |
| ENACTED | Originally enacted 1984; amended in 1994 and 1996; Amended by USA PATRIOT Act in 2001. |
| SUMMARY | The CFAA outlaws conduct that victimizes computer systems. It protects federal computers, bank computers, and computers connected to the Internet. It shields them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. The CFAA is not a comprehensive provision but instead it fills cracks and gaps in the protection afforded by other federal criminal laws. |
| DATA COVERED | Seven provisions of the CFAA cover various kinds of criminal activities, which are listed below in “Penalties”. The law protects “national security information,” information that could injure the U.S. or benefit a foreign nation. |
| INDUSTRY | The law protects a “protected computer” which is a computer used by the federal government or financial institution in interstate or foreign commerce. The USA PATRIOT Act amended the definition of “Protected Computer” to include computers outside of the United States as long as those computers affect “interstate or foreign commerce or communications of the United States.” |
| PENALTIES |
Congress did this by making it a felony to access classified information in a computer without authorization, and a misdemeanor to access financial records or credit histories stored in a financial institution or to trespass into a government computer. The CFAA covers the following criminal activities:
|
