Computer Fraud and Abuse Act The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1986 intended to reduce cracking of computer systems and to address federal computer-related offenses. The Computer Fraud and Abuse Act (codified as 18 U. S. C. § 1030 governs cases with a compelling federal interest, where computers of the federal government or certain financial institutions are involved, where the crime itself is interstate in nature, or computers used in interstate and foreign commerce.
It was amended in 1988, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act. Subsection (b) of the act punishes anyone who not just commits or attempts to commit an offense under the Computer Fraud and Abuse Act but also those who conspire to do so. The CFAA has specifically defined “protected computers” under 18 U. S. C. 1030(e)(2) to mean a computer: •exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or •which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; Criminal Offenses Under The Computer Fraud and Abuse Act 1. Knowingly accessing a computer without authorization in order to obtain national security data 2. Intentionally accessing a computer without authorization to obtain: oInformation contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer. Information from any department or agency of the United States oInformation from any protected computer if the conduct involves an interstate or foreign communication 3. Intentionally accessing without authorization a government computer and affecting the use of the government’s operation of the computer. 4. Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value. 5. Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in: oLoss to one or more persons during any one-year period aggregating at least $5,000 in value. The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals. oPhysical injury to any person. oA threat to public health or safety. oDamage affecting a government computer system 6. Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization. Decisions referring to this act •Theofel v. Farey Jones, 2003 U. S. App. Lexis 17963, decided August 28, 2003 (U. S. Court of Appeals for the Ninth Circuit). Using a civil subpoena which is “patently unlawful”, “bad faith” and “at least gross negligence” to gain access to stored email is a breach of this act and the Stored Communications Act.