Computer Fraud and Abuse Act (CFAA)

A federal criminal law (18 U.S.C. § 1030) that makes unlawful certain computer-related activities involving the unauthorized access of:

  • Any computer to obtain certain types of prohibited information.

  • A protected computer, defined by the statute to include a computer used:

    • by or for the federal government or a financial institution; or

    • in interstate or foreign commerce or communication.

Specifically, the CFAA prohibits:

  • Knowingly accessing a computer without authorization to obtain national security or other government-restricted data.

  • Intentionally accessing a computer without authorization to obtain certain information from:

    • a financial institution or consumer reporting agency;

    • the federal government; or

    • a protected computer.

  • Intentionally accessing and affecting the use of a government computer.

  • Knowingly accessing a protected computer to defraud and obtain anything of value.

  • Causing damages specified in the statute by knowingly transmitting harmful items or intentionally accessing a protected computer.

  • Knowingly trafficking in computer passwords.

  • Extortion involving threats to damage a protected computer.

In certain circumstances, the CFAA permits an individual who suffers damages to bring a civil action for damages or injunctive relief against a violator.

For more information on the CFAA, see Practice Note, Website Hacking, Viruses and Attacks ( .

{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1247528781576", "objName" : "ACT_OWNED - READ_ONLY - 2-508-3428", "userID" : "2", "objUrl" : "", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "22e97be00:15b096ce1ad:-36b9", "analyticsSessionCookie" : "22e97be00:15b096ce1ad:-36b8", "statisticSensorPath" : "" }