Computer Fraud and Abuse Act (CFAA)

A federal criminal law (18 U.S.C. § 1030) that makes unlawful certain computer-related activities involving the unauthorized access of:

  • Any computer to obtain certain types of prohibited information.

  • A protected computer, defined by the statute to include a computer:

    • used by or for the federal government or a financial institution; or

    • used in interstate or foreign commerce or communication.

Specifically, the CFAA prohibits:

  • Knowingly accessing a computer without authorization to obtain national security or other government-restricted data.

  • Intentionally accessing a computer without authorization to obtain certain information from:

    • a financial institution or consumer reporting agency;

    • the federal government; or

    • a protected computer.

  • Intentionally accessing and affecting the use of a government computer.

  • Knowingly accessing a protected computer to defraud and obtain anything of value.

  • Causing damages specified in the statute by knowingly transmitting harmful items or intentionally accessing a protected computer.

  • Knowingly trafficking in computer passwords.

  • Extortion involving threats to damage a protected computer.

In certain circumstances, the CFAA permits an individual who suffers damages to bring a civil action for damages or injunctive relief against a violator.

For more information on the CFAA, see Practice Note, Website Hacking, Viruses and Attacks (www.practicallaw.com/2-500-6656).

{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1247528781576", "objName" : "Computer Fraud and Abuse Act (CFAA)", "userID" : "2", "objUrl" : "http://us.practicallaw.com/cs/Satellite/us/2-508-3428/001?null", "pageType" : "", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "2-5f2b0854:1477b4621ff:df1", "analyticsSessionCookie" : "2-5f2b0854:1477b4621ff:df2", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }