Computer Fraud and Abuse Act (CFAA)
A federal criminal law (18 U.S.C. § 1030) that makes unlawful certain computer-related activities involving the unauthorized access of:
Any computer to obtain certain types of prohibited information.
A protected computer, defined by the statute to include a computer:
used by or for the federal government or a financial institution; or
used in interstate or foreign commerce or communication.
Specifically, the CFAA prohibits:
Knowingly accessing a computer without authorization to obtain national security or other government-restricted data.
Intentionally accessing a computer without authorization to obtain certain information from:
a financial institution or consumer reporting agency;
the federal government; or
a protected computer.
Intentionally accessing and affecting the use of a government computer.
Knowingly accessing a protected computer to defraud and obtain anything of value.
Causing damages specified in the statute by knowingly transmitting harmful items or intentionally accessing a protected computer.
Knowingly trafficking in computer passwords.
Extortion involving threats to damage a protected computer.
In certain circumstances, the CFAA permits an individual who suffers damages to bring a civil action for damages or injunctive relief against a violator.
For more information on the CFAA, see Practice Note, Website Hacking, Viruses and Attacks ( www.practicallaw.com/2-500-6656) .