Computer Fraud and Abuse Act (CFAA) | Practical Law

Computer Fraud and Abuse Act (CFAA) | Practical Law

Computer Fraud and Abuse Act (CFAA)

Computer Fraud and Abuse Act (CFAA)

Practical Law Glossary Item 2-508-3428 (Approx. 3 pages)

Glossary

Computer Fraud and Abuse Act (CFAA)

A US federal criminal law (18 U.S.C. § 1030) that makes unlawful certain computer-related activities involving the unauthorized access of:
  • Any computer to obtain certain types of prohibited information.
  • A protected computer, defined by the statute to include a computer used:
    • by or for the federal government or a financial institution; or
    • in interstate or foreign commerce or communication.
Specifically, the CFAA prohibits:
  • Knowingly accessing a computer without authorization to obtain national security or other government-restricted data.
  • Intentionally accessing a computer without authorization to obtain certain information from:
    • a financial institution or consumer reporting agency;
    • the federal government; or
    • a protected computer.
  • Intentionally accessing and affecting the use of a government computer.
  • Knowingly accessing a protected computer to defraud and obtain anything of value.
  • Causing damages specified in the statute by knowingly transmitting harmful items or intentionally accessing a protected computer.
  • Knowingly trafficking in computer passwords.
  • Extortion involving threats to damage a protected computer.
In certain circumstances, the CFAA permits an individual who suffers damages to bring a civil action for damages or injunctive relief against a violator.
For more information on the CFAA, see Practice Notes, Key Issues in Computer Fraud and Abuse Act (CFAA) Civil Litigation and US Privacy Litigation: Overview.