The current version of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030 et. seq., contains seven, wide ranging substantive criminal offenses.  It also includes conspiracy and attempt to commit those seven offenses.  However, due to issues of federalism,  the CFAA was originally tailored by Congress to specifically criminalize conduct involving federal government and financial institution computers.   But as computers and technology advanced (and use became more widespread), Congress systematically expanded the scope and breadth of the CFAA to (1) include any computer “which is used in or affecting interstate or foreign commerce or communication” and criminalize conduct not previously anticipated in 1984.  See Sec. 1030(e)(2)(B).  For example, in practice, the interstate commerce requirement is satisfied when the subject computer is connected to the internet, even if the computer offense itself does not actually utilize the internet.

The expansion of this area of criminal law is evident in its legislative history.  Since the enactment of the CFAA in 1984, Congress has updated and expanded the CFAA (and its predecessor statute) at least 10 times to criminalize conduct as technology evolved.

The CFAA currently criminalized the following conduct:

(1) Knowingly accessing a computer without authorization and willfully communicating, delivering, or transmitting information related to the national defense or foreign relations to a person not entitled to receive it that could injure the United States or advantage a foreign nation;

(2) Intentionally accessing a computer without authorization that contains information from a financial institution or department or agency of the United States, or information from any computer connected to the internet and used in interstate commerce;

(3) Intentionally accessing any nonpublic, government computer without authorization;

(4) Knowingly accessing a government or financial institution computer or a computer connected to the internet and used in interstate commerce with the intent to defraud;

(5) Intentionally, recklessly, or negligently causing damage to (hacking) a government or financial institution computer or a computer connected to the internet and used in interstate commerce;

(6) Knowingly and intentionally trafficking in passwords or other similar information; and

(7) Intentionally extorting from any person any money or other thing of value by transmitting in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer, to impair the confidentiality of information obtained from a protected computer, or other extortionate acts.

In the next segment of “Federal Computer Crimes: 18 U.S.C. 1030 et. seq.” we will compare and highlight the differences between Sec. 1030(a)(1) (Obtaining National Security Information) and the Espionage Act.

This post is authored by Ferrari & Associates, P.C., a law firm specializing in federal criminal defense matters. Feel free to contact us at (202) 280-6370 or info@ferrariassociatespc.com.