The Computer Fraud and Abuse Act (CFAA) was enacted in 1986 – not long after the terms “hacker” and “hacking” entered the national consciousness.
Since then, it’s been amended – and broadened – quite a bit. Unfortunately, this has left a gray area open that federal prosecutors have been known to exploit.
What’s the problem with the CFAA?
In theory, the law is designed to stop a variety of malicious actions by bad actors – all of whom access computers from a distance without authorization. It’s meant to stop things like:
- Hijacking a hospital’s data and patient records for ransom
- Breaking into a company’s computer to steal their intellectual property
- Breaking into a consumer database to steal Social Security Numbers
- Spreading viruses and malware that will destroy infected computers
- Breaking into the Pentagon’s computer to steal national security information
However, the law is overbroad in its wording. It penalizes any “unauthorized access” to any computer for virtually any reason – and it isn’t entirely clear about what “unauthorized” means in the first place.
This has had tragic real-world consequences for many. One of the most notable incidents was the suicide of activist Aaron Swartz in 2013 after he was charged with 13 felony counts of hacking after he downloaded millions of documents from an online library that stores scholarly works and articles from literary journals – information that’s readily available with a Google search.
Many critics feel that Swartz was unfairly targeted by federal authorities because of who he was, not what he did – since the articles had no practical value to Swartz and he did no harm in downloading them. In any case, it shows just how easy someone who is internet savvy can make a critical mistake that puts them in prison.
The digital age has brought some rapid changes in the way people work, play, communicate – and get into trouble. While the law often lags behind technological changes, this is one area where the law may be set up to penalize people unfairly. If you’ve been charged with a violation of the Computer Fraud and Abuse Act, seek legal guidance about your defense options right away.
