https://icannwiki.org/index.php?title=Computer_Fraud_and_Abuse_Act&feed=atom&action=historyComputer Fraud and Abuse Act - Revision history2024-03-28T18:22:20ZRevision history for this page on the wikiMediaWiki 1.35.2https://icannwiki.org/index.php?title=Computer_Fraud_and_Abuse_Act&diff=110820&oldid=prevDustin Loup: Created page with "The '''Computer Fraud and Abuse Act''' or '''CFAA''' was originally enacted in 1984.<ref name="fed">http://www.sans.org/reading-room/whitepapers/legal/federal-computer-crime-l..."2016-01-21T20:18:17Z<p>Created page with "The '''Computer Fraud and Abuse Act''' or '''CFAA''' was originally enacted in 1984.<ref name="fed">http://www.sans.org/reading-room/whitepapers/legal/federal-computer-crime-l..."</p>
<p><b>New page</b></p><div>The '''Computer Fraud and Abuse Act''' or '''CFAA''' was originally enacted in 1984.<ref name="fed">http://www.sans.org/reading-room/whitepapers/legal/federal-computer-crime-laws-1446 by Maxim May, (June 1, 2004), Sans Institute</ref><ref name="wiki">http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act Wikipedia</ref> The act addressed "protected" computers, such as government computers or computers that had access to foreign commerce or communication information from unauthorized access.<ref name="practical">http://us.practicallaw.com/2-508-3428 Practical Law Company</ref><ref name="wiki"/> The act also protects the computers of financial institutions from attacks.<ref name="cornell">http://www.law.cornell.edu/uscode/text/18/1030 US Code Title 18, Legal Information Institute--Cornell University Law School</ref> The CFAA's practical use, however, has expanded in scope to include attacks and unauthorized access to private computers in addition to government computers.<ref name="Forbes">http://www.forbes.com/sites/billsinger/2012/09/06/botnet-bandit-sentenced-in-federal-malware-case/ by Bill Singer (September 6, 2012), Forbes</ref><ref name="wiki"/><br />
<br />
==Historical Use==<br />
The CFAA has been amended multiple times since it was enacted in 1984.<ref name="pbs">http://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/crimelaws.html</ref><ref name="it">http://itlaw.wikia.com/wiki/Computer_Fraud_and_Abuse_Act_of_1986</ref> In its original version, it was only used in one case.<ref name="pbs"></ref> However, revisions expanded its scope to include transmitting viruses, damaging computers or files, exceeding one's authorization, and attempting to cause financial harm.<ref name="it"></ref> The first person to be prosecuted under the 1986 CFAA was Robert Morris for releasing a [[Malware|worm]] that damaged and threatened protected computers.<ref name="pbs"></ref><ref name="hack">http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html#morrisworm</ref> Despite his claims that he did not want to damage other computer networks or realize how quickly the worm would spread, Morris was fined and sentenced to community service.<ref name="hack"></ref><br />
<br />
==Elements==<br />
*This act was aimed at securing government computers from attacks such as [[Botnet Attacks|botnets attacks]], attacks caused by [[Malware|malware]], and data theft enabled by hacking, which can be prosecuted using the CFAA.<ref name="practical"/><br />
*The CFAA makes it illegal to use "malicious code" to damage protected computers, although it does not address creating malicious code.<ref name="wiki"/><br />
*Under this law, it is also illegal to "knowingly traffic in computer passwords" or to commit extortion by threatening or attacking a protected computer.<ref name="practical"/><br />
*Additionally, civil lawsuits can take place and damages can be awarded.<ref name="practical"/><ref name="cornell"/><br />
*Additions to the CFAA in 2008 made "conspiracy" to commit computer crimes punishable as well.<ref name="wiki"/><br />
*Penalties under the CFAA include fines and imprisonment depending on the severity of the offense.<ref name="cornell"/><br />
<br />
==Calls for Reform==<br />
*Despite periodic reforms, some feel that the CFAA needs major renovation in order to remain relevant and just.<ref name="nyt">http://www.nytimes.com/2013/01/13/technology/aaron-swartz-internet-activist-dies-at-26.html?_r=0 The New York Times</ref><ref name="law">https://www.eff.org/deeplinks/2013/06/aarons-law-introduced-now-time-reform-cfaa By Mark Jaycox and Kurt Opsahl and Trevor Timm (June 20, 2013), Electronic Frontier Foundation</ref> <br />
*Aaron's Law, a proposed bill that would change the CFAA, was introduced in the Senate in June of 2013 where it was then referred to a committee.<ref>https://www.govtrack.us/congress/bills/113/hr2454 GovTrack.us</ref><br />
**This bill named for Aaron Swartz, who committed suicide while facing charges for violations of the CFAA. <ref name="nyt"/> These charges arose after Swartz apparently accessed MIT's network without authorization and downloaded articles from the private database JSTOR.<ref name="nyt"/> According to a New York Times article, for downloading approximately 4.8 million articles, he was possibly facing "up to 35 years in prison and $1 million in fines."<ref name="nyt"/><br />
*Another concern voiced about the CFAA involves the act's incredibly broad scope and general application.<ref name="minn">http://www.minnesotalawreview.org/wp-content/uploads/2012/03/Kerr_MLR.pdf Vagueness Challenges to the Computer<br />
Fraud and Abuse Act by Orin Kerr, Minnesota Law Review</ref> In fact, employers have tried to use the undefined phrase "unauthorized access" to prosecute employees who use their computers without explicit permission.<ref name="minn"/> People have also attempted to use the CFAA to prosecute those who violate the terms and conditions of specific websites or services.<ref name="minn"/><ref name="wiki"/> Some argue that the current scope of the CFAA may leave it open to possibly abusive or even unconstitutional interpretations.<ref name="minn"/><br />
<br />
==Additional Resources==<br />
*In addition to federal law, many states also have [http://www.irongeek.com/i.php?page=computerlaws/state-hacking-laws anti-computer hacking legislation].<br />
*Read [http://www.law.cornell.edu/uscode/text/18/1030 the CFAA]<br />
*Learn more about [https://www.eff.org/deeplinks/2013/06/aarons-law-introduced-now-time-reform-cfaa Aaron's Law] and the [https://www.govtrack.us/congress/bills/113/hr2454 bill's progress].<br />
<br />
==Related Articles==<br />
*[[Malware]]<br />
*[[Botnet Attacks]]<br />
*[[DoS Attacks]]<br />
*[[DDoS Attacks]]<br />
*[[Wire Fraud Statute]]<br />
<br />
==References==<br />
<references/><br />
<br />
[[Category: U.S. Legislation]]</div>Dustin Loup