Computer Fraud and Abuse Act - AbsoluteAstronomy.com

The Computer Fraud and Abuse Act is a law passed by the United States Congress

United States Congress

The United States Congress is the bicameral legislature of the federal government of the United States, consisting of the Senate and the House of Representatives. The Congress meets in the United States Capitol in Washington, D.C....

in 1986, intended to reduce cracking of computer systems and to address federal computer-related offenses. The Act (codified as ) governs cases with a compelling federal interest, where computers of the federal government or certain financial institutions are involved, where the crime itself is interstate in nature, or where computers are used in interstate and foreign commerce.

It was amended in 1988, 1994, 1996, in 2001 by the USA PATRIOT Act

USA PATRIOT Act

The USA PATRIOT Act is an Act of the U.S. Congress that was signed into law by President George W. Bush on October 26, 2001...

, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act. Subsection (b) of the act punishes anyone who not just commits or attempts to commit an offense under the Act, but also those who conspire to do so.

Protected computers

Main article: Protected computer
Protected Computer
Protected computers is a term used in Title 18, Section 1030 of the United States Code, which prohibits a number of different kinds of conduct, generally involving unauthorized access to, or damage to the data stored on, "protected computers"...

The CFAA defines “protected computers” under to mean a computer:

exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

Criminal offenses under the Act

Knowingly accessing a computer without authorization in order to obtain national security data
Intentionally accessing a computer without authorization to obtain:
- Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer.
- Information from any department or agency of the United States
- Information from any protected computer if the conduct involves an interstate or foreign communication
Intentionally accessing without authorization a government computer and affecting the use of the government's operation of the computer.
Knowingly accessing a protected computer with the intent to defraud and there by obtaining anything of value.
Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in:
- Loss to one or more persons during any one-year period aggregating at least $5,000 in value.
- The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals.
- Physical injury to any person.
- A threat to public health or safety.
- Damage affecting a government computer system
Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization.

A detailed account of the various sections of 18 USC 1030 was written by Charles Doyle of the Congressional Research Service

Congressional Research Service

The Congressional Research Service , known as "Congress's think tank", is the public policy research arm of the United States Congress. As a legislative branch agency within the Library of Congress, CRS works exclusively and directly for Members of Congress, their Committees and staff on a...

, and is available at the Federation of American Scientists

Federation of American Scientists

The Federation of American Scientists is a nonpartisan, 501 organization intent on using science and scientific analysis to attempt make the world more secure. FAS was founded in 1945 by scientists who worked on the Manhattan Project to develop the first atomic bombs...

website, below, under 'External Links'.

Specific sections

Computer Espionage: Computer tresspassing, and taking government, financial, or commerce info: Computer tresspassing in a government computer: Committing fraud with a protected computer

Protected Computer

Protected computers is a term used in Title 18, Section 1030 of the United States Code, which prohibits a number of different kinds of conduct, generally involving unauthorized access to, or damage to the data stored on, "protected computers"...

: Damaging a protected computer

Protected Computer

(including viruses, worms): Trafficking in passwords of a government or commerce computer: Threatening to damage a protected computer

Protected Computer

: Conspiracy to violate (a): Penalties thru h: Miscellaney

Notable cases and decisions referring to the Act

United States v. Riggs
United States v. Riggs
In United States v. Riggs, the government of the United States prosecuted Robert Riggs and Craig Neidorf for obtaining unauthorized access to and subsequently disseminating a file held on BellSouth's computers. The file, referred to as the E911 file, gave information regarding BellSouth's products...

, the famous case against people associated with Phrack
Phrack
Phrack is an ezine written by and for hackers first published November 17, 1985. Described by Fyodor as "the best, and by far the longest running hacker zine," the magazine is open for contributions by anyone who desires to publish remarkable works or express original ideas on the topics of interest...

magazine for taking the E911 document, as described in Bruce Sterling
Bruce Sterling
Michael Bruce Sterling is an American science fiction author, best known for his novels and his work on the Mirrorshades anthology, which helped define the cyberpunk genre.-Writings:...

's "Hacker Crackdown of 1990". The government dropped the case after it was revealed that the document was for sale from AT&T for $13. The E911 document was related to the founding of the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...

.

United States v. Morris
United States v. Morris
United States v. Morris was an appeal of the conviction of Robert Tappan Morris for creating and releasing the Morris worm, one of the first Internet-based worms. This case resulted in the first conviction under the Computer Fraud and Abuse Act...

, 928 F.2d 504, decided March 7, 1991. After the release of the Morris worm, an early computer worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...

, its creator was convicted under the Act for causing damage and gaining unauthorized access to federal interest computers. This case in part led to the 1996 amendment of the act, which clarified the language that was argued during the case.

Theofel v. Farey Jones, 2003 U.S. App. Lexis 17963, decided August 28, 2003 (U.S. Court of Appeals for the Ninth Circuit). Using a civil subpoena which is "patently unlawful", "bad faith" and "at least gross negligence" to gain access to stored email is a breach of this act and the Stored Communications Act
Stored Communications Act
The Stored Communications Act is a law that was enacted by the United States Congress in 1986. It is not a stand-alone law but forms part of the Electronic Communications Privacy Act; it is codified as 18 U.S.C. §§ 2701 to 2712...

.

International Airports v Jacob Citrin, 2006, . Citrin deleted files
Data erasure
Data erasure is a software-based method of overwriting data that completely destroys all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and make data...

off his company computer before he quit, in order to hide his alleged bad behavior while an employee.

LVRC Holdings v. Brekka, 2009 1030(a)(2), 1030(a)(4). LVRC sued Brekka for allegedly taking information about clients and using it to start his own competing business.

Robbins v. Lower Merion School District (U.S. Eastern District of Pennsylvania), where plaintiffs charged two suburban Philadelphia high schools secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home, violating the Act. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.

United States v. Lori Drew
United States v. Lori Drew
United States v. Lori Drew was a criminal case in which Lori Drew was convicted and then subsequently acquitted of violations of the Computer Fraud and Abuse Act over the "cyber-bullying" of a 13 year old, Megan Meier...

, 2008. The 'cyberbullying' case involving the suicide of a girl harassed on myspace
Myspace
Myspace is a social networking service owned by Specific Media LLC and pop star Justin Timberlake. Myspace launched in August 2003 and is headquartered in Beverly Hills, California. In August 2011, Myspace had 33.1 million unique U.S. visitors....

. Charges were under 18 USC 1030(a)(2)(c) and (b)(2)(c). Judge Wu decided that using against someone violating a 'terms of service' agreement would make the law overly broad. 259 F.R.D. 449

People v. SCEA, 2010. Class action lawsuit against SCEA for removing OtherOS, the ability to install and run Linux (or other operating systems) on the PlayStation 3. Consumers were given the option to either keep OtherOS support or not. SCEA was allegedly in violation of this Act because if the consumers updated or not, they would still lose system functionality.

Sony Computer Entertainment America v. George Hotz
Sony Computer Entertainment America v. George Hotz
SCEA v. Hotz is a lawsuit in the United States by Sony Computer Entertainment of America against George Hotz and associates of the group fail0verflow for jailbreaking and reverse engineering the Playstation 3.-Timeline:...

and Hotz v. SCEA, 2011. SCEA sued 'Geohot' and others for jailbreaking the PlayStation 3 system. The lawsuit alleged, among other things, that Hotz violated ([by] taking info from any protected computer
Protected Computer
Protected computers is a term used in Title 18, Section 1030 of the United States Code, which prohibits a number of different kinds of conduct, generally involving unauthorized access to, or damage to the data stored on, "protected computers"...

). Hotz denied liability and contested the Court's exercise of personal jurisdiction over him. The parties settled out of court.

United States v. Nosal, 2011. Nosal and others allegedly accessed a protected computer
Protected Computer
Protected computers is a term used in Title 18, Section 1030 of the United States Code, which prohibits a number of different kinds of conduct, generally involving unauthorized access to, or damage to the data stored on, "protected computers"...

to take a database of contacts from his previous employer for use in his own business, violating 1030(a)(4)

United States v. Drake
Thomas Andrews Drake
Thomas Andrews Drake is a former senior official of the U.S. National Security Agency , decorated United States Air Force and United States Navy veteran, computer software expert, linguist, management and leadership specialist, and whistleblower. In 2010 the government alleged that he 'mishandled'...

, 2010. Drake was part of a whistle-blowing effort inside the NSA to expose waste, fraud, and abuse with the Trailblazer Project
Trailblazer Project
Trailblazer was a United States National Security Agency program intended to analyze data carried on communications networks like the internet. It was able to track communication methods such as cell phones and e-mail...

. He talked to a reporter about the project. He was originally charged with five Espionage Act counts for doing this. These charges were dropped just before his trial was to begin, and instead he pleaded guilty to one misdemeanor count of violating the CFAA, (a)(2), unauthorized access. One of his advisors, Jesselyn Radack
Jesselyn Radack
Jesselyn Radack is a former ethics adviser to the United States Department of Justice who came to prominence as a whistleblower after she disclosed that the Federal Bureau of Investigation committed an ethics violation in its interrogation of John Walker Lindh , without an attorney present, and...

of the Government Accountability Project
Government Accountability Project
The Government Accountability Project is a leading United States whistleblower protection organization. Through litigating of whistleblower cases, publicizing concerns and developing legal reforms, GAP’s mission is to protect the public interest by promoting government and corporate accountability...

, called his work an "act of civil disobedience
Civil disobedience
Civil disobedience is the active, professed refusal to obey certain laws, demands, and commands of a government, or of an occupying international power. Civil disobedience is commonly, though not always, defined as being nonviolent resistance. It is one form of civil resistance...

".

United States v. Bradley Manning
United States v. Bradley Manning
United States v. Bradley Manning is the court-martial case involving US Army Private First Class Bradley E. Manning, who is alleged to have delivered US government documents to those not entitled to receive them in 2009 and 2010. Media reports have alleged that the receiver was Julian Assange of...

, 2010-. Bradley Manning was a soldier who allegedly disclosed tens of thousands of documents to those 'not entitled to receive' them. Among the 34 counts against him, there are several under (a)(1) and (a)(2) of the CFAA, some specifically linked to files like the Reykjavic 13 State Department cable and a video of the July 12, 2007 Baghdad airstrike
July 12, 2007 Baghdad airstrike
The July 12, 2007 Baghdad airstrikes were a series of air-to-ground attacks conducted by a team of two United States Army AH-64 Apache helicopters in Al-Amin al-Thaniyah, in the district of New Baghdad in Baghdad, during the insurgency that followed the Iraq War.In the first strike "Crazyhorse 1/8"...

.

Grand Jury investigation in Cambridge, 2011. Unknown persons in Cambridge, Massachusetts, were ordered to attend Grand Jury hearings regarding charges under the CFAA, as well as the Espionage Act. Journalist Glenn Greenwald
Glenn Greenwald
Glenn Greenwald is an American lawyer, columnist, blogger, and author. Greenwald worked as a constitutional and civil rights litigator before becoming a contributor to Salon.com, where he focuses on political and legal topics...

has written these were likely related to Wikileaks
Wikileaks
WikiLeaks is an international self-described not-for-profit organisation that publishes submissions of private, secret, and classified media from anonymous news sources, news leaks, and whistleblowers. Its website, launched in 2006 under The Sunshine Press organisation, claimed a database of more...

.

United States v. Aaron Swartz, 2011. Aaron Swartz
Aaron Swartz
Aaron Swartz is an American programmer, writer, political organizer and Internet activist. He is best known in programming circles for co-authoring the RSS 1.0 specification...

allegedly entered an MIT wiring closet and set up a laptop to mass-download articles from JSTOR
JSTOR
JSTOR is an online system for archiving academic journals, founded in 1995. It provides its member institutions full-text searches of digitized back issues of several hundred well-known journals, dating back to 1665 in the case of the Philosophical Transactions of the Royal Society...

, which he later used in an academic study. He allegedly avoided various attempts by JSTOR and MIT to stop this, such as MAC address spoofing. The CFAA statutes against him were (a)(2), (a)(4), (c)(2)(B)(iii), (a)(5)(B), and (c)(4)(A)(i)(I),(VI).

United States v. Peter Alfred-Adekeye 2011. Adekeye allegedly violated (a)(2), when he allegedly downloaded CISCO
Cisco
Cisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...

iOS
Cisco IOS
Cisco IOS is the software used on the vast majority of Cisco Systems routers and current Cisco network switches...

, allegedly something that the CISCO employee who gave him an access password did not permit. Adekeye was CEO of Multiven
Multiven
Multiven, Inc. provides multi-vendor Internet Protocol network infrastructure technical support, maintenance and consulting services. to Large Enterprises, Internet Service Providers, Small, Medium Businesses, and Government agencies.- History :...

and had accused CISCO of anti-competitive practices.

Pulte Homes v. Laborer's International Union of North America et al. 2011. Pelte company fired a LIUNA employee, resulting in a labor dispute with LIUNA. LIUNA told its members to email and phone the company and tell it how they felt. This resulted in a CFAA charge because the company's email system got overloaded.

United States v Sergey Aleynikov
Sergey Aleynikov
Sergey Aleynikov is a former Goldman Sachs computer programmer. He was convicted of stealing computer code that Goldman Sachs used to perform proprietary trading...

, 2011. Aleynikov was a programmer at Goldman Sachs
Goldman Sachs
The Goldman Sachs Group, Inc. is an American multinational bulge bracket investment banking and securities firm that engages in global investment banking, securities, investment management, and other financial services primarily with institutional clients...

accused of copying code, like high-frequency trading
High-frequency trading
High-frequency trading is the use of sophisticated technological tools to trade securities like stocks or options, and is typically characterized by several distinguishing features:...

code, allegedly in violation of 1030(a)(2)(c) and 1030(c)(2)(B)i-iii and 2. This charge was later dropped, and he was instead charged with theft of trade secret
Trade secret
A trade secret is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known or reasonably ascertainable, by which a business can obtain an economic advantage over competitors or customers...

s and transporting stolen property.

United States v Nada Nadim Prouty
Nada Nadim Prouty
Nada Nadim Prouty, née Al-Aouar is a former American intelligence professional of Lebanese descent who worked in counter-terrorism with the FBI and CIA. She worked on high profile cases like the USS Cole bombing and was stationed in Baghdad during the Iraq War...

, circa 2010. Prouty was an FBI and CIA agent who was prosecuted for having a fraudulent marriage to get US residency. She claims she was persecuted by a US attorney who was trying to gain media coverage by calling her a terrorist agent and get himself promoted to a federal judgeship.

External links

, text of the law

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws, by Charles Doyle, CRS, 12 27 2010, (FAS.org)

The source of this article is wikipedia, the free encyclopedia. The text of this article is licensed under the GFDL.

Protected computers

Criminal offenses under the Act

Specific sections

Notable cases and decisions referring to the Act

See also

External links