Is the Computer Fraud and Abuse Act Ripe for Reform?

A recent ruling raises questions regarding the Computer Fraud and Abuse Act (CFAA) and whether it needs to be reformed. The particular case, United States v. Nosal, upheld some of the charges against a man who used another individual’s password to access his former employer’s client database.

What is the Computer Fraud and Abuse Act (CFAA)?

The Computer Fraud and Abuse Act (CFAA) is a federal anti-hacking law passed in 1986 . It has been regularly criticized for overbroad definitions of crimes, harsh penalties, and the risk it poses to legitimate security research. As the Electronic Frontier Foundation has noted, “creative prosecutors have taken advantage of this confusion to bring criminal charges that aren’t really about hacking a computer, but instead target other behavior prosecutors dislike.

For Reason’s Scott Shackford, the United States v. Nosal ruling highlights why the CFAA needs reform.

Recent media attention towards the fact that the CFAA makes it a federal crime to access a computer system without authorization is a good thing. However, according to Shackford, the CFAA’s exact wording, which criminalizes any “unauthorized access” to a computer system or database as fraud, has been in place since 1986.

Furthermore, the CFAA’s original purpose was to criminalize hacking into an account, not the voluntary exchange of a password to another person.

This overly broad interpretation of the law has prompted the ACLU to file a law suit against provisions in the statute that could be used to punish journalists and researchers trying to conduct normal and acceptable investigation techniques.

Concerns surrounding broad use of the CFAA, to prosecute individuals, like those Shackford highlights, relate to the growing issue of overcriminalization in the United States.

More Blog Posts

04-01-2021 07:38am

Order and chaos: Embracing an emergent order mindset

We are surrounded by order that occurs without design or control on all sides. Yet we rarely think about this order.

Read more

03-24-2021 08:16am

Supporting the emerging generation of tech leaders

An employer and associate perspective from the Emerging Tech Policy Leaders Program, which received 90 applications for its first cohort.

Read more

03-18-2021 08:42am

Where should K-12 go next?

We ask two of our partners in K-12 education to tell us what they’ve learned in the last year, and what they think should happen next.   

Read more

Sign up for updates