July 1, 2013
Enacted by Congress in 1986, the Computer Fraud and Abuse Act (CFAA) builds upon existing computer fraud law (18 U.S.C. § 1030). Initially, the CFAA was intended to limit federal jurisdiction to cases “with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.” Notably, the CFAA criminalized certain computer-related acts such as distribution of malicious software code, propagating denial of service attacks as well as trafficking in passwords and similar items. Recently, the CFAA has gained prominence as a bludgeon used to prosecute a wide-range of activities, some broadly labelled “hacking” and other stretching the boundaries of “unauthorized” computer access.
Two recently introduced bills, one by Representative Zoe Lofgren (D-CA) in the House and one by Senator Ron Wyden (D-OR) in the Senate aim to amend the CFAA in hopes of ameliorating application of the CFAA to claims of breach of terms of service, employment agreements. Additionally, with the nickname “Aaron’s Law,” they also seek to limit what some see as the CFAA’s tendency to allow for overzealous prosecution that they claim characterized Aaron Swartz’s case.
In short the bills would amend the meaning of “exceeds authorized access,” changing it to “access without authorization,” which is defined to mean:
“to obtain information on a protected computer”;
“that the accesser lacks authorization to obtain”; and
“by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.”
For a well-documented discussion of the application and boundaries of the CFAA, check out the Electronic Frontier Foundations Legal Treatise on civil and criminal cases involving the Computer Fraud and Abuse Act here.
As businesses become ever more dependent on digital assets and systems, a working knowledge of the legal and regulatory framework that defines and protects those assets is paramount.
If you or your executive teams has questions about securing and protecting digital assets, please feel free to contact David M. Adler for a free consultation. LSGA advises a wide range of businesses on creating, protecting and leveraging digital assets as well as computer, data and information security and privacy.
Please tweet, comment on, and forward is article!
David M. Adler | Leavens, Strand, Glover & Adler, LLC
203 North LaSalle Street, Suite 2550
Chicago, Illinois 60601
Direct: (866) 734-2568
Direct Fax: (312) 275-7534
*2012 Illinois Super Lawyer http://bit.ly/gFfpAt