Major changes are in the works for the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030. In the past ten years, the CFAA has moved from obscurity into the limelight as Congressional amendments drastically increased its scope. The watershed began in late 2001, when Congress, as part of the USA Patriot Act, adopted a definition of “loss” in the CFAA that made it easier for private litigants to meet the $5,000 threshold for damage or loss. In 2007, Congress expanded a crucial liability provision to criminalize “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] . . . information.” 18 U.S.C. § 1030(a)(2) (C). This section imposes liability on anyone who accesses a computer without authorization or who exceeds authorization, even if the person commits no further wrongdoing. Since 2002, complaints alleging a cause of action under the CFAA have increased nearly 600% percent.
2011 brought several potential developments in CFAA jurisprudence. First, the Ninth Circuit decided and then recanted United States v. Nosal, a case effectively resolving a raging circuit split on the meaning of “authorization.” Second, Congress is considering an amendment to the CFAA that would eliminate liability under the CFAA that is predicated solely on the violation of a computer use policy or website terms of use.
Please see full article below for further information.
Please see full publication below for more information.