CFAA

Subscribe to CFAA

The Supreme Court’s recent decision in Van Buren v. United States, — S. Ct. —-, 2021 WL 2229206 (2021) resolved a longstanding Circuit split regarding the scope of liability under the Computer Fraud and Abuse Act of 1986 (CFAA), 18 U.S.C. § 1030 et seq. As we previewed last year, Van Buren addressed whether a person “exceeds authorized access” within the meaning of the CFAA when accessing information on a computer for an improper purpose. In an Opinion authored by Justice Barrett, the Supreme Court ruled, 6-3, that the CFAA does not cover those who have improper motives for obtaining computerized information they are otherwise authorized to access.  
Continue Reading Supreme Court Narrows The Scope of Liability Under The Computer Fraud and Abuse Act

A brazen and sophisticated computer intrusion into the records of over 145 million Americans launched from computer hackers based in China led to recent criminal prosecutions under the Computer Fraud and Abuse Act. [1] Courts are willing to extend American law beyond U.S. boundaries often when criminal misconduct takes place overseas that injures Americans. The Constitution grants Congress broad powers to enact laws with extraterritorial scope.[2] The Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”),  is one such statute that provides criminal and civil remedies resulting from unauthorized access to computers used in interstate commerce or communications.[3]  And, it further provides for extraterritorial jurisdiction for criminal or civil violations of the CFAA. Increasingly, U.S.-based companies have become victims of significant computer misconduct launched from overseas.[4]  And, with the increased widespread use of social media platforms during the Covid-19 pandemic, computer mischief in an effort to gain confidential business information is on the rise.[5]

Continue Reading Extraterritorial Application of the Computer Fraud and Abuse Act

For the first time, the Supreme Court has agreed to review the Computer Fraud and Abuse Act (CFAA). The Court’s initial review of the CFAA comes in the wake of a federal circuit split as to whether the statute can only be deployed against hackers and unauthorized users of electronic systems, or also against authorized users who use the information for unauthorized purposes. The Court’s decision may significantly affect not only how law enforcement uses the CFAA, but also whether civil litigants, such as employers, may use the CFAA to defend against unauthorized employee activities.
Continue Reading U.S. Supreme Court Case Preview—Van Buren v. United States: Does Use of a Computer for an “Improper Purpose” Violate the Computer Fraud and Abuse Act?