THE COMPUTER FRAUD AND ABUSE ACT: HACKING INTO THE AUTHORIZATION DEBATE

The Computer Fraud and Abuse Act (CFAA) makes it a federal crime for a person to intentionally access a computer without authorization or to exceed authorized access and thereby obtain information from any protected computer. The CFAA also provides civil remedies against individuals who violate the...

Full description

Saved in:
Bibliographic Details
Published in:Jurimetrics (Chicago, Ill.) Ill.), 2013-06, Vol.53 (4), p.447-466
Main Author: Anderson, Alden
Format: Article
Language:English
Subjects:
Comment
Computer crimes
Computer hacking
Computer law
Computers
Criminals
Cybercrime
Cybercrimes
Cybersecurity
Employee crimes
Employees
Federal court decisions
Federal courts
Federal jurisdiction
International relations
Internet fraud
Jurisdiction
Laws, regulations and rules
Litigation
Misappropriation
Personal computers
Provisions
Statutory law
Supreme Court decisions
Trade secrets
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Computer Fraud and Abuse Act (CFAA) makes it a federal crime for a person to intentionally access a computer without authorization or to exceed authorized access and thereby obtain information from any protected computer. The CFAA also provides civil remedies against individuals who violate the Act. While the Act broadly defines what constitutes exceeding authorized access, it does not define authorization. Although the CFAA was originally passed to criminalize computer hacking, employers have recently used the CFAA's vague language to contend that employees who misuse employer information violate the Act. This has created a split among the Circuit Courts over whether an employee who misuses employer information pursuant to authorized physical computer access "accesses a computer without authorization" or "exceeds authorized access" and can thus be prosecuted or held liable for civil damages under the Act. This article examines those competing interpretations and argues that permitting employers to bring misappropriation claims under the Act is inconsistent with the CFAA's legislative history and basic propositions of federalism. Specifically, allegations that an employee misused an employer's information are often based on trade secret violation claims and claims that the employee breached his employment contract or duty of loyalty. These are state claims and an employer should not be permitted to use the CFAA's ambiguous language to pursue them in federal court under a substantially lower burden of proof than state and federal statutes that address these specific claims. This article proposes that Congress should amend the CFAA so courts know it creates criminal and civil liability for unauthorized computer access that is the result of employee computer hacking and not simply for using information in a way that is contrary to the employer's interests. Alternatively, the judiciary should not permit employers to use the CFAA to bring these claims into federal court.
ISSN:0897-1277
2154-4344