Computer Fraud and Abuse Act
From Wikipedia, the free encyclopedia
The Computer Fraud and Abuse Act[see note] is a law passed by the United States Congress in 1986 intended to reduce "hacking" of computer systems. It was amended in 1994, 1996 and in 2001 by the USA PATRIOT Act. ([note](Copyright 2001 4th Edition, Computer Confluence: Prentice Hall Books, written by George Beekman. This of Pearson Education. This of the Computer Fraud and Abuse Act of 1984, in the above mentioned educational book; Part4, Chapter 11, page 307, Paragraph 6.)
The USA PATRIOT Act increased the scope and penalties of this act by:
- raising the maximum penalty for violations to 10 years (from 5) for a first offense and 20 years (from 10) for a second offense;
- ensuring that violators only need to intend to cause damage generally, not intend to cause damage or other specified harm over the $5,000 statutory damage threshold;
- allowing aggregation of damages to different computers over a year to reach the $5,000 threshold;
- enhancing punishment for violations involving any (not just $5,000) damage to a government computer involved in criminal justice or the military;
- including damage to foreign computers involved in US interstate commerce;
- including state law offenses as priors for sentencing; and
- expanding the definition of loss to expressly include time spent investigating and responding (this is why it is important for damage assessment and for restoration)
Contents |
[edit] Criminal Offenses Under The Computer Fraud and Abuse Act
- Knowingly accessing a computer without authorization in order to obtain national security data
- Intentionally accessing a computer without authorization to obtain:
- Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer.
- Information from any department or agency of the United States
- Information from any protected computer if the conduct involves an interstate or foreign communication
- Intentionally accessing without authorization a government computer and affecting the use of the government's operation of the computer.
- Knowingly accessing a computer with the intent to defraud and there by obtaining anything of value.
- Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in:
- Loss to one or more persons during any one-year period aggregating at least $5,000 in value.
- The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals.
- Physical injury to any person.
- A threat to public health or safety.
- Damage affecting a government computer system
- Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization.
[edit] Decisions referring to this act
- [1] Theofel v. Farey Jones, 2003 U.S. App. Lexis 17963, decided August 28, 2003 (U.S. Court of Appeals for the Ninth Circuit). Using a civil subpoena which is “patently unlawful”, “bad faith” and “at least gross negligence” to gain access to stored email is a breach of this act and the Stored Communications Act.
[edit] See also
- Information technology audit
- Computer security audit
- Computer fraud case studies
- Electronic Communications Privacy Act
- The Hacker Crackdown (discussing the application of this law in the infamous hacker crackdown of the late 1980s and early 1990s)
[edit] External links
- , Text of the law