Computer Fraud and Abuse Act

From Wikipedia, the free encyclopedia

The Computer Fraud and Abuse Act[see note] is a law passed by the United States Congress in 1986 intended to reduce "hacking" of computer systems. It was amended in 1994, 1996 and in 2001 by the USA PATRIOT Act. ([note](Copyright 2001 4th Edition, Computer Confluence: Prentice Hall Books, written by George Beekman. This of Pearson Education. This of the Computer Fraud and Abuse Act of 1984, in the above mentioned educational book; Part4, Chapter 11, page 307, Paragraph 6.)

The USA PATRIOT Act increased the scope and penalties of this act by:

1. raising the maximum penalty for violations to 10 years (from 5) for a first offense and 20 years (from 10) for a second offense;
2. ensuring that violators only need to intend to cause damage generally, not intend to cause damage or other specified harm over the $5,000 statutory damage threshold;
3. allowing aggregation of damages to different computers over a year to reach the $5,000 threshold;
4. enhancing punishment for violations involving any (not just $5,000) damage to a government computer involved in criminal justice or the military;
5. including damage to foreign computers involved in US interstate commerce;
6. including state law offenses as priors for sentencing; and
7. expanding the definition of loss to expressly include time spent investigating and responding (this is why it is important for damage assessment and for restoration)

Contents 1 Criminal Offenses Under The Computer Fraud and Abuse Act 2 Decisions referring to this act 3 See also 4 External links

[edit] Criminal Offenses Under The Computer Fraud and Abuse Act

1. Knowingly accessing a computer without authorization in order to obtain national security data
2. Intentionally accessing a computer without authorization to obtain:
   • Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer.
   • Information from any department or agency of the United States
   • Information from any protected computer if the conduct involves an interstate or foreign communication
3. Intentionally accessing without authorization a government computer and affecting the use of the government's operation of the computer.
4. Knowingly accessing a computer with the intent to defraud and there by obtaining anything of value.
5. Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in:
   • Loss to one or more persons during any one-year period aggregating at least $5,000 in value.
   • The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals.
   • Physical injury to any person.
   • A threat to public health or safety.
   • Damage affecting a government computer system
6. Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization.

[edit] Decisions referring to this act

• [1] Theofel v. Farey Jones, 2003 U.S. App. Lexis 17963, decided August 28, 2003 (U.S. Court of Appeals for the Ninth Circuit). Using a civil subpoena which is “patently unlawful”, “bad faith” and “at least gross negligence” to gain access to stored email is a breach of this act and the Stored Communications Act.

[edit] See also

• Information technology audit
• Computer security audit
• Computer fraud case studies
• Electronic Communications Privacy Act
• The Hacker Crackdown (discussing the application of this law in the infamous hacker crackdown of the late 1980s and early 1990s)

[edit] External links

• 18 U.S.C. § 1030, Text of the law