Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act of 1984 (CFAA) was intended to reduce cracking of computer systems and to address federal computer-related offenses. The Act was approved by the U.S. Congress, signed by the President and is now codified as 18 U.S.C. § 1030. It governs cases that implicate a compelling federal interest, where U.S. government computers, or those of certain financial institutions are involved, where the crime itself is interstate in nature, or where computers are used in interstate and foreign commerce.
The Act has been amended a number of times—in 1986, 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act. Subsection (b) of the Act makes it a crime not only to commit (or attempt to commit) an offense under the Act, but also to conspire to do so.
Protected computers 
- exclusively for the use of a financial institution or the United States Government, or any computer, when the conduct constituting the offense affects the computer's use by or for the financial institution or the Government; or
- which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States...
Criminal offenses under the Act 
- (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
- (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
- (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n)  of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
- (B) information from any department or agency of the United States; or
- (C) information from any protected computer;
- (3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;
- (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
- (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
- (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
- (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.
- (6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—
- (A) such trafficking affects interstate or foreign commerce; or
- (B) such computer is used by or for the Government of the United States;
- (7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—
- (A) threat to cause damage to a protected computer;
- (B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
- (C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion
Specific sections 
- Espionage Act of 1917, with the notable addition being that it also covers information related to "Foreign Relations", not simply "National Defense" like the Espionage Act. : Computer Espionage. This section takes much of its language from the
- : Computer trespassing, and taking government, financial, or commerce info
- : Computer trespassing in a government computer
- protected computer : Committing fraud with a
- protected computer (including viruses, worms) : Damaging a
- : Trafficking in passwords of a government or commerce computer
- protected computer : Threatening to damage a
- : Conspiracy to violate (a)
- : Penalties
- thru h: Miscellany
Notable cases and decisions referring to the Act 
- United States v. Riggs, brought against people associated with Phrack magazine for obtaining a document (known as the "E911 document") about information on BellSouth products implementing 911 emergency telephone services, a case described in Bruce Sterling's "Hacker Crackdown of 1990." The government dropped the case after it was revealed that the document was on sale by AT&T for $13.
- United States v. Morris (1991), 928 F.2d 504, decided March 7, 1991. After the release of the Morris worm, an early computer worm, its creator was convicted under the Act for causing damage and gaining unauthorized access to "federal interest" computers. The Act was amended in 1996, in part, to clarify language whose meaning was disputed in the case.
- Theofel v. Farey Jones, 2003 U.S. App. Lexis 17963, decided August 28, 2003 (U.S. Court of Appeals for the Ninth Circuit), holding that the use of a civil subpoena which is "patently unlawful," "in bad faith," or "at least gross negligence" to gain access to stored email is a breach of both the CFFA and the Stored Communications Act.
- International Airport Centers, L.L.C. v. Citrin, 2006, , in which Jacob Citrin deleted files from his company computer before he quit, in order to conceal alleged bad behavior while he was an employee.
- LVRC Holdings v. Brekka, 2009 1030(a)(2), 1030(a)(4), in which LVRC sued Brekka for allegedly taking information about clients and using it to start his own competing business.
- Robbins v. Lower Merion School District (U.S. Eastern District of Pennsylvania), where plaintiffs charged two suburban Philadelphia high schools secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home, violating the Act. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.
- United States v. Lori Drew, 2008. The 'cyberbullying' case involving the suicide of a girl harassed on myspace. Charges were under 18 USC 1030(a)(2)(c) and (b)(2)(c). Judge Wu decided that using against someone violating a 'terms of service' agreement would make the law overly broad. 259 F.R.D. 449 
- People v. SCEA, 2010. Class action lawsuit against SCEA for removing OtherOS, the ability to install and run Linux (or other operating systems) on the PlayStation 3. Consumers were given the option to either keep OtherOS support or not. SCEA was allegedly in violation of this Act because if the consumers updated or not, they would still lose system functionality.
- Sony Computer Entertainment America v. George Hotz and Hotz v. SCEA, 2011. SCEA sued 'Geohot' and others for jailbreaking the PlayStation 3 system. The lawsuit alleged, among other things, that Hotz violated ([by] taking info from any protected computer). Hotz denied liability and contested the Court's exercise of personal jurisdiction over him. The parties settled out of court. The settlement caused Geohot to be unable to legally hack the PlayStation 3 system furthermore.
- United States v. Nosal, 2011. Nosal and others allegedly accessed a protected computer to take a database of contacts from his previous employer for use in his own business, violating 1030(a)(4) On April 12, 2012, an en banc panel of the Court of Appeals reversed that ruling, dismissing all charges against Nosal. 
- United States v. Drake, 2010. Drake was part of a whistle-blowing effort inside the NSA to expose waste, fraud, and abuse with the Trailblazer Project. He talked to a reporter about the project. He was originally charged with five Espionage Act counts for doing this. These charges were dropped just before his trial was to begin, and instead he pleaded guilty to one misdemeanor count of violating the CFAA, (a)(2), unauthorized access.
- United States v. Bradley Manning, 2010-. Bradley Manning was a soldier who allegedly disclosed tens of thousands of documents to those 'not entitled to receive' them. Among the 34 counts against him, there are several under (a)(1) and (a)(2) of the CFAA, some specifically linked to files like the Reykjavik 13 State Department cable and a video of the July 12, 2007 Baghdad airstrike.
- Grand Jury investigation in Cambridge, 2011. Unknown persons in Cambridge, Massachusetts, were ordered to attend Grand Jury hearings regarding charges under the CFAA, as well as the Espionage Act. Journalist Glenn Greenwald has written these were likely related to Wikileaks.
- United States v. Aaron Swartz, 2011. Aaron Swartz allegedly entered an MIT wiring closet and set up a laptop to mass-download articles from JSTOR. He allegedly avoided various attempts by JSTOR and MIT to stop this, such as MAC address spoofing. He was indicted for violating CFAA privisions (a)(2), (a)(4), (c)(2)(B)(iii), (a)(5)(B), and (c)(4)(A)(i)(I),(VI). The government dropped the charges after Swartz committed suicide in January 2013.
- United States v. Peter Alfred-Adekeye 2011. Adekeye allegedly violated (a)(2), when he allegedly downloaded CISCO IOS, allegedly something that the CISCO employee who gave him an access password did not permit. Adekeye was CEO of Multiven and had accused CISCO of anti-competitive practices.
- Pulte Homes v. Laborers' International Union of North America et al. 2011. Pulte Homes brought a CFAA suit against Laborers' International Union of North America (LIUNA). Pulte had fired a LIUNA employee, resulting in a labor dispute with LIUNA. LIUNA told its members to email and phone the company with their opinions, resulting in an overload of the company's email system.
- United States v Sergey Aleynikov, 2011. Aleynikov was a programmer at Goldman Sachs accused of copying code, like high-frequency trading code, allegedly in violation of 1030(a)(2)(c) and 1030(c)(2)(B)i-iii and 2. This charge was later dropped, and he was instead charged with theft of trade secrets and transporting stolen property.
- United States v Nada Nadim Prouty, circa 2010. Prouty was an FBI and CIA agent who was prosecuted for having a fraudulent marriage to get US residency. She claims she was persecuted by a US attorney who was trying to gain media coverage by calling her a terrorist agent and get himself promoted to a federal judgeship.
- United States v. Neil Scott Kramer, 2011. Kramer was a court case where a cellphone was used to coerce a minor into engaging sex with an adult. Central to the case was whether a cellphone constituted a computer device. Ultimately, the United States Court of Appeals for the Eighth Circuit found that a cell phone can be considered a computer if "the phone perform[s] arithmetic, logical, and storage functions," paving the way for harsher consequences for criminals engaging with minors over cellphones.
Aaron's Law proposal 
In the wake of the prosecution and subsequent suicide of Aaron Swartz, lawmakers have proposed to amend the Computer Fraud and Abuse Act. Representative Zoe Lofgren has drafted a bill that would help "prevent what happened to Aaron from happening to other Internet users". The bill would exclude terms of service violations from the 1984 Computer Fraud and Abuse Act and from the wire fraud statute, despite the fact that Swartz was not prosecuted based on Terms of Service violations.
In addition to Lofgren, Representative Darrell Issa and Representative Jared Polis—all on the House Judiciary Committee, raised questions about the government's handling of the case. Polis called the charges "ridiculous and trumped up," while referring to Swartz as a "martyr." Issa, also chair of the House Oversight Committee, announced that he is investigating the actions of the Justice Department's prosecution.
See also 
- Defense Secrets Act of 1911 / Espionage Act of 1917 / McCarran Internal Security Act 1950
- California Comprehensive Computer Data Access and Fraud Act
- Electronic Communications Privacy Act
- LVRC Holdings v. Brekka
- In re DoubleClick
- MBTA v. Anderson
- Information technology audit
- Computer security audit
- Computer fraud case studies
- The Hacker Crackdown (mentions the law, & the eponymous Chicago task force)
- Protected Computer
- McCool, Grant, Computer Fraud and Abuse Act: The 1980s-Era Hacking Law Out Of Step With Today's Internet, Analysts Say, Reuters as published in the Huffington Post, 29 July 2012. Retrieved 27 January 2013.
- Legal Information Institute, Cornell University Law School. "18 USC 1030".
- United States v. Morris (1991), 928 F.2d 504, 505 (2d Cir. 1991).
- "Ninth Circuit Court of Appeals: Stored Communications Act and Computer Fraud and Abuse Act Provide Cause of Action for Plaintiff | Stanford Center for Internet and Society". Cyberlaw.stanford.edu. Retrieved September 10, 2010.
- US v Jacob Citrin, openjurist.org
- US v Brekka 2009
- Kravets, David, Court: Disloyal Computing Is Not Illegal, Wired.com, September 18, 2009.
- Doug Stanglin (February 18, 2010). "School district accused of spying on kids via laptop webcams". USA Today. Retrieved February 19, 2010.
- "Initial LANrev System Findings", LMSD Redacted Forensic Analysis, L-3 Services—prepared for Ballard Spahr (LMSD's counsel), May 2010. Retrieved August 15, 2010.
- US V Lori Drew, scribd
- US v Lori Drew, psu.edu KYLE JOSEPH SASSMAN,
- ". Retrieved February 21, 2011.
- See the links to the original lawsuit documents which are indexed here
- US v Nosal, uscourts.gov, 2011
- Appeals Court: No Hacking Required to Be Prosecuted as a Hacker, By David Kravets, Wired, April 29, 2011
- See the linked articles about Bradley Manning, and his charge sheets here: Hague Justice Portal
- FBI serves Grand Jury subpoena likely relating to WikiLeaks BY GLENN GREENWALD, Salon.com WEDNESDAY, APR 27, 2011 13:28 ET
- See Internet Activist Charged in M.I.T. Data Theft, By NICK BILTON New York Times, July 19, 2011, 12:54 PM, as well as the Indictment
- Dave Smith, Aaron Swartz Case: US DOJ Drops All Pending Charges Against The JSTOR Liberator, Days After His Suicide, International Business Times, January 15, 2013.
- US v Adekeye Indictment. see also Federal Grand Jury indicts former Cisco Engineer By Howard Mintz, 08/05/2011, Mercury News
- techdirt.com 2011 8 9, Mike Masnick, "Sending Too Many Emails to Someone Is Computer Hacking"
- Hall, Brian, Sixth Circuit Decision in Pulte Homes Leaves Employers With Few Options In Response To Union High Tech Tactics, Employer Law Report, 3 August 2011. Retrieved 27 January 2013.
- US v Sergey Aleynikov, Case 1:10-cr-00096-DLC Document 69 Filed 10/25/10
- Ex-Goldman Programmer Described Code Downloads to FBI (Update1), David Glovin and David Scheer - July 10, 2009, Bloomberg
- Plea Agreement, US District Court, Eastern District of Michigan, Southern Division. via debbieschlussel.com
- Sibel Edmond's Boiling Frogs podcast 61 Thursday, 13. October 2011. Interview with Prouty by Peter B. Collins and Sibel Edmonds
- "United States of America v. Neil Scott Kramer".
- Sasso, Brendan. "Lawmakers slam DOJ prosecution of Swartz as 'ridiculous, absurd' - The Hill's Hillicon Valley". Thehill.com. Retrieved 2013-01-16.
- "Darrell Issa Probing Prosecution Of Aaron Swartz, Internet Pioneer Who Killed Himself". Huffingtonpost.com. Retrieved 2013-01-16.
- 18 U.S.C. § 1030, text of the law
- Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws, by Charles Doyle, CRS, 12 27 2010, (FAS.org)