Year 1986: Congress Enacts The Federal Computer Fraud And Abuse Act

Introduction

Since the early days of computing, including the advent of technologies like ARPANET, instances of computer-related crimes have been prevalent. The period from the 1960s to the 1980s witnessed a significant increase in cybercrime and other technology-related offenses. These incidents, often blamed on curious teenagers, had severe consequences for targeted organizations and corporations. This rise in cyber mischief was magnified by the absence of laws addressing such activities.

Recognizing the urgent need for legislation to combat cybercrime, the U.S. Congress took action by passing the Federal Computer Fraud and Abuse Act (CFAA) in 1986. This landmark legislation aimed to mitigate hacking and other forms of unauthorized access to computer systems. Let’s explore the significance and provisions of this pivotal law in greater detail.

The First Federal Computer Crime Law

Before we dig right into the Computer Fraud and Abuse Act, let’s make a stop in the year 1984. CFAA’s foundation was laid 2 years prior in 1984, when the Congress passed the Comprehensive Crime Control Act. The Act introduced specific federal offenses, including:

• Unauthorized Access: This refers to the act of knowingly accessing a computer without proper authorization. It encompasses unauthorized use of computer access by individuals exceeding their permitted actions or privileges.

•  Protection of Government Interests: The Comprehensive Crime Control Act also addressed specific government concerns regarding computer misuse. It covered criminal acts like accessing computer systems for national security secrets or personal financial gains without permission. Hacking into government computers was also a criminal offence. The new legislation deemed all these actions as federal crimes.

The Computer Fraud and Abuse Act (CFAA)

Existing laws were inadequate to combat unauthorized access, data breaches, and malicious activities targeting computer systems before 1986. The Computer Fraud and Abuse Act addressed these gaps. The legislative response reflected the need to safeguard federal computers from trespassing, threats, damage, and espionage.

The CFAA was an extension of the Comprehensive Crime Control Act. The Act’s original purpose was safeguarding classified information, financial records, and credit data on government and financial institution computers. Therefore, by introducing the CFAA, Congress sought to prohibit unauthorized access to “federal interest” computers. The Act also enlisted the penalties for fraud and related activities in connection with access devices and computers. Furthermore, it also included provisions for enhancing the security of federal interest computers against unauthorized access and other criminal activities.

Congress aimed to ensure that federal computer crime laws were applicable only to specific situations. These situations included cases involving federal government computers, important financial institutions’ computers, or crimes occurring across state lines. As a result, not all computer crimes fell under federal jurisdiction. Only those meeting the mentioned criteria were subject to federal prosecution.

Key Provisions of the Computer Fraud and Abuse Act

The CFAA criminalizes various forms of unauthorized access and activities related to computer systems. The provisions of the CFAA include, but are not limited to:

Unauthorized Access (§ 1030(a)(2)):

Knowingly accessing a computer without authorization, or exceeding authorized access and obtaining protected information.

Computer Trespassing (§ 1030(a)(3)):

Unauthorized access involving exposure to certain governmental, credit, financial, or computer-housed information.

Computer Damage (§ 1030(a)(5)):

Damaging a government computer, bank computer, or a computer affecting interstate or foreign commerce, including acts like spreading computer viruses, denial of service attacks, and other cybercrimes.

Fraudulent Access (§ 1030(a)(4)):

Committing fraud involving unauthorized access to government computers, bank computers, or computers affecting interstate or foreign commerce.

Threats to Computers (§ 1030(a)(7)):

Threatening to damage government computers, bank computers, or computers affecting interstate or foreign commerce.

Password Trafficking (§ 1030(a)(6)):

Trafficking in passwords for government computers or when trafficking affects interstate or foreign commerce.

Espionage (§ 1030(a)(1)):

Accessing a computer to commit espionage.

Penalties for Violating the The Computer Fraud and Abuse Act:

The Computer Fraud and Abuse Act (CFAA) has defined seven categories of punishable offences, with each having its own penalty scheme. However, the penalties for prohibited conduct also depend on the severity of the crime and the past criminal history of the offender. Below is a summary of the possible penalties and sentences for each category:

• Obtaining national security information through unauthorized computer access and sharing or retaining it: Up to 10 years in prison for a first offense and up to 20 years for a subsequent offense.

• Obtaining certain types of information through unauthorized computer access: Up to one year in prison for a first offense and up to five years if the offense was committed for commercial or private gain, in furtherance of another crime, or if the value of the information exceeded $5,000.
  
• Trespassing in a government computer: Up to one year in prison for a first offense and up to 10 years for a subsequent offense.
  
• Engaging in computer-based frauds through unauthorized computer access: Up to five years in prison for a first offense and up to 10 years for a subsequent offense.
  
• Knowingly causing damage to certain computers by transmission of a program, information, code, or command: Up to one year in prison for a first offense, and up to 10 years if the damage was intentional, caused loss or impairment of medical services, or affected more than 10 computers.
  
• Trafficking in passwords or other means of unauthorized access to a computer: Up to one year in prison for a first offense and up to 10 years if the trafficking affected a government computer or was done for commercial or private gain.
  
• Making extortionate threats to harm a computer or based on information obtained through unauthorized access to a computer: Up to five years in prison for a first offense and up to 10 years for a subsequent offense.

Source: https://www.legalmatch.com/law-library/article/computer-fraud-abuse-act.html

Parting Words

Amidst the ongoing chaos in the cyber world, the Federal Computer Fraud and Abuse Act of 1986 emerged as a much-needed solution. This Act played a crucial role in curbing the menace of computer-related crimes and prosecuting offenders. Its enactment marked a crucial milestone in the legal framework addressing such offenses.

Since its inception, the scope and coverage of the CFAA have been expanded by Congress through various amendments in 1996, 2001, 2002, and 2008. These amendments reflect the evolving nature of cybercrimes, prompting lawmakers to adapt and strengthen the laws accordingly. As cybercrimes become increasingly sophisticated, these amendments signify a continuous effort to enhance and refine the legal mechanisms aimed at combating them.