Academic journal article Forum on Public Policy: A Journal of the Oxford Round Table

The Computer Fraud and Abuse Act: An Effective Tool for Prosecuting Criminal and Civil Actions in Cyberspace

Academic journal article Forum on Public Policy: A Journal of the Oxford Round Table

The Computer Fraud and Abuse Act: An Effective Tool for Prosecuting Criminal and Civil Actions in Cyberspace

Article excerpt


Although hackers have been around for over 40 years, by the 1980s the problem had reached epidemic proportions. "Hacker" is the term used for people who gain unauthorized access to another's computer for the purpose of stealing or corrupting data. Originally, the term "hacker" was benign with no negative connotation. It simply referred to those who wanted to develop their computer skills and sought the challenge of accessing and exploring computers without any intention to steal or destroy anything. (1) Hackers range from bored teenagers to organized criminals.

In one of the first arrests of hackers, the FBI arrested Milwaukee-based 414s (named after the local area code) whose members were accused of 60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center (2) to the Los Alamos National Laboratory. (3) In addition to hacking, computer worms, viruses, Trojan horses, computer terrorism, phishing and pharming have become a virtual plague in the area of computer problems.

The Computer Fraud and Abuse Act

In 1984 in response to hacking threats, the United States Congress enacted the Computer Fraud and Abuse Act, 18 U.S.C. 1030. (4) The primary purpose of CFAA was to protect government computers and financial records and credit information on both the government's and financial institutions' computers. It became apparent soon afterward that a stronger law was needed to properly address the threats. Since its inception the act did not quite meet the needs of the government and was constantly being amended. In 1986 the Act was amended to cover any federal interest computers. (5) In 1996 the law was again amended to include the term "protected computer," which now meant any computer involved in interstate or foreign commerce. (6)

The Act went through many amendments and incarnations when, somewhat mysteriously, Section (g) appeared in 18 U.S.C. 1030 in 1996. (7) The mysterious Section (g) was unusual and atypical not only because it now provided civil remedies in a criminal statute, but it also contained unprecedented language allowing private companies to pursue violations of this law. Since there are no records, session notes or writings to explain the purpose of Section g, one can only assume that the government could augment its limited resources by enlisting private corporations to also go after hackers in civil actions. This section allows organizations to take the lead and to be the protector of personal data stored in their computers, but it also makes the stealing of data from a computer a federal crime that can be corrected through a civil lawsuit. The text of Section (g) is as follows:

   (g) Any person who suffers damage or loss by reason of a violation
   of this section may maintain a civil action against the violator to
   obtain compensatory damages and injunctive relief or other
   equitable relief. A civil action for a violation of this section
   may be brought only if the conduct involves 1 of the factors set
   forth in clause (i), (ii), (iii), (iv), or (v) of subsection
   (a)(5)(B). Damages for a violation involving only conduct described
   in subsection (a)(5)(B)(i) are limited to economic damages. No
   action may be brought under this subsection unless such action is
   begun within 2 years of the date of the act complained of or the
   date of the discovery of the damage. No action may be brought under
   this subsection for the negligent design or manufacture of computer
   hardware, computer software, or firmware.

One can certainly understand the notion of the government trying to obtain help from corporations with deep pockets to stop these insidious computer crimes. However, corporations have not prosecuted civil actions against these criminals probably because no matter how much damage the culprits committed or how much money they cost the companies; the perpetrators likely did not have assets from which to collect judgments. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.