| Abstrakt: |
Cybercrime and the Law: Computer Fraud and Abuse Act (CFAA) and the 116th Congress The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, is a civil and criminal cybercrime law prohibiting a variety of computer-related conduct. Although sometimes described as an anti-hacking law, the CFAA is much broaderin scope. Indeed, it prohibits seven categories of conduct including, with certain exceptions and conditions: 1. Obtaining national security information through unauthorized computer access and sharing or retaining it; 2. Obtaining certain types ofinformation through unauthorized computer access; 3. Trespassing in a government computer; 4. Engaging in computer-based frauds through unauthorized computer access; 5. Knowingly causing damage to certain computers by transmission of a program, information, code, or command; 6. Trafficking in passwords or other means of unauthorized access to a computer; 7. Making extortionate threats to harma computer or based on information obtained through unauthorized access to a computer. Since the original enactment of the CFAAin 1984, technology and the human relationship to it have continued to evolve. Although Congress has amended the CFAA on numerous occasionsto respond to new conditions, the rapid pace of technological advancement continues to present novel legal issues under the statute. For example, with increasing computerization has come a corresponding proliferation of Terms of Service (ToS) agreements—contractual restrictions on computer use. But federal courts disagree on whether the CFAA imposes criminal liability for ToS violations, and theUnited States Supreme Court is currently considering a case on this issue. Another technological development that has created tension under the CFAA is the rise of botnets, which are networks of compromised computers often used by cybercriminals. Although the CFAA prohibits creating botnets and using them to commit certain crimes, it is unclear if selling or renting a botnet violates the statute—a potential concern given that botnet access is often rentedfrom botnet brokers. On a more basic level, another change that has prompted some reexamination of the CFAA is the seemingly-growing frequency of computer crime. Some contend that the prevalence and perniciousness of hacking requires private actors to defend themselves by hacking back—that is, initiating some level of intrusion into the computer of the initialattacker. The same provisions of the CFAA that prohibit hacking ostensibly also make it a crime to hack back, which some legislation has sought to change. [ABSTRACT FROM AUTHOR] |
