Federal Charges For Violating This Outdated Computer Law
Federal criminal defense attorney Mick Mickelsen explains what to do if you are charged with a computer crime under the Computer Fraud and Abuse Act.
Cybercrime might sound like something from a futuristic movie, but it’s not science fiction or an abstract concept. Cybercrime happens every day, and it’s happening with rising frequency. According to a CBS report, there are 1.5 million cyber-attacks each year, which breaks down to 170 attacks every hour and three attacks each minute. In 2014, nearly half of all Americans were victims of hackers, and 43 percent of companies experienced a data breach.
Because cybercrime is something many people associate with the last decade or so, some people are surprised to find out that computer fraud laws have been in place since the 1980s. Passed in 1986, the Computer Fraud and Abuse Act (CFAA) aims to reduce hacking and other computer-related crimes.
The CFAA is a successor act to the Comprehensive Crime Control Act of 1984, which was the first federal law to address computer crimes. In 1994, federal lawmakers amended the CFAA to make it applicable to civil actions as well as criminal cases.
At the time the CFAA was passed, federal lawmakers couldn’t begin to predict what cybercrimes would look like decades down the road. As a result, computer crimes experts say the CFAA is outdated and in need of reform. If you have been charged with a computer crime, you should speak with federal criminal defense lawyers Broden & Mickelsen in Dallas.
What the CFAA Does
The CFAA is a broad federal statute that penalizes a range of offenses. It makes it a crime to illegally access information related to national defense, restricted data, or foreign relations within federal computer systems. The CFAA also makes it illegal to break into a computer within a financial organization like a bank for the purpose of obtaining data or financial records. It’s also illegal under the CFAA to gain unauthorized access to protected computer networks, which means courts can and do interpret the law quite broadly.
Much of the debate around the CFAA revolves around the question of what constitutes “authorized” access. Over the years, federal courts have given “authorized” a wide definition, which some experts say has led to a high number of convictions under the statute.
The CFAA has been used to going after world-famous or infamous, depending on your perspective, hackers as well as seemingly everyday people who illegally download torrents to watch movies or play music at home.
One cybersecurity site states, “In other cases, the nearly unlimited penalty system of the statute has resulted in widely unbalanced punishments for even minor violations, such as the three felony counts against journalist Matthew Keys for leaking credentials to the LA Times website…” In that case, the journalist faced up to $35 million in fines and a prison sentence of 11 years.
Lengthy prison sentences are another source of controversy under the CFAA. Individuals convicted of hacking or other crimes can face between five and 10 years in prison, and those with a previous conviction can face up to 20 years in federal prison. Between 2011 and 2014, the Department of Justice’s rate for prosecuting cases under the CFAA jumped by 41 percent.
Cyber experts say part of what makes CFAA laws complicated is that a great deal of the case law interpreting and clarifying the statue derives from the civil system. This means that courts in the criminal system must rely on civil precedent when considering criminal cases.
Controversial Prosecutions Under the CFAA
The CFAA has been at the core of a number of controversial prosecutions over the years. In 1989, three years after the law was passed, federal authorities indicted the man who created the Morris worm, one of the world’s first computer viruses. The conviction was one of the first under the law. The creator of the virus claimed he didn’t unleash it to cause harm, but because he wanted to gauge the size of the internet.
Since then, there have been a number of notable prosecutions under the CFAA. In one case, prosecutors used the law to go after a man who accessed unprotected data that was available to the public on AT&T’s website.
Federal prosecutors have also used the CFAA to pursue charges against workers who improperly access employers’ computer networks for the purpose of stealing company secrets or other data.
Computer fraud experts say the CFAA is in serious need of reform. Because the law was passed in the 1980s, they argue it needs updating to keep it in line with current computer technology and norms.
Until that happens, it’s possible people will continue to be prosecuted under a vague and overly broad statute that could result in serious penalties for relatively minor offenses. Anyone who has been charged with a computer crime under the CFAA should speak with an experienced federal computer crimes lawyer. Federal prosecutors have shown that they take computer crimes seriously and are willing to pursue maximum penalties for these types of violations.