Computer law

From Wiki Law School does not provide legal advice. For educational purposes only.

Computer laws are enacted to ensure cybersecurity.

Statutes[edit | edit source]

Computer Fraud and Abuse Act[edit | edit source]

The Computer Fraud and Abuse Act (CFAA) is Title 18, United States Code, Section 1030.[1] The Act was first passed in 1984 and has been amended several times to keep up with technological changes. This statute was used by Robert Mueller in 2018 to indict 12 GRU (Russian military intelligence) officers for interfering with the 2016 US presidential election using hacking methods. The Russian agents unlawfully hacked into the e-mail account of John Podesta, chair of Hillary Clinton's 2016 campaign. In addition, they hacked into the DNC servers.

In 2016, the Russian computer spies used spear phishing in which they sent their targets e-mails with phony links. In addition, they planted malware on the their targets' computers.

The CFAA was used to indict Aaron Swartz who committed suicide in 2013 in the face of the draconian penalties of the statute.

7 Sub-sections[edit | edit source]

The Computer Fraud and Abuse Act (CFAA) contain 7 different sub-sections: sub-sections 1030(A)(1) through 1030(A)(7).

Sub-section 1 focuses on national security information. This section is about electronic espionage.

Sub-section 2 focuses on a hacking a financial institution. It also involves accessing a US government computer in furtherance of espionage.

Sub-section 3 involves trespassing on US government computers to access non-public information by outsiders.

Sub-section 4 targets accessing computer systems with the intent to defraud.

Sub-section 5 focuses on the damage caused to a computer. Examples would be sending a computer worm, sending a computer virus, or launching a denial-of-service attack. United States v. Morris (1991) is an example of a case prosecuted under sub-section 5.

Sub-section 6 criminalizes trafficking computer passwords with the intent to defraud.

Sub-section 7 criminalizes computer usage for the purpose of extortion. For example, the defendant threatens to crash a company computer unless the company pay a ransom.

References[edit | edit source]