Courts Reining In What it Means to be a “Hacker” Under the Computer Fraud and Abuse Act (CFAA)
Ralph C. Losey of Jackson Lewis writes:
The Computer Fraud and Abuse Act (“CFAA”) is an anti-hacker statute that prohibits unauthorized access, or the exceeding of authorized access, of computers connected to interstate commerce. 18 U.S.C. § 1030. Violators are subject to both criminal and civil liability. Employers have long taken advantage of the CFAA’s civil remedies to “sue former employees and their new companies who seek a competitive edge through wrongful use of information from the former employer’s computer system.” P.C. Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC, 428 F.3d 504, 510 (3d Cir. 2005).
A majority of courts have to date construed the meaning of “unauthorized access” in the CFAA to include access for unauthorized purposes, such as to steal an employer’s information. They applied the anti-hacker statute even though the employee was authorized to access the computer system, just not for purposes of theft. Now a growing number of courts are stepping back from the expansive construction of what it means to be a “hacker” under the statute. They are instead limiting the CFAA to situations where the access to the computer itself was unauthorized, and disregarding whether or not the access was for a permitted use.
Read more on National Law Review.