Computer Fraud and Abuse Act (CFAA)

The Computer Fraud and Abuse Act (CFAA) is a law that was passed by U.S. Congress in 1986 to reduce the hacking and cracking of government or other sensitive institutional computer systems. The act states that anyone who engages in the following will be subject ranging from fines to imprisonment. Accesses information without authorization to obtain information related to national defense, foreign relations or other restricted data. Access a computer without authorization and obtains information contained in financial records or from a financial institution. Accesses a U.S. department agency computer without authorization. Accesses a federal computer without authorization and with the intention to defraud.

The Computer Fraud and Abuse Act prohibits the use of federal and certain computers of financial institutions beyond the bounds of the authorization given to the person. This is mainly to eliminate or at least reduce cases of fraud and abuse where federal protected computers are involved. Some believe that the powers of the CFAA are too wide-sweeping. Specifically, there is debate around what constitutes "authorized" access, as there are court precedents that have defined this very broadly. Protected computers include computers that are used exclusively by the U.S. government or a financial institution as well as computers used for (or that affect) foreign commerce or interstate communication or commerce. This includes computers in locations outside of the United States.