CFAA in Redefining Computer Attacks

Background of the CFAA

Computer Fraud and Abuse Act (CFAA) prohibits access to a computer without authorization. CFAA redefines intangible property under the tort law. CFAA also criminalized incidences of computer-related breaches, with specific provisions for the development of malicious code and possible denial of service (Ilt.eff.org, 2019). The act was further amended to accommodate the USA Patriot Act of 2002.

CFAA Might Positively Address

CFAA has advanced several sections that address the general misuse of computer systems. Sections 18 U.S.C. § 1030(a)(1-7) and 18 U.S.C. § 1030(b-c) provides coverage against computer espionage, jurisdiction against trespassing, control over commitment of fraud, possible control of damaging of the computer worms and viruses, control over passwords trafficking, jurisdiction against threats, possible control on conspiracy to violate, and finally control over penalties. McGowan (2017) also notes that CFAA defines the jurisdiction of hardware utility, minimizing ambiguity of earlier laws related to computer-related breaches.

Examples of Abuses

The government has been criticized for the overreaching CFAA; civil cases are the most common example of violations. CFAA has been criticized for transforming misdemeanor cases into a felony. Case United States v. Kane in 2011 transformed the case from misdemeanor to a felony, and for two years, the defendant was subjected to criminal wire fraud charges. In the case of United States v. Aaron Swartz, 2011, the government violated provisions by burdening the defendant with several other cases. Shackelford (2012) as such believes CFAA would be efficient by applying an Engineering Task Force and the ITU, based on different governance models that retain internet sovereignty and creation of internet freedom conceptualizing cybersecurity under internet governance.

Efficiency against Cyberattacks

CFAA protects businesses from cyber attacks given its jurisdiction extends coverage for a private right of action, injunction, and presenting equitable relief. CFAA specific sections and its successful cases, such as United States v. Nosal 2011, and a series of common laws have allowed the successful approach in protecting the organization against cyber-attacks. Most hacks are catered under 18 U.S.C. § 1030(a) (6), which details the trafficking of passwords for government and commerce computer. 

References

Ilt.eff.org. (2019). Computer Fraud and Abuse Act (CFAA) – Internet Law Treatise. Retrieved from https://ilt.eff.org/Computer_Fraud_and_Abuse_Act_(CFAA).html

McGowan, B. (2017). Eject the Floppy Disk: How to Modernize the Computer Fraud and Abuse Act to Meet Cybersecurity Needs. SSRN Electronic Journal. doi: 10.2139/ssrn.3018115Shackelford, S. (2012). Toward Cyber Peace: Managing Cyber Attacks Through Polycentric Governance. SSRN Electronic Journal. doi: 10.2139/ssrn.2132526