An Introduction to the Computer Fraud and Abuse Act of 1986

by JRO on July 15, 2013

The computer Fraud and Abuse Act of 1986 was made as a follow-up to the one passed in 1984, with an emphasis on computer security. It seeks to find, and punish, persons who have malicious intentions on commercial or government computers, by searching for protected private data, or through extending the allotted time to use the device.

It was written to go after hackers, especially with the growth of the Internet, which was initially used almost exclusively by military personnel and government agencies. It was further expanded to include financial companies and civil groups and individuals.

Details of the Act

The CFAA of 1986 has 7 prohibitions when it comes to the use of computers. It forbids obtaining national security data, such as when an individual accesses US government information with the intent to give the data to foreign countries so as to put the United States in danger. Compromising confidentiality, which is done by giving out information that is classified, accessing government agencies without permission, breaking a computer system with a malicious intent to defraud and thereby obtain value, destroying a computer, investigating passwords, and making threats to destroy a computer are all punishable as crimes.

All these actions are considered felonies and are punishable by law. The act protects computers belonging to the US government and other financial institutions which are most likely to have protected data. It states that any person who knowingly uses the time given to use a computer, or extends it without permission, to get information that is detrimental to the well-being of the United States, or with the intent to give a foreign nation, can be imprisoned or charged with fines.

It also forbids a person to access a financial company’s computer, and thereby gathering private information. For example, looking at others credit reports while working for a credit bureau is an action that is against the law under the Fair Credit Reporting Act.

Penalties for Breaking the CFAA Law

In order to deter potential criminals from breaking the law, the act punishes those who go against the law. Obtaining national security data is a serious crime that is punishable and one can go to prison for 20 years. When one accesses a computer that they are not authorized to, the crime is less severe but still punishable, and they could be asked to serve time in prison for 5 to 10 years. Other crimes involving breaking the CFAA law, which carry one year sentences for first time offenses, include trafficking passwords, negligently causing damage and loss upon accessing a computer, intentionally damaging the computer as a result of access, and trespassing in a government computer. Second time offenses are not taken lightly however, and lawbreakers could face up to 10 years for these crimes.

As technology continues to change and expand, there is a need to amend the law so as to cover the many areas that the CFAA of 1986 doesn’t cover. Phones and other portable devices are now becoming potentially vulnerable to cyber security threats, as did the computer decades ago. Hopefully as technology and the way we relate to it and use it change the laws and protections in place will change in kind.


This piece was composed by Jacob Samson, a freelance writer who focuses on computer hardware, gadgets and accessories and other tech topics

Leave a Comment

Previous post:

Next post: