Computer Fraud and Abuse Act (CFAA) - 18 U.S.C. § 1030
With the rise of the age of computers has come a broad range of new ways to commit crimes that didn't exist before. In response, the federal government has passed new legislation over the past several decades to address these new issues.
The Computer Fraud and Abuse Act (CFAA), codified as 18 U.S.C. 1030, is a crucial federal law designed to combat computer-related offenses.
It safeguards computer systems and data from unauthorized access, damage, and misuse. Originally enacted in 1986, the CFAA has been amended multiple times to address the evolving nature of cyber threats, with the most recent amendment made in 2008.
18 U.S.C. 1030 fraud and related activity in connection with computers, says “(a) Whoever, having knowingly accessed a computer without authorization or exceeding authorized access, and using such conduct having obtained information that has been determined by the United States Government pursuant to Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954.
With reason to believe that such information so obtained could be used to the injury of the United States or the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it.”
If you are prosecuted for violating the CFAA and convicted, you could face steep fines and significant prison time.
What is the List of Criminal Offenses under the CFAA?
The CFAA outlines numerous criminal offenses related to computer fraud and abuse and the maximum offender penalties. These offenses range from unauthorized access to computers and theft of information to causing damage to computer systems and trafficking in passwords or access devices. The law also addresses more serious offenses like obtaining national security information and trespassing on government computers.
Unauthorized Access to Computers
The CFAA makes it a criminal offense to access a computer without authorization or intentionally exceed authorized access. This involves accessing computer systems operated by the government or financial institutions without proper permission. First-time offenders can face fines and imprisonment for up to one year.
Theft of Information
The CFAA prohibits unauthorized information acquisition from "protected computers" (i.e., computers operated by the government or financial institutions, affecting interstate/foreign commerce, or used in voting systems and elections). This includes knowingly transmitting or retaining stolen information. Penalties for first-time offenders include fines and up to one year in prison.
Damage to Computer Systems
Under the CFAA, causing damage to protected computers is a punishable offense. This encompasses unauthorized access leading to damage to data, programs, systems, or information (for example, by transmitting/planting a computer virus). First-time offenders can face fines and up to one year in prison.
Trafficking in Passwords or Access Devices
The CFAA criminalizes the trafficking of passwords or access devices. It is illegal to knowingly traffic any password or access device issued to or authorized by the U.S. government or financial institution. First-time offenders can face fines and up to one year in prison.
Trespassing in a Government Computer
Simply accessing a government computer without authorization is considered trespassing. It's punishable with up to one year of imprisonment for first-time offenders.
Obtaining National Security Information
The CFAA also penalizes those who obtain national security information through unauthorized computer access. If someone illegally gets into a computer and takes information that the U.S. Government says needs to be kept secret for national defense or foreign relations (or certain nuclear information) and then tries to give, send, or show this information to someone who shouldn't see it, or keeps it instead of giving it to the right U.S. official, they can receive up to 10 years imprisonment on the first offense.
Accessing a Computer to Defraud and Obtain Value
If an individual accesses a computer with fraudulent intent and obtains value, they can be punished under the CFAA with up to five years imprisonment for first offenses.
Intentionally Damaging by Knowing Transmission
Intentional damage caused by knowingly transmitting harmful data or code (e.g., viruses) is punishable with one or ten years imprisonment for first-time offenders.
Recklessly Damaging by Intentional Access
Recklessly causing damage by intentionally accessing a computer can lead to one or five years of imprisonment for first-time offenders.
Extortion Involving Computers
Threatening to damage a computer or reveal sensitive information unless you are paid is a form of extortion. The CFAA penalizes extortion involving computers with up to five years imprisonment for first-time offenders.
What are Some Other Important Provisions?
The CFAA contains other essential details you need to know if you are accused of a crime under this law.
Subsequent offenses typically result in double the maximum sentence. The above sentence guidelines are for first-time offenders. For a second or subsequent offense, that penalty may be doubled.
Aggravated penalties exist for damage offenses. If someone is hurt or killed as a result of intentional damage you did to a protected computer—or if you attempted to hurt or kill someone by those actions—you could face the following aggravated penalties:
- For serious bodily injury: up to 20 years in prison; or
- For death: up to life imprisonment.
It should be noted that just attempting to gain access to a protected computer can be filed as a misdemeanor offense. If you hacked a computer for financial gain, to commit another crime, or to obtain information valued over $5,000, you will face felony charges.
If convicted of a felony offense, you are facing up to ten years in federal prison and a fine of up to $10,000. There are some enhancements that will increase the penalties, such as hacking a computer with specific intent to commit another offense, like identity theft.
What are Related Federal Crimes?
Several federal offenses are related to 18 U.S. Code 1030, fraud, and related activity in connection with computers, such as the following:
- 18 U.S.C. 1028 – Identity Theft,
- 18 U.S.C. 1029 – Credit Card Fraud,
- 18 U.S.C. 1031 – Major Fraud,
- 18 U.S.C. 641 – Embezzlement,
- 18 U.S.C. 1341 – Mail Fraud,
- 18 U.S.C. 1343 – Wire Fraud,
- 18 U.S.C. 1344 – Bank Fraud,
- 18 U.S.C. 472 – Counterfeiting.
What are the Defenses for Computer Hacking?
Computer hacking, cybercrimes, and related internet crimes are normally aggressively prosecuted, and a conviction can be life-altering. It's important to note that if you are under investigation for federal computer hacking, you must consult an experienced federal criminal lawyer as soon as possible.
The federal prosecutor has the burden of proof to obtain a conviction. This means they will have to prove all the elements of the crime beyond any reasonable doubt. The primary factor in a computer hacking case is that you knowingly and intentionally hacked a computer.
We can fight an 18 U.S.C. 1030 federal computer hacking case in several ways. We might be able to argue that you unintentionally accessed a computer without consent or that the computer access didn't go to the level of hacking.
Other potential defenses include not illegally accessing the computer or having a reasonable belief you had the authorization to access the computer and obtain the information. Perhaps we could argue that your computer was accessed by another person who actually committed the hacking, or maybe you are the victim of a false allegation.
If you are accused of illegally hacking a computer violating 18 U.S.C. 1030, call us to review the case details and legal options. We may be able to negotiate with the federal prosecutor for a favorable plea bargain or a case dismissal. Eisner Gorin LLP is a criminal defense law firm representing clients nationwide for all federal crimes. We are based in Los Angeles, California.
Related Content: