Computer Fraud and Abuse Act’s Soft Parameters

December 09, 2008

Robert Brownstone, Law & Technology Director at Fenwick & West, was quoted in the article "The Computer Fraud Act: Bending a Law to Fit a Notorious Case," the E-Commerce Times examination of a set of statutes with broad parameters and its increasing level of applicability in courts.

The Computer Fraud and Abuse Act (CFAA) was the basis for a prosecution of Lori Drew, a woman found guilty of a misdemeanor for creating a false identity though MySpace, and her resultant involvement with a young girl who committed suicide. Some argue that this case was a poor application of what the Act was written to protect.

The CFAA, first passed in 1986, was first designed to protect classified government information from computer hackers. In light of the increase in corporate hackers, the Act also includes protection for the private sector, including enabling a private organization to bring a civil lawsuit. Both prosecutors and private plaintiffs are often using the CFAA to protect intellectual property when a company's former employee took proprietary information while still working for the company. The Act encompasses an inclusive range of computer abuse. Therefore, it can be relatively easy for a private company to prove that a former employee, as soon as he or she developed an evil motive, abused his or her level of authorized access when obtaining certain information—whether confidential documents or a client list.

"There has been a growth in the number of cases in which companies have accused former employees either of exceeding their computer authorizations or doing things they were never authorized for in the first place," Brownstone stated. He noted that the current trend in case-law is to uphold the viability of such civil claims.

Read the complete E-Commerce Times article here.