Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA), first passed in 1984, was amended in 1996 to punish anyone who “intentionally accesses a computer without authorization or exceeds authorized access and thereby obtains information from any protected computer.” Computers used for e-mail communication between states or used for online purchases from online vendors from other states are presumably included under the definition of protected computer that states that it includes any computer “which is used in interstate or foreign commerce or communication.”

Thus, any user who covertly collects personal information of web-users engaged in transactions is in violation of this act. However, the CFAA has been used sparingly in prosecutions so far, and there are questions about its reach in regard to Internet privacy issues.


Inside Computer Fraud and Abuse Act