While we're working on putting together an all new interface for editing, highlighting, tracking changes and seeing what the law would look like if it were changed, here are a few links to background and ideas about the CFAA.
Recent Background on Computer Fraud
Statistics on prosecutions under 1030 from 2002-2009. Wish he had more recent data. http://noncuratlex.com/?p=1243
Cybercrime's Scope: Interpreting 'Access' and 'Authorization' in Computer Misuse Statutes by Orin S. Kerr: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=399740
THE LEGAL FRAMEWORK - UNAUTHORIZED ACCESS TO COMPUTER SYSTEMS: PENAL LEGISLATION IN 44 COUNTRIES (Updated April 7, 2003) By Stein Schjolberg, Chief Judge, Moss District Court, Norway http://www.mosstingrett.no/info/legal.html
Vagueness Challenges to the Computer Fraud and Abuse Act by Orin S. Kerr https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1527187&download=yes
Ideas for Change
Reddit soliciting comments by Rep Zoe Lofgren http://www.reddit.com/r/IAmA/comments/17pisv/im_rep_zoe_lofgren_here_is_...
Proposed legislation: http://www.lofgren.house.gov/images/stories/pdf/aarons%20law%20revised%2...
More from Orin Kerr on the latest draft: http://www.volokh.com/2013/02/02/drafting-problems-with-the-second-versi...
Computer Fraud and Abuse Act In Depth
The past, present, and future of the Computer Fraud and Abuse Act.
Read 18 USC § 1030.
Sources: Cornell LII's US Code
There do not appear to be any relevant regulations whose authority is derived from the CFAA. The Parallel Table of Rules and Authorities lists nothing for 18 USC § 1030.
- 1996, 61 FR 40533 - NASA in 1996 cited 18 USC 1030 as a mechanism for penalizing contractors whose employees inappropriately access unclassified information.
- 1999, 64 FR 62586 - The Treasury and the IRS exempted some data collected by 18 USC 1030(a)(2)(B) from disclosure.
- 2000, 65 FR 56791 - The Treasury and the IRS updated its exemption. The final rule addresses a commenter's concern about data from 18 USC 1030(a)(2)(B) being used for purposes other than law enforcement.
- 2000, 65 FR 69655 - The Government Ethics Office updates material to reference 18 USC 1030 as a "related statute".
There are also some appearances of "18 U.S.C. 1030" in executive notices.
- 2013, Each edition of the United States Sentencing Guidelines (most recent) references the definition of "government entity" in 18 USC 1030(e)(9).
- 2009, The Patent Office's regulations surrounding its Electronic Filing System say "Please note that 18 U.S.C. 1030 imposes a duty on users not to intentionally cause damage to a federal government system."
- 2008, The Energy Information Administration asked for comments on how it delivers its weekly reports. The EIA is apparently besieged with crawlers attempting to find and download its weekly reports. The EIA says it wants to deliver the information freely and rapidly, but wants to protect itself from abuse. They provide a stern reminder "that EIA may report robot activity in accordance with its Security Policy" for prosecution under 18 USC 1030. Their weekly reports are not currently blocked in the EIA's robots.txt.
In the Courts
CourtListener's bulk data is available for download.
... to be continued ...
- 1984, Title II, Chapter XXI of "Acquisition of Foreign Evidence Improvements Act". Pub. L. 98-473, 98 Stat. 2190. Original text: PDF, page 354
- 1986, Amended by "Computer Fraud and Abuse Act of 1986". Pub. L. 99-474, 100 Stat. 1213. Original text: PDF
- 1989, Amended by "Enforcement Authority Improvements Act". Pub L. 101-73, 103 Stat. 183. Original text: PDF, page 320
... to be continued ...
Tracking Future Activity
- CourtListener provides alerts on federal court opinions.
- FederalRegister.gov provides alerts on all executive branch activity.
- Scout provides alerts on federal legislation, regulation, speeches in Congress, and GAO Reports.