Download This PaperDebugging the CFAA's Hybrid Structure
44 Pages Posted: 11 May 2020 Last revised: 17 Jun 2020
Date Written: April 16, 2020
Abstract
For years, lawyers, technologists, and digital rights activists have denounced the Computer Fraud and Abuse Act (“CFAA”) as vague, dangerous, and overbroad. Broad interpretations of the CFAA criminalize a wide range of everyday computer conduct and allow powerful companies to file civil suits that suppress competition, innovation, and employee mobility.
Most CFAA scholarship has focused exclusively on the statute’s criminal enforcement. In contrast, this Note analyzes how the CFAA’s hybrid structure—its combination of criminal and civil provisions—has contributed to its overbroad reach and overzealous use in both criminal and civil contexts. This Note argues that implementing criminal-specific and civil-specific narrowing measures could counteract the overbreadth and overuse caused by the statute’s hybrid structure.
Part I of this Note presents an overview of the CFAA. Part I relates the CFAA’s legislative history, describes how judges interpret the statute inconsistently, and surveys how it is used in practice. Part II investigates how the CFAA’s hybrid structure has influenced its development. Part II first introduces the theory behind hybrid statutes and the problems that these statutes tend to create. Then, Part II identifies what prosecutors and judges have already done to mitigate the dangers posed by the CFAA’s hybrid structure. Lastly, Part II explains why the CFAA’s hybrid structure has continued to expand the statute. Part III offers four solutions aimed at reducing the negative effects generated by the CFAA’s hybrid structure. Part III proposes that Congress amend the civil provision to prohibit claims that arise out of contract breaches or business torts and to give judges the option to award attorneys’ fees to victorious defendants. Part III also recommends that Congress heighten the CFAA’s mens rea requirement for criminal liability, and it suggests that the Department of Justice require prosecutors to obtain its approval before charging CFAA crimes.
Keywords: CFAA, Computer Fraud and Abuse Act, Hybrid Statutes, Computer Crime, Cybercrime
Suggested Citation: Suggested Citation