The Failure of the Computer Fraud and Abuse Act: Time to Take a New Approach to Regulating Computer Crime

23 Pages Posted: 3 Feb 2016

See all articles by Ric Simmons

Ric Simmons

Ohio State University (OSU) - Michael E. Moritz College of Law

Date Written: February 2, 2016

Abstract

Whenever a legislature creates a technology-specific crime, it faces a number of challenges. First, there is a risk that the new statute will merely duplicate existing crimes, thus overcriminalizing the conduct and creating unnecessary confusion. Second, the legislature needs to ensure that it provides the proper guidance to prosecutors, citizens, and courts with regard to the new concepts that need to be defined. And finally, the legislature needs to ensure that the law can be amended and updated as the technology evolves.

The Computer Fraud and Abuse Act (“CFAA”) is an example of technology-specific criminal provisions that fails all of these tests. Much of the CFAA is comprised of extortion, fraud, and criminal damaging statutes which prohibit conduct that is already covered by existing laws (or could be covered through minor changes to those laws). Meanwhile, the critical concepts of “loss,” “access,” and “authorization” in the statute remain poorly defined or completely undefined by the statute thirty years after it was first passed.

The best solution to this problem is for Congress to stop trying to regulate computer misconduct directly through legislation and empower an administrative agency to set more detailed and technical rules regarding what constitutes “computer trespass.” Thirty years of the CFAA have demonstrated that Congress lacks either the expertise or the inclination (or both) to define the relatively new concept of “computer trespass,” and the challenge is only becoming greater as the types of digital devices and the ways of communicating with these devices increase every year.

Keywords: CFAA, computer crime

JEL Classification: K14

Suggested Citation

Simmons, Ric, The Failure of the Computer Fraud and Abuse Act: Time to Take a New Approach to Regulating Computer Crime (February 2, 2016). George Washington Law Review, Forthcoming; Ohio State Public Law Working Paper No. 329. Available at SSRN: https://ssrn.com/abstract=2726662 or http://dx.doi.org/10.2139/ssrn.2726662

Ric Simmons (Contact Author)

Ohio State University (OSU) - Michael E. Moritz College of Law ( email )

55 West 12th Avenue
Columbus, OH 43210
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
292
Abstract Views
1,175
rank
112,984
PlumX Metrics