A Code-Based Approach to Unauthorized Access Under the Computer Fraud and Abuse Act

35 Pages Posted: 20 Apr 2017

Date Written: 2016


Thirty years ago, Congress passed the Computer Fraud and Abuse Act (CFAA) to combat the emerging problem of computer crime. The statute’s core prohibitions targeted one who “accesses” a computer “without authorization” or who “exceeds authorized access.” Over time, incremental statutory changes and large-scale technical changes have dramatically expanded the potential scope of the CFAA. The question of what constitutes unauthorized access has taken on far greater significance than it had thirty years ago, and courts remain deeply divided on this question. This Article explores the text, purpose, and history of the CFAA, as well as a range of normative considerations that should guide interpretation of the statute. The Article concludes that courts should pursue a narrow and “code-based” understanding of unauthorized access under the CFAA—both in terms of what it means to access a computer without authorization and in terms of what it means to exceed authorized access. The CFAA has strayed far from its original purpose: Congress failed to define key terms in the CFAA, and courts have overlooked limiting principles within the statute. From a normative perspective, even if it is desirable to provide owners of networked computer systems with stronger legal protection for their systems, the CFAA’s unauthorized access provisions are not the proper vehicle for doing so.

Keywords: cybercrime, computer crime, hacking, Computer Fraud and Abuse Act, unauthorized access

JEL Classification: K14, K42

Suggested Citation

Bellia, Patricia L., A Code-Based Approach to Unauthorized Access Under the Computer Fraud and Abuse Act (2016). George Washington Law Review, Vol. 84, No. 6, 2016, Available at SSRN: https://ssrn.com/abstract=2955742

Patricia L. Bellia (Contact Author)

Notre Dame Law School ( email )

P.O. Box 780
Notre Dame, IN 46556
United States
574-631-3866 (Phone)
574-631-8078 (Fax)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics