Questions to Consider during First Reading
of Computer Fraud and Abuse Act, 18 U.S.C. § 1030
1. What computers and computer systems does the Act protect? Is
the Act's protection limited to computer systems owned by the federal government
or financial institutions, or is its coverage broader? What specific
parts of the statute determine its coverage? What words in those parts?
2. Once the statute applies to a particular computer system, against
what specific acts does it protect that system? Does it cover "computer
fraud" (obtaining something of value by providing false information to or
through a computer system)? Does it cover "computer theft" (obtaining
something of value through unauthorized access to a computer system, e.g.,
by stealing a list of passwords or credit-card numbers and using them to
obtain services or goods unlawfully)? Does it cover "hacking for vengeance"
(unauthorized access intended to do damage to the computer system or someone
using it)? Does it cover "nuisance hacking" (obtaining unauthorized
access for the purpose of showing one can do it, i.e., "bragging rights")?
if no perceptible damage is done? if damage to systems or files
results incidentally or accidentally?
3. A "denial of service attack" (DOSA) on a computer system is an
attack whose perpetrators overwhelm a system (typically a Website) by deliberately
flooding it with repetitive and purposeless requests for access or information,
thereby exceeding the system's capacity and preventing persons honestly
seeking access from getting it. Often the perpetrators enlist the
unwitting and unwilling help of others' computers by inserting (without
authorization) in "helper" computers hidden programs that flood the target
computer with Internet messages at a pre-specified time or upon the receipt
of a "trigger" signal that the perpetrators send to the helper computer(s).
Does this statute cover denial of service attacks? if helper computer
are used? if no helper computers are used? In each case, if
there is coverage, what parts and words of the statute effect the coverage?
Is the coverage clear or ambiguous?
4. Is the language of the statute, which reflects the accumulated
barnacles of centuries of criminal law, helpful in understanding what the
statute really covers? Would more modern language be more helpful?
in assisting understanding and compliance by citizens? in assuring
swift and certain enforcement? Or would modern language just hinder
the highly trained criminal prosecutors who will have to enforce this law?
5. Is the statute limited to criminal sanctions, or does it provide
civil sanctions as well? If it provides civil sanctions, in what subsection?
Back to Top