Computer Fraud and Abuse Act
Title 18. Crimes and Criminal Procedure
Part I. Crimes
Chapter 47. Fraud and False Statements
18 U.S.C. § 1030. Fraud and related activity in connection with
computers
.(a) Whoever—
(1) having knowingly accessed a computer without authorization or
exceeding authorized access, and by means of such conduct having obtained
information that has been determined by the United States Government pursuant
to an Executive order or statute to require protection against unauthorized
disclosure for reasons of national defense or foreign relations, or any
restricted data, as defined in paragraph y of section 11 of the Atomic
Energy Act of 1954 [42 U.S.C. § 2014(y)], with reason to believe that
such information so obtained could be used to the injury of the United
States, or to the advantage of any foreign nation willfully communicates,
delivers, transmits, or causes to be communicated, delivered, or transmitted,
or attempts to communicate, deliver, transmit or cause to be communicated,
delivered, or transmitted the same to any person not entitled to receive
it, or willfully retains the same and fails to deliver it to the officer
or employee of the United States entitled to receive it;
(2) intentionally accesses a computer without authorization or exceeds
authorized access, and thereby obtains—
(A) information contained in a financial record of a financial
institution, or of a card issuer as defined in section 1602(n) of title
15, or contained in a file of a consumer reporting agency on a consumer,
as such terms are defined in the Fair Credit Reporting Act [15 U.S.C.
§§ 1681 et seq.);
(B) information from any department or agency of the United States;
or
(C) information from any protected computer if the conduct involved
an interstate or foreign communication;
(3) intentionally, without authorization to access any nonpublic
computer of a department or agency of the United States, accesses such
a computer of that department or agency that is exclusively for the use
of the Government of the United States or, in the case of a computer not
exclusively for such use, is used by or for the Government of the United
States and such conduct affects that use by or for the Government of the
United States;
(4) knowingly and with intent to defraud, accesses a protected computer
without authorization, or exceeds authorized access, and by means of such
conduct furthers the intended fraud and obtains anything of value, unless
the object of the fraud and the thing obtained consists only of the use
of the computer and the value of such use is not more than $ 5,000 in
any 1-year period;
(5)
(A) knowingly causes the transmission of a program, information,
code, or command, and as a result of such conduct, intentionally causes
damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization,
and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization,
and as a result of such conduct, causes damage;
(6) knowingly and with intent to defraud traffics (as defined in
section 1029) in any password or similar information through which a computer
may be accessed without authorization, if—
(A) such trafficking affects interstate or foreign commerce; or
(B) such computer is used by or for the Government of the United
States;
(7) with intent to extort from any person, firm, association, educational
institution, financial institution, government entity, or other legal
entity, any money or other thing of value, transmits in interstate or
foreign commerce any communication containing any threat to cause damage
to a protected computer;
shall be punished as provided in subsection (c) of this section.
(b) Whoever attempts to commit an offense under subsection (a) of
this section shall be punished as provided in subsection (c) of this section.
(c) The punishment for an offense under subsection (a) or (b) of this
section is—
(1)
(A) a fine under this title or imprisonment for not more than
ten years, or both, in the case of an offense under subsection (a)(1)
of this section which does not occur after a conviction for another
offense under this section, or an attempt to commit an offense punishable
under this subparagraph; and
(B) a fine under this title or imprisonment for not more than
twenty years, or both, in the case of an offense under subsection (a)(1)
of this section which occurs after a conviction for another offense
under this section; or an attempt to commit an offense punishable under
this subparagraph;
(2)
(A) a fine under this title or imprisonment for not more than
one year, or both, in the case of an offense under subsection (a)(2),
(a)(3), (a)(5)(C), or (a)(6) of this section which does not occur after
a conviction for another offense under this section, or an attempt to
commit an offense punishable under this subparagraph; and
(B) a fine under this title or imprisonment for not more than
5 years, or both, in the case of an offense under subsection (a)(2),
if—
(i) the offense was committed for purposes of commercial advantage
or private financial gain;
(ii) the offense was committed in furtherance of any criminal
or tortious act in violation of the Constitution or laws of the United
States or of any State; or
(iii) the value of the information obtained exceeds $ 5,000;
(C) a fine under this title or imprisonment for not more than
ten years, or both, in the case of an offense under subsection (a)(2),
(a)(3) or (a)(6) of this section which occurs after a conviction for
another offense under this section, or an attempt to commit an offense
punishable under this subparagraph; and
(3)
(A) a fine under this title or imprisonment for not more than
five years, or both, in the case of an offense under subsection (a)(4),
(a)(5)(A), (a)(5)(B), or (a)(7) of this section which does not occur
after a conviction for another offense under this section, or an attempt
to commit an offense punishable under this subparagraph; and
(B) a fine under this title or imprisonment for not more than
ten years, or both, in the case of an offense under subsection (a)(4),
(a)(5)(A), (a)(5)(B), (a)(5)(C), or (a)(7) of this section which occurs
after a conviction for another offense under this section, or an attempt
to commit an offense punishable under this section; and
(d) The United States Secret Service shall, in addition to any other
agency having such authority, have the authority to investigate offenses
under subsections (a)(2)(A), (a)(2)(B), (a)(3), (a)(4), (a)(5), and (a)(6)
of this section. . . .
(e) As used in this section—
(1) the term "computer" means an electronic, magnetic, optical,
electrochemical, or other high speed data processing device performing
logical, arithmetic, or storage functions, and includes any data storage
facility or communications facility directly related to or operating in
conjunction with such device, but such term does not include an automated
typewriter or typesetter, a portable hand held calculator, or other similar
device;
(2) the term "protected computer" means a computer—
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not exclusively
for such use, used by or for a financial institution or the United States
Government and the conduct constituting the offense affects that use
by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communication;
(3) the term "State" includes the District of Columbia, the Commonwealth
of Puerto Rico, and any other commonwealth, possession or territory of
the United States;
(4) the term "financial institution" means—
(A) an institution, with deposits insured by the Federal Deposit
Insurance Corporation;
(B) the Federal Reserve or a member of the Federal Reserve including
any Federal Reserve Bank;
(C) a credit union with accounts insured by the National Credit
Union Administration;
(D) a member of the Federal home loan bank system and any home
loan bank;
(E) any institution of the Farm Credit System under the Farm Credit
Act of 1971;
(F) a broker-dealer registered with the Securities and Exchange
Commission pursuant to section 15 of the Securities Exchange Act of
1934 [15 U.S.C. § 78o];
(G) the Securities Investor Protection Corporation;
(H) a branch or agency of a foreign bank (as such terms are defined
in paragraphs (1) and (3) of section 1(b) of the International Banking
Act of 1978 [12 U.S.C. § 3101(1) and (3)]); and
(I) an organization operating under section 25 or section 25(a)
of the Federal Reserve Act;
(5) the term "financial record" means information derived from any
record held by a financial institution pertaining to a customer's relationship
with the financial institution;
(6) the term "exceeds authorized access" means to access a computer
with authorization and to use such access to obtain or alter information
in the computer that the accesser is not entitled so to obtain or alter;
(7) the term "department of the United States" means the legislative
or judicial branch of the Government or one of the executive department
enumerated in section 101 of title 5; and
(8) the term "damage" means any impairment to the integrity or availability
of data, a program, a system, or information, that—
(A) causes loss aggregating at least $ 5,000 in value during any
1-year period to one or more individuals;
(B) modifies or impairs, or potentially modifies or impairs, the
medical examination, diagnosis, treatment, or care of one or more individuals;
(C) causes physical injury to any person; or
(D) threatens public health or safety; and
(9) the term "government entity" includes the Government of the
United States, any State or political subdivision of the United States,
any foreign country, and any state, province, municipality, or other
political subdivision of a foreign country. (10) the term "conviction" shall
include a conviction under the law of any State for a crime punishable
by imprisonment for more than 1 year, an element of which is unauthorized
access, or exceeding authorized access, to a computer;
(11) the term "loss" means any reasonable cost to any victim, including
the cost of responding to an offense, conducting a damage assessment, and restoring
the data, program, system, or information to its condition prior to the offense,
and any revenue lost, cost incurred, or other consequential damages incurred
because of interruption of service; and
(12) the term "person" means any individual, firm, corporation, educational
institution, financial institution, governmental entity, or legal or other entity.
(f) This section does not prohibit any lawfully authorized investigative,
protective, or intelligence activity of a law enforcement agency of the
United States, a State, or a political subdivision of a State, or of an
intelligence agency of the United States.
(g) Any person who suffers damage or loss by reason of a violation
of this section may maintain a civil action against the violator to obtain
compensatory damages and injunctive relief or other equitable relief. Damages
for violations involving damage as defined in subsection (e)(8)(A) are limited
to economic damages. No action may be brought under this subsection
unless such action is begun within 2 years of the date of the act complained
of or the date of the discovery of the damage.
(h) The Attorney General and the Secretary of the Treasury shall report
to the Congress annually, during the first 3 years following the date of
the enactment of this subsection [enacted Sept. 13, 1994], concerning investigations
and prosecutions under subsection (a)(5).
* * *
Back to Top
|