Course No.: 9200 710 801
Course ID:  17261
Tu 6:30-9:30 p.m.
Room W-215
Professor Jay Dratler, Jr.
Room 231D (IP Alcove)
(330) 972-7972
Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2008   Jay Dratler, Jr.  
For permission, see CMI.

Questions to Consider during First Reading
of Computer Fraud and Abuse Act, 18 U.S.C. 1030

1.  What computers and computer systems does the Act protect?  Is the Act's protection limited to computer systems owned by the federal government or financial institutions, or is its coverage broader?  What specific parts of the statute determine its coverage?  What words in those parts?

2.  Once the statute applies to a particular computer system, against what specific acts does it protect that system?  Does it cover "computer fraud" (obtaining something of value by providing false information to or through a computer system)?  Does it cover "computer theft" (obtaining something of value through unauthorized access to a computer system, e.g., by stealing a list of passwords or credit-card numbers and using them to obtain services or goods unlawfully)?  Does it cover "hacking for vengeance" (unauthorized access intended to do damage to the computer system or someone using it)?  Does it cover "nuisance hacking" (obtaining unauthorized access for the purpose of showing one can do it, i.e., "bragging rights")?  if no perceptible damage is done?  if damage to systems or files results incidentally or accidentally?

3.  A "denial of service attack" (DOSA) on a computer system is an attack whose perpetrators overwhelm a system (typically a Website) by deliberately flooding it with repetitive and purposeless requests for access or information, thereby exceeding the system's capacity and preventing persons honestly seeking access from getting it.  Often the perpetrators enlist the unwitting and unwilling help of others' computers by inserting (without authorization) in "helper" computers hidden programs that flood the target computer with Internet messages at a pre-specified time or upon the receipt of a "trigger" signal that the perpetrators send to the helper computer(s).

Does this statute cover denial of service attacks?  if helper computer are used?  if no helper computers are used?  In each case, if there is coverage, what parts and words of the statute effect the coverage?  Is the coverage clear or ambiguous?

4.  Is the language of the statute, which reflects the accumulated barnacles of centuries of criminal law, helpful in understanding what the statute really covers?  Would more modern language be more helpful?  in assisting understanding and compliance by citizens?  in assuring swift and certain enforcement?  Or would modern language just hinder the highly trained criminal prosecutors who will have to enforce this law?

5.  Is the statute limited to criminal sanctions, or does it provide civil sanctions as well?  If it provides civil sanctions, in what subsection?

6.  What defenses and excuses would you expect defendants charged with violating the statute to raise, and how easy do you think they would be to establish?

7.  Reread the facts of the case of Hotmail v. Van Money Pie, Inc. and the court's conclusions regarding the Computer Fraud and Abuse Act.  What specific parts and words of the Act suggest violations by the defendants?  Are the violations clear?  What defenses or excuses might the defendants assert?

Back to Top