In plain terms. The CFAA is the core federal anti-hacking law. It makes it a crime to access computers without authorization or to go beyond the access you were given.
Who it applies to. Anyone who accesses a protected computer — originally focused on federal government computers — without authorization or in excess of authorization.
What it requires. It prohibits:
- Intentional unauthorized access to a government computer, or conduct that affects its use.
- Knowingly accessing a computer without (or beyond) authorization, with intent to defraud, to further a fraud and obtain something of value.
- Unauthorized access that alters, damages, or destroys information or blocks access to a computer or its data.
- Trafficking in passwords or information that would let someone gain unauthorized access to a federal government computer.
Why it matters. CFAA violations are federal felonies, punishable by fines and up to ten years of imprisonment for each violation — making it the statute most often behind federal computer-intrusion prosecutions.
Citation. Pub. L. 99-474 (Oct. 16, 1986).
DOJ Computer Crime & Intellectual Property Section (CCIPS) charging policy; case law including Van Buren v. United States (2021).