Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA) was enacted by Congress in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. It was written to clarify and increase the scope of the previous version of 18 U.S.C. § 1030 while, in theory, limiting federal jurisdiction to cases "with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature." (see "Protected Computer", below). In addition to clarifying a number of the provisions in the original section 1030, the CFAA also criminalized additional computer-related acts. Provisions addressed the distribution of malicious code and denial of service attacks. Congress also included in the CFAA a provision criminalizing trafficking in passwords and similar items.

The Act has been amended a number of times—in 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act.

In January 2015 Barack Obama proposed expanding the CFAA and the RICO Act in his Modernizing Law Enforcement Authorities to Combat Cyber Crime proposal.DEF CON organizer and Cloudflare researcher Marc Rogers, Senator Ron Wyden, and Representative Zoe Lofgren have stated opposition to this on the grounds it will make many regular Internet activities illegal, and moves further away from what they were trying to accomplish with Aaron's Law.

The only computers, in theory, covered by the CFAA are defined as "protected computers". They are defined under section 18 U.S.C. § 1030(e)(2) to mean a computer:

...
Wikipedia