Legal Definitions - Counterfeit Access Device and Computer Fraud and Abuse Act of 1984

The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 is a federal law that makes it a crime to engage in various activities involving computers without proper authorization. Specifically, it targets individuals who access computer systems belonging to banks or the federal government without permission, or who use such unauthorized access to improperly obtain something of value.

Here are some examples illustrating how this law applies:

• Example 1: Unauthorized Access to a Government Database

  Imagine a scenario where a former government contractor, whose security clearance has been revoked, attempts to log into a secure database maintained by the Department of Energy. Even if they don't manage to steal any information, the act of trying to gain unauthorized access to a federal government computer system could be a violation of this Act.

  This example illustrates the Act's prohibition against accessing a federal government computer system without permission. The attempt itself, even without successfully obtaining information, can constitute a violation.

• Example 2: Hacking a Bank's Internal Network for Financial Gain

  Consider a hacker who successfully breaches the internal network of a large national bank. Once inside, they navigate to a server containing customer account information and transfer funds from several accounts into their own offshore account. This action would fall under the Act because it involves unauthorized access to a bank's computer system and using that access to improperly obtain something of significant financial value.

  This example demonstrates both aspects of the Act: unauthorized access to a bank's computer system and the subsequent use of that access to improperly obtain something of value (money).

• Example 3: Insider Misuse of Access to a Federal System

  Suppose an employee at the Social Security Administration, who has legitimate access to certain government databases for their job, uses their credentials to look up the personal financial information of a celebrity, purely out of curiosity and without any official work purpose. While they have authorized access to the system generally, using that access for an unauthorized purpose (improperly obtaining personal information not related to their duties) could be considered a violation, especially if that information is deemed "of value" in a broader sense or if their actions exceed their authorized scope.

  This example highlights that even individuals with some level of authorized access can violate the Act if they exceed the scope of their permission to improperly obtain information from a federal government computer system.