Federal Computer Fraud Charges Under 18 USC 1030 (CFAA): When Computer Use Becomes Criminal
So your probably facing federal computer fraud charges under CFAA and your ABSOLUTELY CONFUSED because you thought you were just accessing computer systems for work or research. Maybe you used login credentials that prosecutors claim exceeded your authorization. Maybe there’s allegations you accessed files you weren’t supposed to see. Or maybe your just accused of violating website terms of service. Look, we get it. Your COMPLETELY OVERWHELMED by these charges. And you should be! Because Computer Fraud and Abuse Act under 18 USC 1030 carries up to 20 YEARS in federal prison and prosecutors use CFAA to criminalize routine computer activities that cause no harm!
What Is the Computer Fraud and Abuse Act (CFAA)?
Let me explain the prosecutorial weapon that criminalizes computer use. CFAA enacted in 1986 to combat hacking but has expanded to cover ordinary computer activities! Originally targeted hackers breaking into government computers but now applies to ANYONE using computers in ways prosecutors claim are “unauthorized”!
The statute has SEVEN subsections creating different computer crimes! Section (a)(1) targets espionage, (a)(2) obtaining information, (a)(3) accessing government computers, (a)(4) fraud schemes, (a)(5) damaging computers, (a)(6) trafficking in passwords, (a)(7) extortion! Each has different elements and penalties!
Here’s what’s really scary – “protected computer” means ANY computer connected to internet or used in interstate commerce! Your laptop? Protected computer! Work computer? Protected computer! Website servers? Protected computers! Virtually EVERY computer is “protected” giving federal jurisdiction!
Two key phrases prosecutors abuse: “without authorization” and “exceeds authorized access”! Without authorization means no permission at all! Exceeds authorized access means accessing computer with permission but obtaining information you’re not entitled to! Vague terms create prosecutorial discretion!
What Did Supreme Court Rule in Van Buren v. United States?
HUGE 2021 decision limiting CFAA prosecutions!
Need Help With Your Case?
Don't face criminal charges alone. Our experienced defense attorneys are ready to fight for your rights and freedom.
- 100% Confidential
- Response Within 1 Hour
- No Obligation Consultation
Or call us directly:
(212) 300-5196Police sergeant Van Buren ran license plate search for personal reason violating department policy! Government charged him with exceeding authorized access! Supreme Court reversed conviction holding “exceeds authorized access” applies only when accessing areas of computer system you’re not allowed to access!
The ruling distinguished “gates-up-or-down” inquiry from “purposes” inquiry! If you have authorization to access part of computer system, using it for improper purpose doesn’t violate CFAA! Only accessing forbidden areas violates statute!
This protects employees who misuse data they’re authorized to see! Salesman downloads customer list before quitting? Van Buren says NOT CFAA violation if salesman had access to that database! Using data improperly isn’t “exceeding authorized access”!
Todd Spodek
Lead Attorney & Founder
Featured on Netflix's "Inventing Anna," Todd Spodek brings decades of high-stakes criminal defense experience. His aggressive approach has secured dismissals and acquittals in cases others deemed unwinnable.
Your employer discovered you copied proprietary client databases onto a personal USB drive before resigning to join a competitor. Federal prosecutors have now charged you under 18 USC 1030(a)(2) for intentionally accessing a protected computer and obtaining information that exceeded your authorized access, even though you had valid login credentials the entire time.
How can I be charged with computer fraud when I had a legitimate username and password and was never told I couldn't access those files?
Under the Computer Fraud and Abuse Act (18 USC 1030), authorization is not simply about whether you had valid credentials — it also concerns whether you exceeded the scope of your permitted access. The Supreme Court's decision in Van Buren v. United States (2021) narrowed this definition, holding that a person exceeds authorized access only when they access areas of a computer they were not entitled to access at all, not merely when they misuse information they were otherwise permitted to retrieve. We would investigate whether the files you accessed fell within your normal job duties and whether any written policies explicitly restricted your access to that data. Building a strong defense around Van Buren and challenging the government's theory of 'exceeding authorized access' could be the difference between a felony conviction carrying up to five years in prison and a complete dismissal.
This is general information only. Contact us for advice specific to your situation.
But prosecutors still charge CFAA for workplace data theft! They argue accessing data with intent to misuse it means you NEVER had authorization! Courts split on whether Van Buren fully protects employees who misuse authorized access!
We use Van Buren aggressively! If client had login credentials and accessed systems they routinely used, Van Buren says not CFAA violation! Government must prove accessed areas that were off-limits, not just used authorized access improperly!
