By Dale C. Campbell and David Muradyan
The Seventh Circuit and the Ninth Circuit do not agree on what constitutes “authorization” under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (2004) (“CFAA”)? The CFAA prohibits accessing computers “without authorization” or “exceed[ing] authorized access” to take various forbidden actions, ranging from obtaining information to damaging a computer or computer data. See 18 U.S.C. § 1030(a)(1)-(7). Notably, the CFAA provides a private cause of action for persons who have suffered harm resulting from computer fraud. Id. § 1030(g). The CFAA provides, in relevant part: “Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.” Id. To assert a viable claim, the harmed plaintiff must allege, among other things, that the defendant intentionally accessed its information “without authorization” or “exceeds authorized access.” Id. § 1030(a)(2). Congress enacted the CFAA in 1984 to enhance the government’s ability to prosecute computer crimes. LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130 (9th Cir. 2009). The CFAA was targeted to rein in hackers who illegally accessed computers to steal data or to disrupt or destroy computer functionality. Id. The CFAA was also designed to target criminals who possessed the capacity to “’access and control high technology processes vital to our everyday lives . . ..’” Id. at 1130-31 (citing H.R. Rep. 98-894, 1984 U.S.C.C.A.N. 3689, 3694 (July 24, 1984).Continue Reading The Seventh And Ninth Circuits Split On What Constitutes “Without Authorization” Within The Meaning Of The Computer Fraud And Abuse Act