In our last post, we mentioned the case of Gilberto Valle and its connection to the Computer Fraud and Abuse Act. The law, which is an amendment of the Comprehensive Crime Control Act of 1984, is aimed at targeting aspects of cybercrime that aren't adequately covered by federal mail and wire fraud laws.
Several of the criminal offenses targeted by the Computer Fraud and Abuse Act require prosecutors to show that the defendant accessed a protected computer--defined as any computer which is used in or which affects interstate or foreign commerce, or used by the federal government or financial institutions-- "without authorization" or in a way that "exceed[ed] authorized access."
Generally speaking, the basic distinction is that "without authorization" applies to defendants who accesses a protected computer as outsiders, or those who do not have permission to use the computer or network. "Exceeding authorized access," by contrast, refers to defendants who access a protected computer as insiders, or those with permission to access the computer or network. Gilberto Valle would be considered an insider.
Because of the direction case law has gone in this area, prosecutors are less likely to be able to secure convictions for insider defendants under sections of the Computer Fraud and Abuse Act which make use of the "without authorization" language. The greater likelihood is that insider defendants will be charged under sections making use of the "exceeding authorized access" language.
In our next post, we'll take a look at what case law has to say about this language and then at how the Department of Justice is looking to change the situation.
Wxow.com, "Justice Department looks to sharpen computer crime law," Eric Tucker, September 2015.
Electronic Frontier Foundation, "United States v. Gilberto Valle, Accessed Sept. 16, 2015.
New York Times, "Gilberto Valle, Ex-New York Police Officer, Talks About His Cannibalism Fantasies in Film," Benjamin Weiser, April 16, 2015.