Supreme Court Leaves Holes in Anti-Hacking Law
The U.S. Supreme Court declined last week to consider two cases concerning the Computer Fraud and Abuse Act (CFAA), leaving certain questions unresolved regarding liability for computer hacking and the prospect for potentially harsh criminal and civil penalties, according to a post on the website of Androvett Legal Media & Marketing.
“Given the current state of the law, someone could potentially be put in jail or subject to civil liability under the CFAA in one jurisdiction and not in another for the very same act,” said attorney Shain Khoshbin of Dallas-based Munck Wilson Mandala. “In fact, someone could be potentially criminally prosecuted and civilly liable simply for password sharing.”
The CFAA was originally intended to criminally prosecute individuals who accessed classified information by hacking into government computers. The federal statute was later amended to allow private civil actions for violation of the act. This allowed businesses to take the offensive against hackers and those who improperly access digital assets stored in computers.
“As the definition of ‘computer’ continues to expand, and computer networks continue evolving to include social media platforms, cloud storage and a wide variety of subscription-based services, the CFAA will undoubtedly continue to be tested in the court system,” said Khoshbin.
“The CFAA is a valuable tool for businesses to use as part of their crisis management plan for data breaches, and to seek justice from those who improperly access electronic assets. But the judiciary or Congress needs to address and resolve some important issues so the law can be applied consistently.”