The Computer Fraud and Abuse Act (“CFAA”) amends the federal criminal code to change the scienter requirement from “knowingly” to “intentionally” for certain offenses regarding accessing the computer files of another. It revises the definition of “financial institution” to which the financial record provisions of computer fraud law apply. It applies such provisions to any financial records, including, but not limited to, those of corporations and small businesses, not just those of individuals and certain partnerships. It modifies existing federal law regarding accessing federal computers. It makes the basic offense trespass. The federal statute removes criminal liability for exceeding without the intent to defraud authorized access to a federal computer in one’s own department or agency. This law creates new federal criminal offenses of: (1) property theft by computer occurring as part of a scheme to defraud; (2) altering, damaging, or destroying information in, or preventing the authorized use of, a federal interest computer; and (3) trafficking in computer access passwords. It eliminates the special conspiracy provisions for computer crimes. These conspiracies shall be treated under the general federal conspiracy statutes. It amends penalty provisions to remove the cap on fines for certain computer crimes. Finally, it exempts authorized law enforcement or intelligence activities.
Whoever (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains: