Do Not Read This Article at Work: The CFAA's Vagueness Problem and Recent Legislative Attempts to Correct It
The Computer Fraud and Abuse Act (“CFAA”), the nation’s leading anti-hacking statute, criminalizes unauthorized access to any computer in the world. The CFAA does not specify what types of computer use qualify as unauthorized access, and circuit courts are split over approaches to defining the term. Although some courts have held that violations of private contracts such as employment agreements or website Terms of Service agreements constitute unauthorized access to a computer, others have held that such a broad reading renders the CFAA unconstitutionally vague. In the past year, lawmakers have introduced bills to clarify the conduct prohibited by the CFAA. Although each proposal narrows the scope of the CFAA, only one—Aaron’s Law—provides sufficient clarity to correct the CFAA’s vagueness problem.