Computer Fraud and Abuse Act of 1986
█ ADRIENNE WILMOTH LERNER
The United States Computer Fraud and Abuse Act of 1986 served to define criminal fraud and abuse for computer crimes on the federal level. The act specified a misdemeanor crime for the trafficking and misuse of passwords, and two felony offenses for unauthorized access to federal information systems and private computers deemed to have a "federal interest." The act removed several legal ambiguities that surrounded computer information theft, such as the lack of specific legislation mentioning computers and the slightness of legal precedence in such cases.
Computer data systems of varying sorts had been used by the United States government since the 1960s. In the early 1980s, the first computers for business and home use were available in the marketplace. This expanse of the computer-owning and software-literate population forced the government to begin finding ways to protect data, either through encryption or protective barrier mechanisms around certain files. With the advent of intranets and computer-to-computer communication through telephone lines, hacking, or the breaking into other computer systems, became more commonplace. In 1981, a computer-savvy 24-year-old named Ian Murphy hacked into several government systems, including the White House switchboard. Murphy used the switchboard to order various products before turning his attention to cracking the codes protecting sensitive military files. Murphy was arrested, but prosecutors did not have the legal recourse to try him for computer crimes, as no such laws existed. Murphy was eventually convicted of theft and knowingly receiving stolen goods.
By 1982, Congress began collecting data on computer crime, and gathering testimony from computer fraud victims. Most of the victims were major corporations who did not want their security breeches and vulnerability to become public knowledge. Not only was it easy for random hackers to crack a system, but also corporations could hack into the data systems of rival companies, engaging in corporate espionage. After five years, Congress introduced the Computer Fraud and Abuse Act of 1986. The bill passed decisively. That same session, the Electronic Communication Privacy Act of 1986 was passed, criminalizing the seizure and interception of digital messages and communication signals.
In January of 1989, Herbert Zinn was the first person to be convicted under the Computer Fraud and Abuse Act. As a teenager, Zinn broke into computer systems at the Department of Defense, wreaking havoc with several hundred files. Zinn was sentenced to nine months in prison and fined; he would have possibly received a harsher judgment if he had been over eighteen years-old at the time of the crime.
Since its inception, the Computer Fraud and Abuse Act has weathered changing technology and the development of the Internet. However, computer crime is once again on the rise, and only a fraction of victims report these crimes. Subsequent court proceedings and legislation such as the Compute Abuse Amendments Act of 1994 have provided specific wording criminalizing the promulgation of computer viruses and other damaging code.