Computer Abuse

DEFINITION of 'Computer Abuse'

The use of a computer to do something improper or illegal. Examples of computer abuse include using a computer to expose personally identifiable information (PII) such as Social Security numbers, using a computer to change the content of a website owned by someone else, intentionally infecting one computer with a worm that will spread to other computers, using a computer to illegally share copyrighted items, and using one computer to gain unauthorized access to another. Other examples of computer abuse include cyberbullying and using a work computer for personal tasks on company time.

People who commit computer abuse may be violating university policies, company policies, and/or federal law. Responding to computer abuse involves identifying the offending computer(s) and then trying to identify the individual abuser(s).

BREAKING DOWN 'Computer Abuse'

Some definitions of computer abuse consider computer crime to be a type of computer abuse. Other definitions consider the two to be completely distinct, calling computer abuse something dishonest or unethical and computer crime something illegal. These opinions are irrelevant, however, when it comes to the federal law governing computer abuse: The Computer Fraud and Abuse Act of 1984 (CFAA).

The CFAA criminalizes certain types of computer abuse by banning “unauthorized access” of computers and networks. The law has been used to successfully prosecute both high- and low-level hackers for both civil and criminal matters. Early on, for example, the law was used to convict the man who released the first computer worm in 1988. Over the years, however, the law’s vagueness has resulted in punishments as severe as decades in prison for minor abuses that did not cause economic or physical harm.

While the law was intended for the prosecution of hackers committing computer abuse by stealing valuable information and/or causing damage when they break into a computer system, Congress has expanded the CFAA five times so that activities that were once misdemeanors are now federal felonies and everyday users can be punished for minor infractions of an application’s terms of service.

For example, an incident that many people might not think of as computer abuse is creating a fake social media account. If the social media service’s terms and conditions require users to provide accurate information about their identities when creating an account, they could be prosecuted under the CFAA. This outcome is unlikely unless an individual uses a fake account for malicious purposes, such as cyberbullying, but it is a possibility—and that possibility of being prosecuted for something as minor as the mere creation of a fake account is a major problem with the CFAA. Attorneys have been able to exploit the law’s weaknesses to defend clients who should perhaps have been punished and prosecutors have been able to exploit the law to obtain convictions for minor incidents.

The most well-known example of the unintended consequences of expanding the Computer Fraud and Abuse Act was the threat of a 35-year prison sentence for internet activist Aaron Swartz for allegedly downloading millions of academic articles to which access was restricted through a subscription service, probably with the intent to freely distribute them. Arguably, Swartz’s alleged actions would be constituted as theft, but did the proposed punishment fit the alleged crime? Swartz did not seem to think so – he took his own life before the case could go to trial.

The act makes white lies such as understating your age or weight on a dating site a crime. It also makes violating a company’s policy on using a work computer for personal use a felony. If the law was widely enforced, almost every white collar worker in America would be in prison for computer abuse. Because it is arbitrarily and sometimes overly enforced, federal judges and scholars have advocated for changing the law to decriminalize terms of service violations. One impediment to loosening the law has been resistance by corporations who benefit from it. One of the changes to the CFAA, in 1994, amended the law to allow for civil actions, giving corporations a way to sue employees who steal company secrets.