What Is Computer Abuse?
Computer abuse is the legal term for the use of a computer to carry out improper or illegal activities, but which do not constitute financial crimes that would be classified as wire fraud.
Examples of computer abuse include using a computer to expose personally identifiable information (PII) such as Social Security numbers, using a computer to change the content of a website owned by someone else, intentionally infecting one computer with a virus or worm that will spread to other computers, using a computer to illegally share copyrighted items, or using one computer to gain unauthorized access to another. Other examples of computer abuse include cyberbullying and using a work computer for personal tasks on company time.
- Computer abuse refers to a broad category of activities wherein a computer is used to improperly or illegally cause harm to somebody else or their property.
- Cyber-bullying, hacking, identity theft, and even using a work PC for personal business are all examples of computer abuse.
- While not always enforced, acts that constitute computer abuse was codified in the 1984 Computer Fraud and Abuse Act (CFAA) which is enforceable at the federal level.
- Many today believe that the CFAA has grown overly restrictive, but attempts to loosen these regulations, such as Aaron's Law, have so far failed.
Understanding Computer Abuse
Computer abuse arises from the use a computer to harm somebody else in some way. People who commit computer abuse may be violating company policies, university policies, or federal law. Responding to computer abuse involves identifying the offending computer(s) and then trying to identify the individual abuser(s).
Some definitions of computer abuse consider computer crime to be a type of computer abuse. Other definitions consider the two to be completely distinct, calling computer abuse something dishonest or unethical and computer crime something illegal. These opinions are irrelevant; however, when it comes to the federal law governing computer abuse: The Computer Fraud and Abuse Act of 1984 (CFAA).
The Computer Fraud and Abuse Act of 1984
The CFAA criminalizes certain types of computer abuse by banning “unauthorized access” of computers and networks. The law has been used to successfully prosecute both high- and low-level hackers for both civil and criminal matters. Early on, for example, the law was used to convict the man who released the first computer worm in 1988. Over the years, however, the law’s vagueness has resulted in punishments as severe as decades in prison for minor abuses that did not cause economic or physical harm.
While the law was intended for the prosecution of hackers committing computer abuse by stealing valuable personal or corporate information, or causing damage when they break into a computer system, Congress has expanded the scope of the CFAA five times so that activities that were once considered misdemeanors are now federal felonies. As a result, everyday users can be punished for seemingly minor infractions of an application’s terms of service.
The CFAA, for instance, makes white lies such as understating your age or weight on a dating site a crime (even though this is rarely if ever prosecuted). It also makes violating a company’s policy on using a work computer for personal use a felony. If the law were widely enforced, almost every white collar worker in America would be in prison for computer abuse. Because it is arbitrarily and sometimes overly enforced, federal judges and scholars have advocated for changing the law to decriminalize terms of service violations. One impediment to loosening the law has been resistance by corporations who benefit from it. One of the changes to the CFAA in 1994, for example, amended the law to allow for civil actions, giving corporations a way to sue employees who steal company secrets.
Examples of Computer Abuse
An incident that many people might not think of as computer abuse is creating a fake social media account. If the social media service’s terms and conditions require users to provide accurate information about their identities when creating an account, they could be prosecuted under the CFAA. This outcome is unlikely unless an individual uses a fake account for malicious purposes, such as cyberbullying, but it is a possibility—and that possibility of being prosecuted for something as minor as the mere creation of a fake account is a major problem with the CFAA. Attorneys have been able to exploit the law’s weaknesses to defend clients who should perhaps have been punished, and prosecutors have been able to exploit the law to obtain convictions for minor incidents.
The most well-known example of the unintended consequences of expanding the Computer Fraud and Abuse Act was the threat of a 35-year prison sentence for internet activist Aaron Swartz for allegedly downloading millions of pay-walled academic articles to which access was restricted through a subscription service, probably with the intent to freely distribute them. Arguably, Swartz’s alleged actions would be constituted as theft, but did the proposed punishment fit the alleged crime? Swartz did not seem to think so — he took his own life before the case could go to trial.
Aaron’s Law was a bill introduced in the United States Congress in 2013 in honor of Swartz to loosen the CFAA. Though the bill did not pass Congress, it remains an influential bill.