Can the government violate the Computer Fraud and Abuse Act?

Short answer: Pretty much no.

The Computer Fraud and Abuse Act is found at 18 U.S.C. 1030. Subpart (f) reads as follows:

This section [i.e., the Computer Fraud and Abuse Act] does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.

The recent controversy over whether the FBI and/or the NSA is behind the recent Tor anonymity compromising brings this question up. So we can cut right to the question of whether that conduct is outside this exception to the CFAA, in that it is not a “lawfully authorized” law enforcement activity. Given the nuance and complexity of these issues, we should not expect easy answers.

Did you enjoy this post? Then please share it with your friends and colleagues: