Law Commons^™

Twenty Years Of Web Scraping And The Computer Fraud And Abuse Act, Andrew Sellars

Faculty Scholarship

"Web scraping" is a ubiquitous technique for extracting data from the World Wide Web, done through a computer script that will send tailored queries to websites to retrieve specific pieces of content. The technique has proliferated under the ever-expanding shadow of the Computer Fraud and Abuse Act (CFAA), which, among other things, prohibits obtaining information from a computer by accessing the computer without authorization or exceeding one's authorized access.

Unsurprisingly, many litigants have now turned to the CFAA in attempt to police against unwanted web scraping. Yet despite the rise in both web scraping and lawsuits about web scraping, practical …

Consenting To Computer Use, James Grimmelmann

Cornell Law Faculty Publications

The federal Computer Fraud and Abuse Act (CFAA) makes it a crime to “access a computer without authorization or exceed authorized access.” Courts and commentators have struggled to explain what types of conduct by a computer user are “without authorization.” But this approach is backwards; authorization is not so much a question of what a computer user does, as it is a question of what a computer owner allows.

In other words, authorization under the CFAA is an issue of consent, not conduct; to understand authorization, we need to understand consent. Building on Peter Westen’s taxonomy of consent, I argue …

A Code-Based Approach To Unauthorized Access Under The Computer Fraud Abuse Act, Patricia L. Bellia

Journal Articles

Thirty years ago, Congress passed the Computer Fraud and Abuse Act (CFAA) to combat the emerging problem of computer crime. The statute’s core prohibitions targeted one who “accesses” a computer “without authorization” or who “exceeds authorized access.” Over time, incremental statutory changes and large-scale technical changes have dramatically expanded the potential scope of the CFAA. The question of what constitutes unauthorized access has taken on far greater significance than it had thirty years ago, and courts remain deeply divided on this question. This Article explores the text, purpose, and history of the CFAA, as well as a range of normative …

Criminalizing Hacking, Not Dating: Reconstructing The Cfaa Intent Requirement, David Thaw

Articles

Cybercrime is a growing problem in the United States and worldwide. Many questions remain unanswered as to the proper role and scope of criminal law in addressing socially-undesirable actions affecting and conducted through the use of computers and modern information technologies. This Article tackles perhaps the most exigent question in U.S. cybercrime law, the scope of activities that should be subject to criminal sanction under the Computer Fraud and Abuse Act (CFAA), the federal "anti-hacking" statute.

At the core of current CFAA debate is the question of whether private contracts, such as website "Terms of Use" or organizational "Acceptable Use …