The Computer Fraud and Abuse Act (CFAA) was originally enacted in 1984 as a criminal statute to address hacking and the growing problem of computer crime. Recently, however, in an attempt to control competition and maintain market share, a number of companies have sought to prevent entities they deem unwelcome from obtaining data on their websites. Utilizing the civil action provisions of the CFAA, these companies have surprisingly succeeded in convincing federal courts that hacking includes accessing and using the factual information a company has chosen to post on a publicly available website. Despite the fact that many of the actions brought by owners of publicly accessible websites may fall within the literal language of the CFAA, such cases were arguably never intended to be covered by the statute. Additionally, by allowing website owners to protect information that is not protectable under copyright law, the CFAA unconstitutionally overrides the delicate balance of rights between authors and the public. Such a sweeping reading of prohibited acts under the CFAA threatens the free flow of information that belongs in the public domain. As a result, the continued openness of the Internet, along with its attendant benefits, is at risk. This Article begins by briefly explaining why the factual information that website owners seek to control is not protectable under copyright law. Next, Part III of this Article examines the history and purpose of the Computer Fraud and AbuseAct. Part IV explores the way in which software robots gather information on the Internet and why companies have tried to limit their use. Part V looks at the elements of a CFAA claim, including the way companies have sought to define unauthorized access under the Act. Part VI discusses the constitutional confines within which Congress can create private property rights in information. Part VI also examines the proprietary rights of publicly accessible website owners and whether such rights should include the right to prohibit software robots from accessing the information contained on their Internet sites or alternatively the servers upon which the websites reside. Part VII suggests language that could be used to amend the CFAA to ensure its constitutionality. Additionally, Part VII reviews and evaluates alternative methods for controlling truly harmful robot behavior.
Maryland Law Review
Suggested Bluebook Citation
Christine G. Davik,
Access Denied: Improper use of the Computer Fraud and Abuse Act to Control Information on Publicly Accessible Internet Websites,
Md. L. Rev.
Available at: https://digitalcommons.mainelaw.maine.edu/faculty-publications/15