In September of last year, Congress amended the Computer Fraud and Abuse Act (CFAA) as part of a larger bill dealing with identity theft. Unfortunately, the amendments broaden the already extensive reach of the law, and fail to clarify the most vexing question about the statute, the definition of “unauthorized access”. However, they do shed some light on the issue of what constitutes the necessary element of “damage”, showing that several cases holding that mere unauthorized viewing of data is sufficient for a CFAA claim were wrongly decided…
