By James T. Graves, Alessandro Acquisti, Ross Anderson

The U.S. Computer Fraud and Abuse Act (CFAA)1 is not a popular law.2 Enacted in 1986 to deal with the nascent computer crimes of that era, it has aged badly. It has been widely criticized as vague, poorly structured, and having an overly broad definition of loss that invites prosecutorial abuse.

Perception Versus Punishment in Cybercrime