September 2008 amendments to the Computer Fraud and Abuse Act broaden the already extensive reach of the law, and fail to clarify the most vexing question about the statute, the definition of “unauthorized access”. However, they do shed some light on the issue of what constitutes the necessary element of “damage”, showing that several cases holding that mere unauthorized viewing of data is sufficient for a CFAA claim were wrongly decided. As a result, the new amendments may give internet innovators, researchers and speakers some arguments that could keep search engines, vulnerability reporting and other legitimate uses of computer systems legal.
Click here for more analysis of the recent CFAA amendments.