I’m not a lawyer, and this is not legal advice. But if you write code or work on websites, you need at least a basic understanding of the Computer Fraud and Abuse Act (CFAA), U.S. Code Title 18, Section 1030.
“I’m just building websites and apps — does this really affect me?”
Yes, it can.
In simple terms, CFAA is a U.S. law meant to protect computers and networks from unauthorized access and tampering. It was first passed in 1986, which means it’s old in internet years. But it still applies today.
- Still have access to those old client websites as an admin?
- Don’t have a take-down clause in your contract, but your client did not pay, and you want to close the site down?
- Want to scrape some data from a client site that they did not give you access to?
The law is broad enough that even well-meaning developers can accidentally run into issues. You don’t have to be a hacker-in-a-hoodie trying to break into a bank.
One of the challenges with the CFAA is that parts of it are vague, especially the phrase “exceeds authorized access.” Over time, some courts have ruled that violating a site’s terms of service alone isn’t automatically a CFAA violation. Others have disagreed. In 2021, the U.S. Supreme Court narrowed the law slightly (in Van Buren v. United States), but there are still areas of uncertainty.
Again, this is not legal advice. But, make sure you know what you can and can not do under the law. The web is not the wild wild west.
Leave a Reply