18 U.S.C. § 1030

Computer Fraud and Abuse Act

Statute — United States Federal

Effective: October 16, 1986 100 platforms tracked 356 provisions indexed Enforced by: U.S. Department of Justice (DOJ), Federal Courts (private right of action), FBI Last reviewed Apr 22, 2026

Overview

The Computer Fraud and Abuse Act is the primary federal anti-hacking statute. For platform governance, CFAA is foundational because it provides the legal framework under which platforms define and enforce 'authorized access' through their terms of service.

The Supreme Court's 2021 decision in Van Buren v. United States narrowed 'exceeds authorized access' to mean accessing information a person is not entitled to, rather than using permitted access for impermissible purposes.

Platform terms of service routinely reference CFAA-adjacent concepts: prohibitions on scraping, automated access, reverse engineering, and accessing accounts without authorization.

Penalties

Criminal: up to 5-20 years imprisonment. Civil: compensatory damages and injunctive relief (requires $5,000 minimum loss).

Key Articles & Sections

§ 1030(a)(2) Unauthorized Access to Obtain Information

Prohibits intentionally accessing a computer without authorization to obtain information from any protected computer.
Read full text →
§ 1030(a)(5) Damage to Protected Computers

Prohibits knowingly causing damage to protected computers through transmission of programs, code, or commands.
Read full text →
§ 1030(g) Civil Action

Private right of action for compensatory damages and injunctive relief for violations causing loss of at least $5,000.
Read full text →

Platforms We Track Subject to CFAA

2 relevant provisions

0 relevant provisions

0 relevant provisions

5 relevant provisions

0 relevant provisions

0 relevant provisions

0 relevant provisions

20 relevant provisions

0 relevant provisions

24 relevant provisions

9 relevant provisions

0 relevant provisions

0 relevant provisions

Bank of America

3 relevant provisions

3 relevant provisions

0 relevant provisions

0 relevant provisions

0 relevant provisions

2 relevant provisions

1 relevant provision

0 relevant provisions

2 relevant provisions

2 relevant provisions

1 relevant provision

3 relevant provisions

0 relevant provisions

0 relevant provisions

3 relevant provisions

2 relevant provisions

0 relevant provisions

Showing 30 of 100 platforms. View all platforms →

Recent Changes Related to CFAA

Apr 20, 2026 Canva Low

Canva updated their Privacy Policy on April 20, 2026, with a minor navigation change adding 'Template library' to the product menu in the page header. The actual privacy policy text itself does not a…
View change record →
Apr 20, 2026 Canva Low

Canva updated their Terms of Use on April 20, 2026. The change adds 'Template library' as a listed item in their product navigation menu. This is a minor cosmetic update to the document's navigation …
View change record →
Apr 20, 2026 Udemy Low

Udemy replaced the welcoming introductory text on their legal terms and resource center page with a 'page not found' error message. Previously, the page greeted visitors with a friendly description o…
View change record →
Apr 20, 2026 Reddit Low

Reddit's privacy policy page was detected as changed on April 20, 2026, but the actual difference is limited to an internal JavaScript challenge token used for bot verification — not any substantive …
View change record →
Apr 20, 2026 Chime Medium

Chime updated the Bancorp Bank privacy notice on April 20, 2026, reverting it to an older 2017 version from the 2025 version. A key change is that The Bancorp now states it does NOT engage in joint m…
View change record →
Apr 19, 2026 Waze Medium

Waze updated its privacy policy on April 19, 2026, removing several sections about social network integration and a 'find friends' feature that previously explained how Waze collected phone contacts …
View change record →
Apr 19, 2026 Waze Low

On April 19, 2026, Waze updated its Terms of Use by adding foundational language that formally identifies Waze Mobile Ltd. (an Israeli company with Google affiliates) as the service provider and clar…
View change record →
Apr 19, 2026 Uniswap Low

Uniswap updated their privacy policy page on April 19, 2026, but the detected change appears to be primarily a structural and navigational overhaul rather than a substantive update to privacy commitm…
View change record →
Apr 19, 2026 Uniswap Low

Uniswap updated their Terms of Service page on April 19, 2026, transforming it from a straightforward legal terms document into what appears to be a help center or FAQ hub with navigation links cover…
View change record →
Apr 19, 2026 Gusto Low

On April 19, 2026, Gusto updated their privacy policy by adding two new documents to their terms library — 'EIN Application Service Supplemental Terms' and 'Gusto Powered Practices Contest Official R…
View change record →

Official Source

View official regulation text →

Get alerted when platforms change their policies — including CFAA-relevant provisions.

Subscribe to Watcher — $9.99/mo