The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.
CFAA was originally designed to protect computer systems operated by the U.S. government and some financial institutions, but expanded in scope after several amendments. Following the 2001 terrorist attacks, the country's Patriot Act amended the Computer Fraud and Abuse Act to allow search and seizure of records from an ISP. In addition to prosecuting illegal intruders, the Computer Fraud and Abuse Act has been cited by private corporations seeking to safeguard trade secrets and other proprietary information. After Congress amended the CFAA in 1994 to cover private litigans pursuing civil damages, several businesses cited the law primarily to sue employees and former employees suspected of stealing information for competitive purposes.