The California Comprehensive Computer Data Access and Fraud Act
In 1989, most Americans didn't yet have a personal computer, and the world wide web was still five long years away. However, some people in the United States and around the world were still using computers, and even getting online using bulletin board systems and dial-up connections. A small number of these users were not just getting online—they were deliberately spreading viruses and hacking into systems belonging to individuals and businesses without the authorization or knowledge of the owners of those systems. The California Comprehensive Computer Data Access and Fraud Act was designed to make these activities punishable by California state law.
“Computer Contaminants” and Viruses
When the California Comprehensive Computer Data Access and Fraud Act was passed, viruses were an even more serious business than they are now. At that time, virus scanning software was very rare, and getting a virus on your computer could mean that the system was rendered unusable—sometimes permanently. Viruses like “stone” and “michelangelo” made it impossible for users to access any of their files, and other viruses actually wrote over a user's files or corrupted all of their data.
The California Comprehensive Computer Data Access and Fraud Act banned the creation of “computer contaminants” designed to affect the operation of computers. According to the law, anyone who creates “any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information” can be subject to penalties.
Hacking and Unauthorized Access to Systems
The other main component of the California Comprehensive Computer Data Access and Fraud Act was a ban on “hacking,” or accessing systems without permission. Anyone accessing computer systems without permission for the purpose of wrongly using data, defrauding others, or blackmailing was considered to be an illicit hacker for the purposes of the law.
The California Comprehensive Computer Data Access and Fraud Act also banned any kind of unauthorized access that resulted in the unauthorized user downloading any information they did not have permission to take. As the act has been updated to include more recent internet developments, it now also bans the sending of emails from domain names without authorization.
Penalties Under the CCCDAFA
According to the California Comprehensive Computer Data Access and Fraud Act, violations of the law are subject to criminal penalties. For violating some of the more major premises of the Act, the punishment can be up to a $10,000 fine and a 3 year prison term.
More minor violations of the act, in which the value of the services taken is no more than $400, are subject to misdemeanor rather than felony penalties. The maximum punishment according to this part of the Act is a fine of up to $5000 and a one year sentence in county jail. Additionally, the law specifies that anyone who is the victim of a violation of this law is entitled to bring a civil suit against the violator in order to get compensation for their damages.