Recent DOJ Policy for Charging Cases under the Computer Fraud and Abuse Act: Fair or Foul?

Event Video

Listen & Download

The Justice Department recently announced the issuance of a revised internal policy for charging cases brought under the Computer Fraud and Abuse Act (CFAA), our nation's main computer crime statute.  This revised policy was issued in the wake of the Supreme Court case of United States v. Van Buren, which held that the CFAA’s “exceeds authorized access” provision does not cover those who have improper motives for obtaining information that is otherwise available to them.  Additionally, the new DOJ policy for the first time directs federal prosecutors that good-faith security research should not be charged under the CFAA, but also acknowledges that claiming to be conducting security research is not a free pass for those acting in bad faith.


Does the new DOJ charging policy strike a reasonable balance between privacy and law enforcement interests?  Do its protections for security research go far enough, or do they extend too far?  In the wake of Van Buren and this policy, does the federal government have adequate tools to address insider threats, especially where such threats are focused on invasions of privacy and confidentiality instead of being motivated by financial gain?


Join us as our panel of experts break down these questions.



  • Prof. Orin Kerr, Willam G. Simon Professor of Law, University of California, Berkeley School of Law 
  • Prof. Michael Levy, Adjunct Professor of Law, Penn Carey Law, University of Pennsylvania 
  • [Moderator] John Richter, Partner, King & Spalding


As always, the Federalist Society takes no position on particular legal or public policy issues; all expressions of opinion are those of the speaker.