The Computer Fraud and Abuse Act (CFAA) was originally designed to protect the sort of sensitive personal information that's stored in a lot of databases, especially those used by the government or financial institutions.
Over the years, it's been amended and changed so many times that it has become hard to understand, vaguely worded and easy to violate. Its wording has been widely interpreted by prosecutors looking to make a tougher case in a crime where the internet is somehow involved. The punishment for seemingly minor offenses are draconian -- a fact that led at least one well-known activist to commit suicide when he was faced with a potential 30-year jail sentence for violating the CFAA.
Do you really need to worry about violating the CFAA? Consider the following different ways you may already have done so:
1. Violating a website's Terms of Service (TOS)
Have you read the Terms of Service of every website you use? This would include Google's search engine and Facebook. The internet activist ran afoul of this part of the CFAA when he downloaded a horde of academic articles from JSTOR -- violating the user agreement that he probably clicked through without reading just like most people do.
2. Getting into someone's email without permission.
This would include cases where you sneak back into the company directory of the company you quit to poach their client list (something you definitely shouldn't be doing) and giving your former employer's password out to a business rival (another thing you shouldn't do), but it could also include snooping in your spouse's work email because you're afraid he or she is having an affair with a coworker.
3. Finding a security flaw in a company's website.
Some companies will pay people to try to hack into their sites and test their online security system for them, but you could get into serious trouble under the CFAA if you stumble across a flaw in a company website if that company engages in interstate commerce, banking or government. It doesn't matter if you just poke around a little or share information that's already available publicly -- that's still illegal under the CFAA.
Government employees, those who work in banks, title companies, insurance agencies and credit unions are most at risk of CFAA violations. If you're under investigation, find an attorney who handles white collar crimes immediately.
Source: Cornell Law School, "18 U.S. Code 1030 - Fraud and related activity in connection with computers," accessed May 26, 2017