In the United States, the primary federal statute criminalizing cracking was the Computer Fraud and Abuse Act (CFAA) of 1986. In 1996, the Act was amended by the National Information Infrastructure Protection Act of 1996 and codified as 18 U.S.C. Subsection 1030. At its inception, the CFAA applied only to government computers. Today it applies to a broad group of protected computers, including any used in interstate commerce. The CFAA, drafted with the future in mind, provides the principal basis for criminal prosecution of cybercrime in the United States. Broad in it application, the CFAA can be modified to reflect emerging changes in technology and criminal techniques. A conviction for violation of most of the provisions of the CFAA can be up to five years in prison and up to a $500,000 fine for a second offense. It also allows any target suffering damage or loss by reason of a violation of the CFAA to bring a civil action against the perpetrator for damages. The CFAA was amended in October 2001 by the USA PATRIOT Act. Section 1030, in particular, dealt with fraud and associated activities carried out with computers.

See Also: Computer Fraud and Abuse Act of 1986; Fraud; National Information Infrastructure Protection Act of 1996.