The Computer Fraud and Abuse Act (“CFAA”) provides civil and criminal penalties for computer intrusion. Current scholarship seeks to determine when a putative defendant has accessed a system without authorization. But no academic articles address who can bring suit for the intrusion. The system owner seems the natural complainant; after all, the CFAA punishes cyber-trespass. But the few courts to address the issue thus far have come to a surprising and contrary conclusion: anyone with confidential information on the system may bring suit. This turns the CFAA from a cyber-trespass statute into a more expansive tool, guarding against trade secret theft and other offenses normally governed by very different case law. Resolving this question has profound implications in an era when confidential documents get routinely stored on Dropbox, Google Drive, Amazon Web Services, and similar platforms. This Article will examine whether courts are correct to accord such broad standing to complainants and whether this comports with the Supreme Court’s views on constitutional standing. This Article will also consider whether this broad concept of CFAA standing makes sense in light of the statute’s history and purpose, and what effect it has on ideas about digital ownership generally.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.