Brooklyn Law Review


Myra F. Din


The Computer Fraud and Abuse Act (CFAA) is a federal statute designed to combat computer hacking. The Act proscribes accessing data without authorization. Federal circuits have interpreted “authorization” both broadly and narrowly, resulting in a circuit split. Whereas the First, Fifth, and Eleventh Circuits have held that misuse of computer access can constitute hacking under the CFAA, the Fourth and Ninth Circuits have held that scrapers must circumvent a code or technical barrier in order to satisfy the CFAA’s mens rea requirement. This note focuses on the conduct of data scrapers. Scrapers are computer programs that aggregate data from various websites in order to present the data to users in easily readable formats. Because scrapers can be both beneficial and harmful to the digital ecosystem, this note proposes that the term “authorization” should be construed narrowly in the context of scraping. As such, CFAA liability should only be triggered when scrapers are used to circumvent code barriers and harm the sources from which they collect data. Applying this code-based rule to authorization will align with the statute’s original purpose to combat computer fraud and will not unnecessarily expose beneficial scraper users to federal criminal liability.