Cybercrime Law in the United States
The United States prosecutes computer crime primarily under federal statutes, backed by a patchwork of state laws covering data breaches and privacy.
Key federal laws
- Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 (1986) — the main anti-hacking statute. Criminalizes accessing a computer without authorization or exceeding authorized access, fraud, and causing damage to protected computers.
- Electronic Communications Privacy Act (ECPA) (1986) — includes the Wiretap Act and the Stored Communications Act, governing interception and access to stored communications.
- Identity Theft and Assumption Deterrence Act (1998) — makes identity theft a federal crime.
- CAN-SPAM Act (2003) — rules for commercial email.
State law
All 50 states have data-breach notification laws. California’s CCPA/CPRA is the most prominent state privacy regime; other states have followed with their own consumer-privacy acts.
Enforcement
The Department of Justice prosecutes federal cases, with investigations led by the FBI and the US Secret Service; the FTC handles consumer-protection and privacy matters.
Plain-language overview, not legal advice. Statutes and case law change — verify the current text and consult a qualified attorney for any specific situation.