Over the past few years, prosecutors used the Computer Fraud and Abuse Act (CFAA) to indict individuals who exposed security vulnerabilities or used the Internet to engage in activism. This presentation will explain and discuss the CFAA in three parts. First, it will look at what the CFAA is, why it was passed into law, and where the problematic language of the statute lies. Second, it will look at the major CFAA cases from the past few years to examine how the courts and the government interpret the CFAA. Finally, the talk will discuss possible reforms to the CFAA presented by various organizations and individuals.
Whitney Merrill (@wbm312) is an attorney and graduate student in computer science at the University of Illinois Urbana-Champaign specializing in information security, privacy, and Internet law. Her research focuses on Android privacy and the legal and usability issues surrounding encryption and information security. In 2014, Whitney co-founded and co-organized the Crypto & Privacy Village at DEF CON, and previously she interned at the Electronic Frontier Foundation.