Definition
The term protected computer is defined in the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030(e)(2)), as amended, as:
“ | a computer
|
” |
Legislative history
The term "protected computer" did not appear in the CFAA until 1996, when Congress attempted to correct deficiencies identified in earlier versions of the statute. In 1994, Congress amended the CFAA so that it protected any "computer used in interstate commerce or communication" rather than a "Federal interest computer." This change expanded the scope of the Act to include certain non-government computers that Congress deemed deserving of federal protection.[1] In doing so, however, Congress "inadvertently eliminated Federal protection for those Government and financial institution computers not used in interstate commerce." [2]
Congress corrected this error in the 1996 amendments to the Computer Fraud and Abuse Act )CFAA), which defined "protected computer" as a computer used by the federal government or a financial institution, or one "which is used in interstate or foreign commerce."[3] The definition did not explicitly address situations where an attacker within the United States attacks a computer system located abroad. In addition, this definition was not readily applicable to situations in which individuals in foreign countries routed communications through the United States as they hacked from one foreign country to another.
In 2001, the USA PATRIOT Act amended the definition of "protected computer" to make clear that this term includes computers outside of the United States so long as they affect "interstate or foreign commerce or communication of the United States."[4]