Hacking Antitrust: Competition Policy and the Computer Fraud and Abuse Act

Authors

Charles Duan, American University Washington College of LawFollow

Document Type

Article

Publication Date

2021

Journal

Colorado Technology Law Journal

Volume

19

Issue

2

First Page

313

Last Page

342

Abstract

The Computer Fraud and Abuse Act, a federal computer trespass statute that prohibits accessing a computer "without authorization or exceeding authorized access," has often been criticized for clashing with online norms, over-criminalizing common behavior, and infringing freedom-of-expression interests. These controversies over the CFAA have raised difficult questions about how the statute is to be interpreted, with courts of appeals split on the proper construction and the Supreme Courtset to consider the law in its current October Term 2020.

This article considers the CFAA in a new light, namely its effects on competition. Rather than merely preventing injurious trespass upon computers, the CFAA has become a favorite legal tool for dominant firms in the computer services industry to suppress competition, expand their market control, and impose transaction costs that limit consumer choice. To explore how the CFAA implicates competition, two novel approaches are used. First, this article compares prior uses of the CFAA to competition issues identified in the computer industry and other fields. This comparison reveals that the CFAA has the ability to insulate from legal scrutiny activity that at a minimum raises serious questions about negative effects on competition. Second, the article draws upon the theory and law of intellectual property, in particular trade secrets and copyright. Because it protects information but lacks the competition-protective features of copyrights and trade secrets, the CFAA essentially creates an ad hoc intellectual property regime that enables the improper suppression of competition.

The legislative history of the CFAA suggests that Congress did not intend the computer intrusion statute to supplant intellectual property law or to be a tool for suppressing competition. To ensure consistency with this legislative intent, then, this article posits that the CFAA should be narrowly construed such that access "without authorization" does not include violations of restrictions on how accessed data is subsequently used. At least from a competition policy perspective, a narrow construction is favorable over the broad one.

Recommended Citation

Charles Duan, Hacking Antitrust: Competition Policy and the Computer Fraud and Abuse Act, 19 Colorado Technology Law Journal 313 (2021).
Available at: https://digitalcommons.wcl.american.edu/facsch_lawrev/2176