The Computer Fraud and Abuse Act, 18 U.S.C. § 1030, is the main federal computer crime statute. It criminalizes unauthorized access to a computer, access that exceeds authorization, obtaining information from a protected computer, intentionally damaging a protected computer, trafficking in passwords, and certain extortion conduct tied to computer systems. A "protected computer" includes any device used in or affecting interstate commerce, which covers almost every modern internet-connected device. Penalties range from one year for basic unauthorized access to ten or twenty years for aggravated or repeat conduct. The Supreme Court's decision in Van Buren v. United States narrowed how broadly "exceeds authorization" can be read, which matters in many employment and insider-access cases. If your case involves cloud accounts, company servers, email systems, or cross-state networks, the CFAA is likely in the mix and must shape the defense strategy.