The CFAA is the primary federal hacking statute — and one of the most broadly interpreted criminal laws in the United States. A CFAA prosecution can arise from conduct as simple as using a work computer for personal purposes. D.J. Rivera — the only attorney in the US to beat the FBI and DOJ in a federal jury trial — provides the technical and legal expertise these cases demand.
United States v. Cassim — D.J. Rivera is the only attorney in the United States to have won a federal jury trial against the FBI and the U.S. Department of Justice in a federal criminal computer-related case, tried in the Eastern District of Virginia. His deep technical knowledge of Internet technology and digital evidence provided the decisive advantage.
The Computer Fraud and Abuse Act (18 U.S.C. § 1030) is the primary federal statute governing unauthorized access to computers and computer networks. Originally enacted in 1986 to target hackers who broke into government and financial computer systems, the CFAA has been expanded repeatedly and now applies to virtually any computer connected to the internet — which, in practice, means almost every computer, smartphone, and networked device in existence.
The CFAA creates both criminal and civil liability. Federal prosecutors in the Eastern District of Virginia (EDVA) — one of the most aggressive federal districts in the country for computer crime prosecutions — use the CFAA to charge a wide range of conduct, from sophisticated nation-state level hacking to relatively minor unauthorized access to employer computer systems.
The Van Buren Decision — A Critical Defense Development
In Van Buren v. United States (2021), the Supreme Court significantly narrowed the scope of the CFAA by holding that a person "exceeds authorized access" only when they access a part of a computer system to which their access is not permitted — not merely when they use authorized access for an unauthorized purpose. This decision eliminated many prosecutions that previously seemed straightforward, and it is now a central defense argument in CFAA cases.
| Offense (§ 1030 Subsection) | Description | Maximum Prison |
|---|---|---|
| § 1030(a)(1) | Obtaining national security information | Up to 10 years (20 years repeat) |
| § 1030(a)(2) | Unauthorized access to obtain information | Up to 1–5 years |
| § 1030(a)(3) | Unauthorized access to government computers | Up to 1–10 years |
| § 1030(a)(4) | Computer fraud (access to further fraud) | Up to 5 years (10 years repeat) |
| § 1030(a)(5) | Causing damage to protected computers | Up to 1–20 years |
| § 1030(a)(6) | Trafficking in passwords | Up to 1 year (3 years repeat) |
| § 1030(a)(7) | Extortion involving computers | Up to 5 years (10 years repeat) |
Northern Virginia / EDVA Warning: The Eastern District of Virginia is one of the most aggressive federal districts in the country for CFAA prosecutions. It is home to the Pentagon, CIA, NSA, and numerous defense contractors, making it a priority jurisdiction for computer crime enforcement. If you are contacted by federal investigators in Northern Virginia, contact D.J. Rivera immediately.
After Van Buren v. United States (2021), the CFAA's "exceeds authorized access" theory was significantly narrowed. A person does not exceed authorized access merely by using authorized access for an unauthorized purpose — they must access a part of the system to which their access was not permitted. D.J. Rivera applies this defense aggressively in cases involving employees who accessed employer systems for personal purposes, contractors who accessed systems beyond the scope of their specific task, and individuals who used authorized credentials to access information for unauthorized reasons.
The CFAA applies only to "protected computers" — defined as computers used in or affecting interstate or foreign commerce or communication, or used by the federal government. In practice, virtually any internet-connected device qualifies, but the prosecution must still prove this element. In cases involving isolated systems or devices not connected to the internet, the "protected computer" element may be contested.
Many CFAA felony charges require proof of damage exceeding $5,000 during a one-year period. The prosecution typically relies on the victim's estimate of remediation costs, which frequently includes inflated figures. D.J. Rivera retains independent technical experts to challenge these valuations and, where appropriate, to reduce the alleged damage below the felony threshold.
Federal CFAA investigations frequently involve extensive digital surveillance — including pen register orders, wiretaps, search warrants for email accounts, and seizure of computers and devices. D.J. Rivera scrutinizes every warrant and court order for constitutional deficiencies and files suppression motions where the government's investigative techniques violated the Fourth Amendment.
D.J. Rivera's GCFE certification and D.Eng. in Cybersecurity Analytics give him the technical expertise to challenge the government's forensic evidence at the same level as the federal forensic examiners who collected it. He reviews forensic reports for methodological errors, challenges IP attribution, scrutinizes network traffic analysis, and identifies alternative explanations for the digital evidence.
D.J. Rivera is the only attorney in the United States to have won a federal jury trial against the FBI and the U.S. Department of Justice in a federal criminal computer-related case. That victory — in the Eastern District of Virginia — was built on his deep technical knowledge of Internet technology, digital evidence, and computer forensics. It is the same knowledge he brings to every CFAA defense.
His credentials — D.Eng. Cybersecurity Analytics (GWU), CISSP, CEH, GCFE, GPEN, GCIH, GSLC, US Cyber Command — are the same credentials held by the federal investigators and forensic examiners building the case against you. When D.J. Rivera challenges the government's digital evidence, he is doing so with the same technical vocabulary and depth of knowledge as the prosecution's own experts.
Do not speak to federal investigators without an attorney. D.J. Rivera is available 24/7 for a free, confidential consultation.
Get Your Free Consultation Now