Compliance Management, Threat Intelligence, Government Regulations

Supreme Court hears first appeals case for exec convicted under CFAA

A Supreme Court of Appeals will decide Monday whether to revisit a case that could determine requirements of the Computer Fraud and Abuse Act (CFAA).

The case, Musacchio v. United States, appeals the conviction of Michael Musacchio, the former president of transportation brokerage operator Exel Transportation Services (ETS), who was convicted of one felony count of conspiracy to make unauthorized access to a protected computer and two felony counts of hacking, for breaching his previous employer's servers after he left ETS to launch a competitor.

The U.S. Court of Appeals for the Fifth Circuit affirmed the district court's decision in November 2015, pending judgment of the U.S. Supreme Court. The high court heard the case (14-1095) on Monday and will decide whether to revisit the decision by the end of June, a representative of the Supreme Court told If the court grants the appeal the retrial would likely affect trial-level errors and statutes of limitations of cases involving CFAA convictions.

The CFAA is the federal anti-hacking legislation that has been used aggressively in the prosecution against hackers, researchers, and activists – including, most notably, in the trial of activist and Reddit co-founder Aaron Swartz, who committed suicide in January 2013 while awaiting trail and under federal indictment. CFAA has been criticized as outdated and poorly written, leading to broad over-enforcement. The legislation has also used more recently against Matthew Keys, a former Reuters journalist convicted of conspiring to help the hacking group Anonymous hack into the Los Angeles Times and alter its website.

Tor Ekeland, a defense attorney who regularly defends hackers - he was lead defense attorney for Matthew Keys - said the CFAA was written too broadly. “I think the CFAA is bad for capitalism,” he told

Earlier this year, the Justice Department sought revisions to the CFAA. The proposed changes included raising the minimum penalty for circumventing digital access barriers from a misdemeanor, to a 3-year felony. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.