Denver Cybercrime Lawyer

Federal Computer Fraud and Abuse Act charges are serious business. The Computer Fraud and Abuse Act is the law that the federal government uses to criminally prosecute people on hacking charges.

These are commonly referred to as cybercrime charges. You need an experienced cybercrime lawyer in your corner if you are facing criminal investigations.

Originally passed in the 1980s and updated in 2008, the Computer Fraud and Abuse Act is an incredibly broad federal law that covers unauthorized access and use of virtually all digital devices. CFAA charges are the quintessential white collar crime of the modern age.

The Computer Fraud and Abuse Act lawyers at Evergreen Attorneys are ready to bring hope and a plan for your defense. If you are facing a CFAA charge in federal court, you deserve the absolute best federal lawyers at your side from day one.

Call the Denver White Collar criminal defense team at Evergreen Attorneys today at (303) 948-1489. Or email our founding attorney, Zachary Newland, directly at [email protected] to go through a free and confidential consultation.

What Makes Evergreen Attorneys Different?

1. We only handle serious federal cases.
2. We practice in federal courts all across the country. 

There are dozens if not hundreds of lawyers you can find on the internet who claim to be experienced federal criminal defense lawyers. Almost all of these Denver wire fraud lawyers claim to be “experts” or “fighters” who will give you “aggressive representation” or something similar.

We are Denver white collar attorneys through and through. https://evergreenattorneys.com/white-collar-crime/white-collar-crime-lawyer/

Here are some of the things that we think makes Evergreen Attorneys different from the pack:

• We only practice federal criminal defense. All federal work. Every day.
• We only employ experienced partner-level attorneys. No fresh-faced associates right out of law school.
• We are a boutique federal white collar law firm. Every decision is tailored towards providing client-first exceptional criminal defense.
• Evergreen Attorneys handles cases nationwide. We are not interested in being golfing buddies with the prosecutor.

What is the Federal Computer Fraud and Abuse Act?

The Computer Fraud and Abuse Act (also referred to as “CFAA” in this article) is a federal law that governs many cybercrimes. It is part of the United States Code at 18 U.S.C. Section 1030.

Where did the CFAA come from?

The Computer Fraud and Abuse Act (CFAA) is the primary federal statute in the United States governing computer-related misconduct. Enacted in 1986 and codified at 18 U.S.C. § 1030, the CFAA was Congress’s response to the growing risk that unauthorized access to computers posed to government systems, financial institutions, and interstate commerce. See https://www.justice.gov/criminal/file/442156/dl?inline= (last accessed January 31, 2025).

Although originally narrow in scope, the statute has been amended multiple times to keep pace with technological advancement and the expansion of networked systems. In our Denver white-collar crime practice, we regularly encounter prosecutors who want to use the CFAA in new and expansive ways.

What does the Computer Fraud and Abuse Act Do?

At its core, the CFAA criminalizes intentional access to a computer “without authorization” or in a manner that “exceeds authorized access.” The statute applies to so-called “protected computers,” a term defined broadly to include any computer used in or affecting interstate or foreign commerce. 18 U.S.C. § 1030(e)(2).

In practice, this definition encompasses nearly all internet-connected devices, from corporate servers to personal laptops and smartphones. The Denver Computer Fraud and Abuse Act lawyers at Evergreen Attorneys see these charges regularly brought by federal prosecutors.

Again, these charges are colloquially referred to as cybercrime cases. Seek out an attorney who is knowledgeable in the ins-and-outs of cybercrime law like Evergreen Attorneys if you are facing this type of investigation.

What types of conduct does the CFAA cover?

The Act prohibits several distinct categories of conduct. These include obtaining information through unauthorized access, accessing financial or government data, transmitting malicious code that causes damage, trafficking in passwords or access credentials, and using computers to commit extortion. 18 U.S.C. § 1030(a)). Penalties vary depending on the offense, ranging from misdemeanor charges to felony convictions carrying substantial prison terms and fines, particularly where national security, financial fraud, or significant economic damage is involved.

Despite its broad reach, the CFAA has long been criticized for vague statutory language, particularly regarding what constitutes unauthorized access. In Van Buren v. United States , 593 U.S..      (2021), the Supreme Court clarified that a person does not exceed authorized access merely by misusing information they are otherwise permitted to obtain.

This decision significantly narrowed the statute’s scope and curtailed expansive prosecutorial interpretations. However, many white collar criminal cases continue to involve CFAA charges. Simply put, they are a favorite of federal prosecutors to bring.

Cybercrime Defenses Under Federal Law

The CFAA is the federal government’s primary legal tool to address hacking with criminal charges. Although the tool is incredibly powerful, it is still not unlimited.

Federal courts have articulated several well-recognized legal defenses to charges brought under the Computer Fraud and Abuse Act. Expert white collar criminal lawyers know how important it is to a client’s defense to understand these defenses before a case starts.

Evergreen Attorneys bring over a decade of experience to defending our white collar clients in CFAA cases. Below we break down some of the most commonly used legal defenses in these criminal hacking cases in federal courts.

Cybercrime Defense #1- Authorization: Lawful Access to the System

The most common (and basic) defense to a CFAA charge is that the defendant had lawful authorization to access the computer system. The statute criminalizes only access “without authorization” or access that “exceeds authorized access” (18 U.S.C. § 1030(a)).

If access was permitted, the inquiry often ends. In Van Buren v. United States, the Supreme Court held that a police officer who accessed a database he was authorized to use—but for an improper purpose—did not violate the CFAA. Van Buren v. United States, 593 U.S. 374, 141 S. Ct. 1648, 210 L. Ed. 2d 26 (2021) . Similarly, in United States v. Nosal, the Ninth Circuit rejected criminal liability based solely on violations of employer policies. United States v. Nosal, 676 F.3d 854 (9th Cir. 2012)

We will discuss a more recent Third Circuit case on the “authorization” defense below. Suffice to say, that the best defense to a federal hacking charge is usually that your client actually had authorization to access the device or system.

Cybercrime Defense #2- Violations of Policies or Terms of Service are Not Crimes

Courts consistently distinguish between contractual violations and criminal hacking. In the Nosal case discussed above, the Ninth Circuit warned that interpreting policy violations as CFAA crimes would transform the statute into an internet-policing mandate.

Nosal pointed out that for example social media websites routinely prohibit lying about your age. What about lying about your height on an internet dating website? It that access or use that is not authorized by Tinder and is now a federal criminal hacking violation? Thankfully courts have routinely said “no” to this question. The Supreme Court echoed this concern in Van Buren, rejecting interpretations that criminalize ordinary online behavior.

When defending federal computer hacking cases, it is important that your lawyer try to distinguish (if possible) your actions as mere violations of terms of service or policy. Not every improper click of a mouse is a federal crime after all.

CybercrimeDefense #3- Lack of Intent (often called mens rea)

Most CFAA offenses require intentional or knowing conduct. Not all actions, even unauthorized actions, will be able to meet the government’s burden of proof for “intentionally” exceeding authorization.

The lack of intent defense commonly comes up in cases where there is a dispute about the scope of access granted to a person. Such as with former employees.

Again, whether or not you can make a defense on the element of intent in a federal computer crime case is nuanced. You need an expert white collar crime attorney to help you determine your best defense.

Cybercrime Defense #4- Less than $5,000 in Damages or Loss

First, it is important to point out that there are numerous specific crimes covered by the CFAA at 18 U.S.C. Section 1030. For example, subsection (a)(2) criminalizes the access of financial records from financial institutions and access of information from government computers among other things.

Subsection (a)(4) is a broad catchall for all types of hacking activities. To prove a crime under this provision, the Government must show that someone (a) knowingly (b) with the intent to defraud (c) accessed a protected computer (d) without authorization and (e) obtained a value as a result of more than $5,000 in one year.

What does this mean in practice? In private employer hacking cases with no connection to the federal government, prosecutors must carry their burden to show at least $5,000.00 in damages.

Many times, a computer hack or unauthorized access does not result in any financial gain. Experienced federal criminal defense attorneys know to carefully scrutinize the statutory damages claimed in any indictment.

Cybercrime Defense #5- Publicly Accessible Information

In 2026, millions if not billions of pieces of data are publicly available online. One question in recent years has been whether or not the CFAA criminal prohibits third-parties (mainly scraping companies) from accessing these publicly available records.

So far, courts have generally held that accessing publicly available data does not violate the federal anti-hacking law under the Computer Fraud and Abuse Act. For example, the Ninth Circuit held in 2022 that a data analytics company likely did not violate the CFAA by scraping the public LinkedIn profiles of users. See hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022).

Because the information was publicly available, the data company was not violating the “without access” language of the CFAA by scraping LinkedIn profiles. Even after LinkedIn sent a stern cease and desist letter.

Moral of the story? See if the information at issue in any federal anti-hacking case was publicly available. It might provide a defense.

Recent Federal Computer Hacking Defense Win

United States v. Eddings, 161 F.4th 199 (3d Cir. 2025)

In December 2025, the Third Circuit Court of Appeals was faced with a novel question. When an employee resigns from their job, as opposed to being fired, does that mean that any further use of the employer’s computer systems are by default “without authorization” under the CFAA?

Eddings resigned her job with her employer under questionable circumstances. The employer then tried to stiff Eddings on the money that Eddings was owed by all accounts for the work and time she already performed.

Eddings later accessed the company’s files and emails after the resignation as part of trying to get paid. Eddings essentially tried to leverage that company information into a payday.

The federal government subsequently charged Eddings with violating the Computer Fraud and Abuse Act for the post-resignation conduct. Eddings was convicted and trial and appealed.

Ultimately, the Third Circuit held that absent a prior agreement (like an employment contract), an employee’s resignation alone does not automatically cancel employer’s authorization for the employee to access its computer systems. The Third Circuit held that the conviction was improper and reversed the decision of the trial court.

Eddings is a great example of the kind of nuance that only truly experienced federal computer hacking defense lawyers bring to the table. These cases are complicated. You do not want an attorney who is going to “learn on the job” when your life is on the line.”

Evergreen Attorneys bring a depth of experience and a willingness to force the government to prove every.single.inch. of their case that you need in a CFAA defense.

Contact the Denver Cybercrime Lawyers at Evergreen Attorneys for a confidential consultation. 

If you’re facing federal charges or need help navigating a legal battle, don’t wait to seek legal assistance. Contact our Evergreen Attorneys today for a confidential consultation. We’re here to help you understand your options and build a strong defense. You may also call us at 303-948-1489 or email us at [email protected] to get in touch with an experienced federal lawyer at Evergreen Attorneys today.