⌨ Template Preview
☎ Call Today
Criminal Defense • Frisco, Texas
Serving 9 DFW Counties — Collin • Dallas • Denton • Tarrant • Rockwall • Kaufman • Ellis • Johnson • Hunt — Available 24/7
§ 1030
White Collar Fraud · Computer Fraud (CFAA)

Federal computer fraud defense

A federal computer-fraud indictment under 18 U.S.C. § 1030 — the Computer Fraud and Abuse Act, or CFAA — is a multi-subsection statute that criminalizes unauthorized access to "protected computers," exceeding authorized access, intent to defraud through computer access, damaging protected computers, and computer-based extortion. Most subsections carry felony exposure up to 10 years per count; § 1030(a)(1) (national-defense information) reaches life imprisonment. The 2021 Supreme Court decision Van Buren v. United States, 593 U.S. 374, sharply narrowed § 1030(a)(2) to a "gates-up, gates-down" rule — entering an area of a computer system one is not authorized to enter, rather than using authorized access for unauthorized purposes — reshaping how every subsequent CFAA prosecution is litigated in federal courts including the Northern District of Texas (Dallas/Fort Worth) and the Eastern District of Texas (Sherman/Plano).

14 min read 3,400 words Reviewed May 17, 2026 By Reggie London
Direct Answer

A federal computer-fraud charge under 18 U.S.C. § 1030 — the Computer Fraud and Abuse Act (CFAA) — covers seven subsections of computer-related conduct: (a)(1) national-defense information, (a)(2) unauthorized access obtaining information, (a)(3) trespass on government computers, (a)(4) access with intent to defraud, (a)(5) damage to protected computers, (a)(6) password trafficking, and (a)(7) extortion via computer threats. Most subsections carry felony exposure up to 10 years per count, with § 1030(a)(1) reaching life through espionage-act crosswalk provisions. The Supreme Court's 2021 decision in Van Buren v. United States narrowed § 1030(a)(2) dramatically — "exceeds authorized access" applies only to true gate-up breaches of access boundaries, not to misuse of authorized access. Defense work centers on the Van Buren gates-up analysis, mens-rea challenges, $5,000 loss-amount thresholds for felony charging, venue challenges under Auernheimer, First Amendment overlap in online-speech cases, and cooperation under 5K1.1. Texas Penal Code § 33.02 — Breach of Computer Security — is the state-law analog; the Stored Communications Act (§ 2701) and Wiretap Act (§ 2511) are companion federal statutes frequently charged alongside § 1030.

Free case review
Key Takeaways
  • Multi-subsection federal statute at 18 U.S.C. § 1030 — (a)(1) espionage through (a)(7) extortion — most subsections carry up to 10 years per count.
  • Van Buren v. United States, 593 U.S. 374 (2021), narrowed § 1030(a)(2) sharply — gates-up rule replaces purpose-based "exceeds authorized access" theory.
  • $5,000 loss threshold drives felony charging under § 1030(a)(2)(B) and § 1030(a)(5)(C) — loss-amount challenges are a primary defense tactic.
  • Tex. Penal Code § 33.02 — Breach of Computer Security — is the Texas state-law analog, scaling from Class B misdemeanor up to 1st-degree felony.
  • SCA and Wiretap Act18 U.S.C. §§ 2701 and 2511 — are companion statutes frequently charged alongside § 1030 to multiply exposure.
Quick Case Review · 24/7

Get a free review

Direct to attorney — no call center. Most clients hear back within an hour.

By submitting, you agree to our Privacy Policy. No attorney-client relationship is formed until a written engagement is signed.

Texas Bar
Licensed since 2004
TXND · TXED
Federal Court Admitted
4.8 ★
Google Reviewed
9 DFW
Counties Served
24/7
Direct-to-Attorney Line
40+
Years Combined
Texas Bar Licensed TXND & TXED Federal 24/7 Jail Release Se Habla Español
Texas Legal Context

What the statute actually requires

Controlling statute 18 U.S.C. § 1030
Analytical framework Federal computer-fraud prosecutions under 18 U.S.C. § 1030 — the Computer Fraud and Abuse Act — operate through a multi-subsection statute criminalizing seven categories of conduct. Section 1030(a)(2) (unauthorized access obtaining information) is the most frequently-charged subsection and has been sharply narrowed by Van Buren v. United States, 593 U.S. 374 (2021), to a "gates-up-or-down" framework. The $5,000 loss threshold under § 1030(c)(2)(B) and § 1030(c)(4) drives felony charging under most subsections. Texas Penal Code § 33.02 — Breach of Computer Security — and the federal companion statutes 18 U.S.C. § 2701 (Stored Communications Act) and § 2511 (Wiretap Act) frequently appear alongside § 1030 to capture different aspects of computer-intrusion conduct.
5 Texas-specific insights
  1. Van Buren narrowed § 1030(a)(2) to gates-up. Van Buren v. United States, 593 U.S. 374 (2021), held that "exceeds authorized access" under § 1030(e)(6) means accessing areas (files, folders, databases) the user has no right to access at all — not misusing information the user was authorized to obtain. The decision invalidated entire categories of pre-2021 CFAA theories, including employee-policy-violation prosecutions and public-data-scraping cases. The 9th Circuit's post-Van Buren application in hiQ Labs v. LinkedIn, 31 F.4th 1180 (2022), closed off CFAA liability for scraping publicly-accessible web pages even where terms of service prohibited it.
  2. Section 1030(a)(2) misdemeanor-felony line at $5,000. A first-offense § 1030(a)(2) violation is a misdemeanor (up to 1 year) absent aggravating factors. The offense becomes a felony (up to 5 years for first offense, up to 10 for repeat) under § 1030(c)(2)(B) where committed for commercial advantage or private financial gain, in furtherance of any criminal or tortious act, or where the information obtained exceeded $5,000 in value. The $5,000 threshold is frequently contested at trial through forensic-accounting expert work challenging the company's loss calculation.
  3. Section 1030(a)(4) intent to defraud imports Neder materiality. Section 1030(a)(4) requires knowing access with specific intent to defraud and obtaining anything of value over $5,000. The intent-to-defraud element imports the common-law fraud framework of mail/wire fraud under §§ 1341/1343 — material deception with specific intent to defraud. Neder v. United States, 527 U.S. 1 (1999), governs materiality. Section 1030(a)(4) is frequently charged alongside wire fraud under § 1343 to capture both the computer-access element and the broader fraudulent scheme, with substantial overlap but distinct elements.
  4. Section 1030(a)(5) three-tier mens-rea structure. Section 1030(a)(5) divides damage-related conduct into three sub-clauses with different mens-rea requirements. (A) Knowing transmission plus intentional damage — up to 10 years (20 for repeat, life if death results). (B) Intentional unauthorized access plus reckless damage — up to 5 years for felony. (C) Intentional unauthorized access plus damage and aggregate loss of $5,000+ — felony exposure. The aggravation provisions under § 1030(c)(4) elevate penalties for medical-care impairment, physical injury, public-safety threats, or impact on justice/national-security computers.
  5. Venue under Auernheimer requires essential conduct in district. United States v. Auernheimer, 748 F.3d 525 (3d Cir. 2014), reversed a CFAA conviction on venue grounds — the indictment was returned in a district where neither the defendant's access conduct nor the affected servers were located. The Third Circuit held that venue requires essential conduct in the district. In remote-access cases the defense identifies where conduct occurred and where systems are located; if the government has charged in a district where neither occurred, Rule 18 venue challenge can produce dismissal or transfer. Venue challenges are particularly relevant where the defendant accessed systems located across multiple districts.
  6. Counterman applies to § 1030(a)(7) extortion online speech. Counterman v. Colorado, 600 U.S. 66 (2023), held that the First Amendment requires a subjective mens-rea showing — at least recklessness — before the government can criminalize speech as a "true threat." For § 1030(a)(7) extortion-by-computer prosecutions involving threats to damage computers or release information, the Counterman framework constrains what the government must prove about the defendant's subjective awareness. Defense work develops the speech-act analysis — was the communication a true threat as understood by the speaker, or protected speech (hyperbole, satire) that the government has overreached in prosecuting?

What is the CFAA — multi-subsection framework at § 1030?

The Computer Fraud and Abuse Act at 18 U.S.C. § 1030 is a multi-subsection federal statute criminalizing seven categories of computer-related conduct. Penalties scale from misdemeanors to felonies up to 10 years per count, with national-defense subsections reaching life imprisonment via espionage-act crosswalks.

§ 1030(a)(1) — National defense or restricted data
Knowingly accessing a computer without authorization or exceeding authorized access, and obtaining national-defense information, foreign-relations data, or restricted nuclear data, with reason to believe such information could be used to the injury of the United States or to the advantage of a foreign nation. First-offense exposure runs up to 10 years; second offense up to 20 years. Espionage-act crosswalk provisions (18 U.S.C. §§ 793, 794, 798) allow life-imprisonment exposure where the conduct also constitutes traditional espionage. This subsection produces the highest-exposure CFAA prosecutions and is litigated primarily by the National Security Division at DOJ.
§ 1030(a)(2) — Unauthorized access obtaining information
Intentionally accessing a computer without authorization or exceeding authorized access, and thereby obtaining (A) information from any financial institution's records, (B) information from any department or agency of the United States, or (C) information from any protected computer (the modern catch-all clause). First offense without aggravating factors is a misdemeanor (up to 1 year); becomes a felony (up to 5 years, or 10 for repeat conduct) where committed for commercial advantage or private financial gain, in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any State, or where the value of the information obtained exceeded $5,000. After Van Buren v. United States, 593 U.S. 374 (2021), "exceeds authorized access" is read narrowly — gate-up breaches only.
§ 1030(a)(4) — Access with intent to defraud
Knowingly and with intent to defraud accessing a protected computer without authorization, or exceeding authorized access, and by means of such conduct furthering the intended fraud and obtaining anything of value (other than the use of the computer and the value of such use does not exceed $5,000 in any 1-year period). Up to 5 years for a first offense; up to 10 years for repeat conduct. The "intent to defraud" element imports common-law fraud principles — a scheme to deprive another of money, property, or honest services by deception. Frequently charged alongside wire fraud under § 1343 to capture both the computer-access element and the broader fraudulent scheme.
§ 1030(a)(5) — Damage to protected computers
Three sub-clauses: (A) knowingly causes transmission of a program, information, code, or command, and as a result intentionally causes damage without authorization to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct recklessly causes damage; (C) intentionally accesses a protected computer without authorization, and as a result of such conduct causes damage and loss. Penalties scale with the aggravating circumstances and damage amount — first offense up to 10 years; up to 20 years for repeat conduct or aggravated damage; life imprisonment available where the offense results in death. The $5,000 aggregate loss threshold applies for felony charging.
§ 1030(a)(7) — Extortion via computer threats
Transmitting in interstate or foreign commerce any communication containing (A) any threat to cause damage to a protected computer, (B) any threat to obtain information from a protected computer or impair the confidentiality of information obtained from a protected computer, or (C) any demand or request for money or other thing of value in relation to damage to a protected computer where such damage was caused to facilitate the extortion. Up to 5 years for a first offense; up to 10 years for repeat conduct. This subsection captures ransomware demands, hack-and-leak threats, and other extortion-by-computer schemes. Frequently charged alongside Hobbs Act extortion under 18 U.S.C. § 1951.

The Computer Fraud and Abuse Act was enacted in 1986 against a backdrop of growing concern about computer intrusions and was substantially amended in 1996, 2001, 2002, and 2008 to broaden its reach. The result is a multi-subsection statute that covers a wide range of conduct — from unsophisticated unauthorized access by a curious employee to ransomware demands by sophisticated international threat actors to nation-state espionage. The structural challenge in any CFAA defense is identifying which subsection the government has charged, what the precise elements of that subsection require, and how the post-2021 narrowing in Van Buren v. United States reshapes the analysis.

A critical structural feature: the CFAA's "protected computer" jurisdictional element under § 1030(e)(2) is functionally universal in the internet age — any computer used in or affecting interstate or foreign commerce or communication qualifies, which captures essentially every computer connected to the internet. The protected-computer element therefore generates few serious disputes in modern CFAA practice. The live disputes center almost entirely on (1) whether the defendant's access was authorized or exceeded authorization, (2) the requisite mental state for the specific subsection charged, (3) damage and loss calculation where § 1030(a)(5) is charged, and (4) loss-amount thresholds for felony charging under § 1030(a)(2)(B) and § 1030(c)(4).

CFAA prosecutions in the Northern District of Texas and the Eastern District of Texas have grown substantially over the past five years as cybercrime — ransomware, business-email-compromise schemes, healthcare-records intrusions, intellectual-property theft from defense contractors — has emerged as a federal enforcement priority. The FBI's Dallas Field Office Cyber Squad coordinates investigation; the U.S. Attorney's Office Cyber and Intellectual Property Crime Section in NDTX prosecutes. The Eastern District handles a substantial caseload of cases originating from Plano, Frisco, Sherman, McKinney, and the broader I-635/I-75 corridor, often involving insider-access, business-email-compromise, and ransomware-affiliate prosecutions.

Section 1030(a)(2) after Van Buren — the gates-up rule

The Supreme Court's 2021 decision in Van Buren v. United States narrowed § 1030(a)(2) sharply — "exceeds authorized access" applies only to true gate-up breaches, not to misuse of information one was authorized to obtain. Policy violations and "improper purpose" theories no longer support CFAA liability.

Van Buren v. United States, 593 U.S. 374 (2021), was the most consequential CFAA decision of the past decade. The defendant, a Georgia police sergeant, used his lawful access to a state law-enforcement license-plate database to look up plates for personal reasons unrelated to law-enforcement business. He was paid by an FBI informant to perform the lookups in a sting operation. The government charged him under § 1030(a)(2)(B) — accessing a protected computer in a manner that "exceeds authorized access." The lower courts (11th Circuit) applied the broad "purpose-based" reading: although Van Buren was authorized to access the database, his improper purpose for the lookup converted authorized access into "exceeding authorized access" because the agency policy permitted access only for law-enforcement purposes.

The Supreme Court reversed 6-3 in an opinion by Justice Barrett. The Court held that "exceeds authorized access" under § 1030(e)(6) means "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter" — and that "not entitled so to obtain or alter" refers to areas of the computer (files, folders, databases) the user has no right to access at all, not areas the user can access but for purposes the system owner doesn't approve. The Court adopted what it called a "gates-up-or-down" framework: the question is whether the user breached a gate at all, not why he wanted to walk through it. Van Buren had authorized access to the entire database for any reason — even an improper one — so his lookup did not "exceed" authorization within the statute's meaning.

The implications of Van Buren reach far beyond police-database misuse. The decision invalidated entire categories of pre-2021 CFAA theories: employee-policy-violation prosecutions where employees with database access used it for unauthorized side ventures; public-data-scraping cases against researchers and journalists who used automated tools to access publicly-available website data in ways the site's terms of service prohibited; competitive-intelligence cases where employees of one firm collected information from another firm's public-facing systems. Each of these had been actively prosecuted under the broad pre-Van Buren reading. After Van Buren, none of them survives unless the government can identify a true gate-up breach — access to a folder, database, or system the user had no right to access at all.

The 9th Circuit's decision in hiQ Labs v. LinkedIn, 31 F.4th 1180 (2022), applied Van Buren directly to public-data scraping. The court held that hiQ's scraping of public LinkedIn profile data did not constitute "access without authorization" under § 1030(a)(2) — the data was publicly available, and accessing public data could not be "without authorization" within the statute's meaning. hiQ effectively closed off CFAA liability for scraping of publicly-accessible web pages, even where the site owner expressly prohibited automated access. The pre-Van Buren United States v. Nosal, 844 F.3d 1024 (9th Cir. 2016) (en banc dissent foreshadowing the narrow reading), is now the dominant analytical framework — the 9th Circuit had been ahead of the Supreme Court on this question, and Nosal's underlying reasoning controls the post-Van Buren landscape.

For defense practice in DFW federal courts, Van Buren's practical implications are substantial. Pre-2021 indictments under broad "purpose-based" theories were not unusual in NDTX/EDTX. Post-Van Buren, the defense develops the gates-up analysis at the motion-to-dismiss stage: does the indictment allege a true breach of access boundaries, or does it allege misuse of authorized access? Where the indictment fails to allege a gate-up breach, dismissal is the appropriate remedy. Where the government supplements with additional facts at trial, the defense moves for judgment of acquittal under Rule 29 on the access element. The legal question is now well-settled by Van Buren — the difficulty is in litigating the specific factual record in a way that forces the court to apply the narrowed standard.

Section 1030(a)(4) — intent to defraud

Section 1030(a)(4) criminalizes knowingly accessing a protected computer with intent to defraud and obtaining anything of value over $5,000. The intent-to-defraud element imports common-law fraud principles and is frequently charged alongside wire fraud under § 1343.

Section 1030(a)(4) sits at the intersection of computer-access offenses and traditional fraud. The statute criminalizes "knowingly and with intent to defraud, access[ing] a protected computer without authorization, or exceed[ing] authorized access, and by means of such conduct further[ing] the intended fraud and obtain[ing] anything of value." The exposure is up to 5 years for a first offense and up to 10 years for repeat conduct. The $5,000 carve-out — "unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period" — operates as a de minimis exclusion for trivial computer-use cases.

The "intent to defraud" element imports the common-law fraud framework that runs through 18 U.S.C. § 1341 (mail fraud) and § 1343 (wire fraud). The government must prove a scheme or artifice to deprive another of money, property, or honest services by deception. The deception must be material — capable of influencing a reasonable person — and the defendant must have acted with specific intent to defraud, not merely negligently or even recklessly. Neder v. United States, 527 U.S. 1 (1999), is the foundational decision on the materiality requirement in federal fraud statutes; the Neder framework applies with full force in § 1030(a)(4) prosecutions.

In practice, § 1030(a)(4) is frequently charged alongside wire fraud under § 1343 to capture both the computer-access element and the broader fraudulent scheme. The two charges have substantial overlap — § 1030(a)(4) requires unauthorized access plus intent to defraud, while wire fraud requires a fraudulent scheme plus interstate-wire use in furtherance. A defendant who breaches a corporate computer system to redirect wire transfers will typically face both § 1030(a)(4) for the unauthorized access and § 1343 for the wires used to redirect the funds. Sentencing under the Guidelines treats the conduct as a single offense for grouping purposes under U.S.S.G. § 3D1.2, but the parallel charges expand the government's plea-bargaining leverage and create separate appellate vehicles.

Defense challenges to § 1030(a)(4) prosecutions typically focus on the mens-rea element. Did the defendant act with specific intent to defraud, or merely without consideration of fraud as a possible consequence? Where the defendant's access was authorized in a broad sense (he had legitimate credentials to the system) but the government argues the specific use was unauthorized, the Van Buren gates-up analysis matters here too — the underlying "without authorization or exceeding authorized access" predicate must satisfy the narrowed standard. A defense that pulls the case from § 1030(a)(4) into a non-CFAA theory (e.g., breach-of-contract or unfair-competition) can sometimes eliminate the federal computer-crime exposure even where the underlying conduct is genuinely problematic.

Section 1030(a)(5) — damage to protected computers

Section 1030(a)(5) covers three distinct theories of computer damage — knowing transmission of damaging code, reckless damage from unauthorized access, and damage from unauthorized access generally. Penalties scale with the damage amount and aggravating circumstances, reaching life imprisonment where the offense results in death.

Section 1030(a)(5) divides damage-related conduct into three sub-clauses with different mens-rea structures. Sub-clause (A) is the most aggravated — "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer." This is the classic malware-transmission and ransomware-deployment theory. The mens rea requires both knowing transmission and intentional damage — the government must prove the defendant knew what he was transmitting and intended the resulting damage, not merely that damage was a foreseeable consequence. Up to 10 years for a first offense; up to 20 years for repeat conduct or aggravated damage; life imprisonment where the conduct results in death.

Sub-clause (B) lowers the mens rea: "intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage." The damage need not be intended — the defendant must have acted intentionally in accessing without authorization, and the damage must have been a reckless consequence. This sub-clause captures the unsophisticated intruder who probes a system or extracts data and damages the system unintentionally in the process. First-offense felony exposure runs up to 5 years; the felony threshold requires either $5,000+ in aggregate loss, impact on medical care, physical injury, threat to public safety, or damage to a justice/national-defense/national-security computer.

Sub-clause (C) is the broadest and the most contested in modern practice: "intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss." No mens rea is required as to the damage — only as to the access. The "and loss" requirement adds an additional element: actual loss to one or more persons during any 1-year period aggregating at least $5,000. The defense work here often centers on the loss calculation — what counts as "loss" under § 1030(e)(11)? The statute defines loss broadly to include any reasonable cost of responding to an offense, conducting damage assessment, restoring data, programs, system or information, and any revenue lost or other consequential damages incurred. Challenges to the $5,000 loss threshold are frequent and sometimes successful — particularly where the company's response costs are inflated by precautionary or overresponse activity rather than actual damage repair.

Aggravation provisions multiply the exposure. Section 1030(c)(4) lists circumstances that elevate damage-subsection offenses to higher penalty tiers — loss to one or more persons during any 1-year period aggregating at least $5,000; modification or impairment of medical care; physical injury to any person; threat to public health or safety; damage to a justice/national-defense/national-security computer; damage affecting 10 or more protected computers during any 1-year period. The government almost always pleads at least one aggravator to maintain felony exposure; defense work includes challenging each pleaded aggravator on the factual record.

Defense strategies in CFAA cases

CFAA defense work centers on five recurring battlegrounds — Van Buren gates-up analysis, mens-rea challenges (knowingly/intentionally/intent to defraud), $5,000 loss-amount challenges, venue challenges, and First Amendment overlap in online-speech cases.

The Van Buren gates-up analysis is the foundational defense move in any § 1030(a)(2) or § 1030(a)(4) prosecution. The defense identifies whether the indictment alleges a true gate-up breach of access boundaries or merely misuse of authorized access. Pre-2021 indictments often relied on broad employee-policy-violation theories that Van Buren has invalidated. Motion-to-dismiss practice under Rule 12 is appropriate where the indictment's allegations cannot satisfy the narrowed standard. Where the indictment survives motion practice but the trial record shows authorized access misused, Rule 29 motion for judgment of acquittal becomes the vehicle. The 9th Circuit's post-Van Buren applications in hiQ Labs v. LinkedIn, 31 F.4th 1180 (2022), and subsequent cases provide persuasive authority for narrow construction even outside the 9th Circuit.

Mens-rea challenges run through every CFAA subsection. Section 1030(a)(2) requires intentional access; § 1030(a)(4) requires knowing access with intent to defraud; § 1030(a)(5)(A) requires both knowing transmission and intentional damage. The government must prove each mental state beyond a reasonable doubt. Defense work develops the defendant's actual subjective awareness — what did he understand about his access rights, what did he intend to do, what did he understand about the system he was accessing? Cognitive-state expert testimony is sometimes appropriate; documentary evidence of policies, training, and access-grant records is routinely contested. A defense that creates reasonable doubt about the specific mens rea required for the charged subsection — even where the conduct is otherwise problematic — can produce acquittal.

$5,000 loss-amount challenges are the dominant defense tactic in § 1030(a)(5)(C) prosecutions. The statute requires "loss to one or more persons during any 1-year period aggregating at least $5,000 in value" for felony charging. The defense challenges the company's loss calculation by examining (1) what costs the company actually incurred, (2) whether those costs were "reasonable" within § 1030(e)(11)'s definition, (3) whether the costs were causally tied to the defendant's conduct or to broader security investments the company would have made anyway, and (4) whether the company's response was proportionate or whether it overresponded for strategic or PR reasons. Forensic-accounting expert work is often dispositive. A successful sub-$5,000 finding reduces the offense from a felony to a misdemeanor under § 1030(c)(2)(A).

Venue challenges are recurring in remote-access cases. United States v. Auernheimer, 748 F.3d 525 (3d Cir. 2014), reversed a CFAA conviction on venue grounds — the defendant accessed AT&T servers in Texas and Georgia from his home in Arkansas; the indictment was returned in New Jersey, where neither the defendant's conduct nor the affected servers were located. The Third Circuit held that venue in New Jersey was improper because no essential conduct occurred there. Defense work in remote-access cases identifies where the defendant's access conduct occurred and where the affected systems are located; if the government has charged in a district where neither occurred, a Rule 18 venue challenge can produce dismissal or transfer.

First Amendment defenses arise in the subset of CFAA cases involving online speech. The Supreme Court's decision in Counterman v. Colorado, 600 U.S. 66 (2023), held that the First Amendment requires a subjective mens-rea showing — at least recklessness — before the government can criminalize speech as a "true threat." For § 1030(a)(7) extortion-by-computer prosecutions involving threats to damage computers or release information, the Counterman framework can constrain what the government must prove about the defendant's subjective awareness. The defense develops the speech-act analysis: was the defendant's communication a true threat as understood by the speaker, or was it protected speech (hyperbole, satire, public criticism) that the government has overreached in prosecuting?

Cooperation under 5K1.1 is the standard mitigation track in CFAA cases. The federal sentencing guidelines for fraud offenses under § 2B1.1 produce substantial loss-based enhancements that can lift CFAA Guidelines exposure into the multi-year range even on first offenses. A 5K1.1 substantial-assistance motion from the government — available only where the defendant provides cooperation against more culpable co-defendants or against organized cybercrime networks — produces a below-Guidelines departure that can reduce the actual sentence by 30-50%. Cooperation in computer-fraud cases often involves technical assistance to investigators on the architecture of an intrusion, identification of co-conspirators, attribution of attacks to known threat actors, or recovery of stolen data. The cooperation calculus must be weighed carefully against the risks — particularly where co-defendants are foreign nationals or affiliated with organized criminal networks.

Texas state alternatives — § 33.02 Breach of Computer Security, SCA, Wiretap

Texas Penal Code § 33.02 — Breach of Computer Security — is the state-law analog to the CFAA. Federal prosecutions often run alongside Stored Communications Act (§ 2701) and Wiretap Act (§ 2511) counts that multiply exposure.

Texas Penal Code § 33.02 — Breach of Computer Security — is the state-law analog to the federal CFAA. The statute criminalizes "knowingly access[ing] a computer, computer network, or computer system without the effective consent of the owner." Penalties scale with the aggregate amount involved: under $2,500 is a Class B misdemeanor (up to 180 days, up to $2,000 fine); $2,500 to under $30,000 is a state-jail felony (180 days to 2 years, up to $10,000); $30,000 to under $150,000 is a 3rd-degree felony (2-10 years, up to $10,000); $150,000 to under $300,000 is a 2nd-degree felony (2-20 years, up to $10,000); $300,000 or more is a 1st-degree felony (5-99 years or life, up to $10,000). The "knowingly" mens rea aligns with federal § 1030 standards, though Texas courts have not adopted the Van Buren gates-up narrowing as a matter of state law.

Related Texas computer offenses include § 33.022 (Electronic Access Interference) — disrupting or denying use of a computer system or network — and § 33.023 (Electronic Data Tampering) — altering, damaging, or deleting data without effective consent. Section 33.07 (Online Impersonation) criminalizes creating fake online accounts or sending electronic communications using another's identifying information to harm or defraud. Each statute carries its own penalty scale and may be charged alongside § 33.02 to capture different aspects of the same intrusion. State prosecutions are typically brought by the Texas Attorney General's Cyber Crime Unit or by local district attorneys with cyber capability — in DFW, the Collin County, Dallas County, Denton County, and Tarrant County DAs all maintain such capability.

The Stored Communications Act, 18 U.S.C. § 2701, is the most frequently-charged federal companion statute in CFAA prosecutions. The SCA criminalizes "intentionally access[ing] without authorization a facility through which an electronic communication service is provided," or "intentionally exceed[ing] an authorization to access that facility," and thereby obtaining, altering, or preventing authorized access to a wire or electronic communication while it is in electronic storage. The SCA covers email-system breaches, cloud-storage intrusions, and social-media-account compromises in ways § 1030 may not — different elements, different scope. Many indictments include parallel § 1030 and § 2701 counts capturing different aspects of the same conduct, with cumulative exposure of 10 years on the CFAA count plus 5 years on the SCA count for first offenses.

The Wiretap Act at 18 U.S.C. § 2511 criminalizes the intentional interception of wire, oral, or electronic communications in real time. The distinction from the SCA is the temporal element: the Wiretap Act applies to communications in transit ("interception"), while the SCA applies to communications already received and in electronic storage. Real-time keystroke logging, network packet capture during transmission, and live VOIP recording fall under the Wiretap Act; access to already-delivered emails sitting on a server falls under the SCA. The Wiretap Act carries up to 5 years per count and is frequently charged in cases involving sophisticated network-monitoring or surveillance-software deployment. United States v. Ropp, 347 F. Supp. 2d 831 (C.D. Cal. 2004), and subsequent cases address the contested intercept/storage line that often determines which statute applies.

Local DFW federal practice — NDTX, EDTX, FBI Cyber Squad

CFAA prosecutions in the Northern District of Texas (Dallas, Fort Worth, Plano divisions) and Eastern District of Texas (Sherman, Plano divisions) have grown substantially. The FBI Dallas Field Office Cyber Squad coordinates investigation; AUSAs in both districts maintain dedicated computer-crime capacity.

CFAA prosecutions in the Northern District of Texas and the Eastern District of Texas have grown substantially over the past five years as the DOJ's strategic emphasis on cybercrime — ransomware, business-email compromise, healthcare-records intrusions, intellectual-property theft from defense contractors, cryptocurrency-related computer fraud — has intensified. The FBI Dallas Field Office Cyber Squad coordinates investigation across both districts and works closely with the DOJ's National Cyber-Forensics and Training Alliance (NCFTA), the U.S. Secret Service's Electronic Crimes Task Force, and the DOJ's Computer Crime and Intellectual Property Section (CCIPS) in Washington.

The NDTX U.S. Attorney's Office in Dallas maintains a Cyber and Intellectual Property Crime Section staffed by AUSAs with technical fluency in computer-intrusion prosecutions. Recent NDTX cases have included ransomware-affiliate prosecutions, business-email-compromise schemes targeting Dallas-area corporations, intellectual-property theft from defense and technology firms, and identity-theft conspiracies leveraging compromised credentials. The Fort Worth Division handles cases originating from Tarrant County and the western half of the district. Plea practice in NDTX cyber cases is fast-moving — the government often presents plea offers within 60-90 days of indictment, and defense counsel must move quickly to develop the gates-up analysis, mens-rea theory, and loss-amount challenges that shape the negotiation.

The EDTX U.S. Attorney's Office in Plano has a substantial computer-crime docket originating from the Plano, Frisco, Sherman, McKinney, and broader I-635/I-75 corridor. The Plano Division handles cases from Collin County (including Frisco where L and L Law Group is located) and from the surrounding counties. EDTX has been particularly active in business-email-compromise and insider-access prosecutions involving employees at North Dallas-area corporations. The Sherman Division covers Grayson, Fannin, Lamar, and other counties further north. AUSAs in both EDTX divisions coordinate with the FBI Dallas Cyber Squad and with the Plano Police Department's Cyber Crime Unit on parallel state/federal investigations.

For defendants residing in Frisco, Plano, McKinney, and the broader Collin County area, a federal computer-fraud indictment typically lands in either EDTX (Plano Division) or NDTX (Dallas Division) depending on where the conduct occurred and where the affected systems were located. Forum-selection considerations matter — the two districts have somewhat different plea-practice cultures, sentencing tendencies, and judicial pools. Defense counsel familiar with both districts can sometimes shape forum at the pre-indictment cooperation stage, though once an indictment is returned, venue can only be challenged on the narrow Rule 18 grounds illustrated by Auernheimer. Pretrial detention practice differs as well — NDTX magistrates tend to grant pretrial release with conditions in white-collar computer-fraud cases more readily than in violent-crime cases, but the Bail Reform Act's flight-risk and danger analyses are case-specific.

When to retain federal counsel

Pre-indictment retention in CFAA matters is critical. Federal grand-jury subpoenas, target letters, FBI interviews, and search-warrant executions all signal active investigation. Early counsel can shape charging decisions, preserve Fifth Amendment rights, and develop the Van Buren gates-up theory before indictment.

The single most consequential decision in any federal computer-fraud matter is when to retain counsel. Federal investigations frequently develop over 12-24 months before any indictment is returned — and the defendant's exposure during that pre-indictment window is shaped substantially by what counsel can accomplish before the grand jury votes. The standard signals that an active CFAA investigation is underway include a federal grand-jury subpoena directing the defendant to produce documents or testify; a "target letter" from the U.S. Attorney's Office identifying the defendant as a target of an ongoing investigation; an FBI agent or other federal investigator requesting an interview; execution of a federal search warrant at the defendant's residence or office; or a federal arrest warrant. Each of these signals demands immediate response.

Pre-indictment counsel work on a CFAA matter involves three core activities. First, investigation triage — what did the defendant actually do, what evidence does the government likely have, and what are the realistic exposures under each potentially-applicable subsection? Second, Fifth Amendment protection — preserving the defendant's right against self-incrimination by managing any communications with investigators and by ensuring no statements are made that the defendant cannot afford to have made. Third, pre-charge dialogue with the AUSA — where appropriate and where the case posture supports it, presenting counsel-developed material that may shape the charging decision (e.g., evidence that the defendant's access was authorized, that the loss calculation overstates actual damage, or that Van Buren precludes the broad theory the government may be considering).

Many CFAA matters never result in indictment when counsel intervenes early and effectively. Pre-charge declinations are not unusual where the defense can persuade the AUSA that the case has weaknesses on the mens-rea element, on the access-authorization element, or on the loss-amount threshold. Once an indictment is returned, however, the case posture changes fundamentally — the AUSA has publicly committed to the prosecution, the grand jury has voted, and the deferential standard for grand-jury proceedings makes pre-indictment "do-over" motions difficult. The pre-indictment window is therefore strategically critical, and defendants who retain counsel only after indictment have already lost the most valuable defense lever.

Selecting counsel for a federal computer-fraud matter requires specific qualifications. Federal court admission and substantial federal trial experience — not just state criminal-defense experience — is the baseline. Familiarity with the CFAA's multi-subsection structure, with the Van Buren framework, with Federal Sentencing Guideline § 2B1.1 fraud calculations, and with the technical aspects of computer-intrusion evidence (forensic imaging, network log analysis, malware analysis, cryptocurrency tracing) is essential. The L and L Law Group team — co-founding partners Reggie London and Njeri London — both maintain federal court admissions in NDTX, EDTX, and the Fifth Circuit Court of Appeals, with substantial experience defending federal computer-fraud, wire-fraud, and other white-collar prosecutions across both districts.

Defense Strategy

What we evaluate first

Five defense levers do most of the work in Texas evading cases. We evaluate every one before charting a path — suppression first, then knowledge, intent, necessity, and charge-reduction posture together set the strategy.

  1. Van Buren gates-up defense — no true access-boundary breach
    Where the indictment alleges § 1030(a)(2) "exceeds authorized access" based on policy violations or improper-purpose use of authorized credentials, the defense argues under Van Buren v. United States, 593 U.S. 374 (2021), that the statute applies only to true gate-up breaches of access boundaries. Motion-to-dismiss practice under Rule 12 is appropriate where the indictment fails to allege a gate-up violation. The 9th Circuit's post-Van Buren application in hiQ Labs v. LinkedIn, 31 F.4th 1180 (2022), provides persuasive authority for narrow construction. United States v. Nosal, 844 F.3d 1024 (9th Cir. 2016), foreshadowed the narrow reading and remains valuable authority.
  2. Insufficient unauthorized access — credentials and consent
    The unauthorized-access element under § 1030(a)(1), (a)(2), (a)(4), and (a)(5) requires that the defendant either lacked authorization entirely or exceeded the scope of his authorization. Where the defendant had valid credentials, where the access was implicitly or explicitly consented to by the system owner, or where the access was within the scope of an employment relationship, the unauthorized-access element fails. Defense work develops the consent and authorization record — written policies, training records, supervisor approvals, course-of-conduct evidence. Where authorization is genuinely contested, the government bears the burden of proving lack of authorization beyond a reasonable doubt.
  3. Mens-rea challenges — knowingly, intentionally, intent to defraud
    Every CFAA subsection has a specific mens-rea requirement. Section 1030(a)(2) requires intentional access; § 1030(a)(4) requires knowing access with intent to defraud; § 1030(a)(5)(A) requires both knowing transmission and intentional damage; § 1030(a)(5)(B) requires intentional access plus reckless damage. The government must prove each mental state beyond a reasonable doubt. Defense work develops the defendant's subjective awareness — cognitive-state expert testimony where appropriate, documentary evidence of policies and training, course-of-conduct evidence showing absence of fraudulent intent or knowing damage.
  4. $5,000 loss-amount challenge for felony threshold
    Section 1030(c)(2)(B)(iii) and § 1030(c)(4)(A)(i)(I) require "loss to one or more persons during any 1-year period aggregating at least $5,000" for felony charging under § 1030(a)(2) and § 1030(a)(5). The defense challenges the company's loss calculation by examining what costs were actually incurred, whether those costs were reasonable under § 1030(e)(11), whether they were causally tied to the defendant's conduct, and whether the company's response was proportionate. Forensic-accounting expert work is often dispositive. A successful sub-$5,000 finding reduces felony charges to misdemeanors.
  5. Venue challenge under Auernheimer
    United States v. Auernheimer, 748 F.3d 525 (3d Cir. 2014), reversed a CFAA conviction where venue was improper — the indictment was returned in a district where neither the defendant's conduct nor the affected systems were located. Defense work in remote-access cases identifies where the defendant's access conduct occurred and where the affected systems are located. If the government has charged in a district where no essential conduct occurred, a Rule 18 venue challenge can produce dismissal or transfer. Venue challenges are particularly viable where the defendant accessed multiple servers across multiple districts.
  6. First Amendment defense for online-speech overlaps
    In § 1030(a)(7) extortion-by-computer prosecutions and in cases where the underlying conduct involves online speech (threats, criticism, parody, journalism), the First Amendment can constrain the government's case. Counterman v. Colorado, 600 U.S. 66 (2023), requires subjective mens-rea — at least recklessness — for true-threat prosecutions. Where the defendant's communication was hyperbole, satire, public criticism, or journalistic reporting rather than a genuine threat, the First Amendment defense applies. Defense work develops the speech-act analysis and the defendant's subjective state of mind in making the communication.
  7. Cooperation and 5K1.1 substantial-assistance motion
    The federal sentencing guidelines for fraud offenses under U.S.S.G. § 2B1.1 produce substantial loss-based enhancements that lift CFAA Guidelines exposure into the multi-year range. A 5K1.1 substantial-assistance motion from the government produces a below-Guidelines departure that can reduce the actual sentence by 30-50%. Cooperation in computer-fraud cases involves technical assistance to investigators on intrusion architecture, identification of co-conspirators, attribution of attacks to known threat actors, or recovery of stolen data. The cooperation calculus must be weighed against risks — particularly where co-defendants are foreign nationals or affiliated with organized criminal networks.
Defense Timeline

How we build the case

Texas evading defense follows a predictable four-phase arc — stabilize and discover (0-15 days), build the suppression record (15-90 days), motion practice and posture (3-6 months), then trial readiness or resolution (6 months+).

  1. Day 0-30
    Federal counsel, target letter response, scene preservation
    Retain federal-court-admitted counsel immediately upon receipt of target letter, grand-jury subpoena, FBI interview request, or search warrant execution; preserve all digital and physical evidence; preliminary forensic-imaging of relevant systems; identify witnesses; document the defendant's access authorizations and consent records; invoke Fifth Amendment and decline all interview requests without counsel; preliminary Van Buren gates-up theory assessment; bond posture if arrest occurred (typically pretrial release with conditions in white-collar computer-fraud cases).
  2. Day 30-90
    Grand jury, indictment, expert retention begins
    Grand jury presentment and indictment if government proceeds to charge; Article III court arraignment and detention hearing; Federal Rule 16 discovery requests; forensic-computer-examiner retention to analyze the government's technical evidence; forensic-accounting expert retention if § 1030(a)(5) loss-amount is contested; preliminary mens-rea and access-authorization theory development; pre-charge cooperation discussions with AUSA where appropriate.
  3. Month 3-12
    Motion practice, Van Buren analysis, expert development
    Rule 12 motion-to-dismiss practice on Van Buren grounds where indictment fails to allege gate-up breach; suppression motions on search warrants if scope or particularity issues exist; Rule 18 venue challenges in remote-access cases; Brady/Giglio discovery; expert development on forensic-computer analysis, loss-amount calculation, mens-rea assessment; pre-trial motions hearings; plea negotiation posture work.
  4. Month 12+
    Trial readiness or resolution
    Trial settings typically 12-24 months from indictment in federal court. Trial proceeds with bifurcated guilt-then-sentencing structure (the federal sentencing phase is by judge under the Guidelines, not by jury). 5K1.1 substantial-assistance motion if cooperation has been provided; PSR objections under Fed. R. Crim. P. 32(f) on loss calculation, role enhancement, and other Guideline issues; sentencing memorandum and § 3553(a) variance arguments; trial proceeds if no plea, with Rule 29 motions on mens-rea and access-authorization elements.

Charged with evading arrest in Collin, Denton, Dallas, or Tarrant County?

L and L Law Group defends evading-arrest cases at every level — misdemeanor through second-degree felony. Free initial consultation.

Call (972) 370-5060

Frequently asked questions

Twelve questions we answer most often about Texas evading-arrest cases — penalties, defenses, expunction, court timeline, license impact, and federal-case interaction.

What is the Computer Fraud and Abuse Act (CFAA) under 18 U.S.C. § 1030?

The Computer Fraud and Abuse Act is the principal federal computer-crime statute, codified at 18 U.S.C. § 1030. Enacted in 1986 and amended several times, the CFAA criminalizes seven categories of computer-related conduct: (a)(1) national-defense information, (a)(2) unauthorized access obtaining information, (a)(3) trespass on government computers, (a)(4) access with intent to defraud, (a)(5) damage to protected computers, (a)(6) trafficking in passwords, and (a)(7) extortion via computer threats. Penalties range from misdemeanors (first-offense § 1030(a)(2) without aggravators) to felonies carrying up to 10 years per count for most subsections, up to 20 years for repeat conduct, and up to life imprisonment under § 1030(a)(1) through espionage-act crosswalk provisions. The general 5-year federal statute of limitations under 18 U.S.C. § 3282 applies to most CFAA prosecutions.

How did Van Buren v. United States change the CFAA?

The Supreme Court's decision in Van Buren v. United States, 593 U.S. 374 (2021), narrowed § 1030(a)(2) "exceeds authorized access" dramatically. The Court held that the statute applies only where the user accessed areas of a computer system (files, folders, databases) he was not authorized to access at all — not where the user misused information he was permitted to access. The Court adopted what it called a "gates-up-or-down" framework: the question is whether the user breached a gate, not why he wanted to walk through it. The decision invalidated entire categories of pre-2021 CFAA theories, including employee-policy-violation prosecutions, public-data-scraping cases, and competitive-intelligence cases. Post-Van Buren, the CFAA does not reach misuse of authorized access — only true breaches of access boundaries trigger liability.

What is a "protected computer" under the CFAA?

Under 18 U.S.C. § 1030(e)(2), a "protected computer" includes (A) computers used exclusively by financial institutions or the United States Government, and (B) computers used in or affecting interstate or foreign commerce or communication. The second clause is functionally universal in the modern internet age — any computer connected to the internet qualifies because it can communicate across state lines. The protected-computer element is rarely contested seriously in modern CFAA practice. Live disputes almost always center on whether the defendant's access was authorized or exceeded authorization, on the requisite mental state for the specific subsection charged, and on the loss-amount threshold for felony charging where applicable.

What is the difference between § 1030(a)(2) and § 1030(a)(4)?

Section 1030(a)(2) criminalizes intentionally accessing a protected computer without authorization or exceeding authorized access, and thereby obtaining information. The mens rea is simple intent to access — no specific intent to defraud is required, though commercial advantage or private financial gain elevate the offense to a felony. Section 1030(a)(4) criminalizes knowingly accessing a protected computer with specific intent to defraud and obtaining anything of value over $5,000. The mens rea is significantly higher — knowing access plus specific intent to defraud, importing common-law fraud principles from mail/wire fraud under §§ 1341/1343. Section 1030(a)(4) carries up to 5 years for a first offense (10 for repeat); § 1030(a)(2) ranges from misdemeanor to 10 years depending on aggravating factors. Section 1030(a)(4) is frequently charged alongside wire fraud under § 1343 to capture both the computer-access element and the broader fraudulent scheme.

When does § 1030(a)(2) become a felony rather than a misdemeanor?

A first-offense § 1030(a)(2) violation is a misdemeanor (up to 1 year imprisonment) absent aggravating factors. Under § 1030(c)(2)(B), the offense becomes a felony (up to 5 years for first offense, up to 10 for repeat) where it was committed (i) for purposes of commercial advantage or private financial gain, (ii) in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any State, or (iii) where the value of the information obtained exceeded $5,000. The $5,000 threshold is frequently contested at trial — forensic-accounting expert work challenges the government's valuation of the information obtained, and a successful sub-$5,000 finding combined with the absence of other aggravators reduces felony charges to misdemeanors. The "in furtherance of any criminal or tortious act" prong is particularly malleable and frequently asserted by the government even where the underlying tort or crime is loosely defined.

How is computer fraud different from wire fraud?

Wire fraud under 18 U.S.C. § 1343 criminalizes the use of interstate wires (telephone, internet, electronic communications) in furtherance of a scheme to defraud. The elements are a scheme to defraud plus interstate-wire use plus specific intent to defraud. Computer fraud under § 1030 criminalizes unauthorized access to computers in specified ways. The two statutes have substantial overlap — a defendant who breaches a corporate computer system to redirect wire transfers will typically face both § 1030(a)(4) (computer fraud) and § 1343 (wire fraud). But the elements differ: wire fraud focuses on the deceptive scheme and the use of wires; § 1030(a)(4) focuses on the unauthorized computer access plus the fraudulent intent. Section 1030 does not require interstate-wire use as an element; wire fraud does not require unauthorized computer access. Plea negotiation often involves dropping one charge to retain the other depending on the strength of each element.

What is the Texas state-law equivalent — Penal Code § 33.02?

Texas Penal Code § 33.02 — Breach of Computer Security — is the Texas state-law analog to the federal CFAA. The statute criminalizes "knowingly access[ing] a computer, computer network, or computer system without the effective consent of the owner." Penalties scale with the aggregate amount involved: under $2,500 is a Class B misdemeanor (up to 180 days, up to $2,000 fine); $2,500 to under $30,000 is a state-jail felony (180 days to 2 years); $30,000 to under $150,000 is a 3rd-degree felony (2-10 years); $150,000 to under $300,000 is a 2nd-degree felony (2-20 years); $300,000 or more is a 1st-degree felony (5-99 years or life). The "knowingly" mens rea aligns with the federal § 1030 standard, but Texas courts have not adopted the Van Buren gates-up narrowing as a matter of state law. Related Texas computer offenses include § 33.022 (Electronic Access Interference) and § 33.023 (Electronic Data Tampering).

Can the government also charge under the Stored Communications Act or Wiretap Act?

Yes — and frequently does. The Stored Communications Act at 18 U.S.C. § 2701 criminalizes intentional access to an electronic-communication-service facility without authorization, or in excess of authorization, to obtain or alter communications in electronic storage. The Wiretap Act at 18 U.S.C. § 2511 criminalizes the intentional interception of wire, oral, or electronic communications in real time. Both statutes carry up to 5 years per count for first offenses and frequently appear alongside § 1030 charges. The distinction: the Wiretap Act applies to communications in transit (interception); the SCA applies to communications already received and in electronic storage. Real-time keystroke logging and live network monitoring fall under § 2511; access to already-delivered emails on a server falls under § 2701. Many indictments include parallel § 1030, § 2511, and § 2701 counts to capture different aspects of the same conduct, with cumulative exposure multiplying significantly.

What is the statute of limitations for federal computer-fraud charges?

The general federal statute of limitations for CFAA prosecutions is five years under 18 U.S.C. § 3282. The five-year clock begins to run when the offense is "complete" — typically when the unauthorized access occurs or when the damage results. For continuing offenses (ongoing intrusions or repeated unauthorized access), the limitations period runs from the last act in furtherance of the offense. Certain § 1030(a)(1) prosecutions involving national-defense information may be subject to longer limitations under separate Title 18 provisions for espionage-act crosswalk offenses. The statute of limitations is generally tolled where the defendant has fled the United States or where formal extradition proceedings are pending. Defense counsel's pre-indictment work includes assessing the limitations posture — a case approaching the 5-year mark may prompt the government to charge earlier or to forgo prosecution entirely.

How much does a federal computer-fraud defense cost?

Legal fees for a federal § 1030 case typically run $50,000-$200,000+ depending on case complexity, expert needs, trial readiness, and the specific subsections charged. Pre-indictment representation alone — target-letter response, grand-jury subpoena practice, pre-charge dialogue with AUSAs — typically runs $25,000-$75,000. Indicted cases proceeding to motion practice on Van Buren grounds or to substantive suppression litigation run $75,000-$150,000. Trial-ready defenses including all forensic-computer and forensic-accounting expert work run $150,000-$300,000. Expert and investigator costs add substantially — forensic-computer examiner ($15,000-$50,000), forensic-accounting expert for § 1030(a)(5) loss challenges ($10,000-$30,000), e-discovery vendor for large data-set review ($25,000-$100,000), private investigator ($15,000-$40,000). Court-appointed CJA counsel is available for indigent defendants in federal court. Costs scale with the data volume — a multi-terabyte forensic review at the trial-ready level runs significantly higher than a focused single-system intrusion.

How long does a federal computer-fraud case take to resolve?

Federal computer-fraud cases typically take 12-24 months from indictment to disposition when contested with substantive motion practice. Pre-indictment investigation can extend the overall timeline to 24-48 months from initial FBI interest to final resolution. Trial-ready cases extend to 18-30 months post-indictment. The case posture in the first 90 days drives the timeline — early Van Buren gates-up analysis, prompt Rule 16 discovery, immediate forensic-computer expert retention, early identification of mens-rea and access-authorization theories, and early development of the loss-amount challenge all accelerate disposition. Cases involving multiple co-defendants, foreign-national defendants requiring extradition, or sophisticated technical evidence (ransomware-affiliate prosecutions, nation-state-related cases) routinely extend significantly beyond these averages. Plea negotiations often resolve cases within 6-12 months post-indictment where the defense has developed strong gates-up or loss-amount challenges that move the government off its initial charging posture.

When should I retain federal counsel in a computer-fraud matter?

Immediately upon receiving any of these signals: a federal grand-jury subpoena directing document production or testimony; a "target letter" from the U.S. Attorney's Office identifying you as a target of an investigation; an FBI agent or other federal investigator requesting an interview; execution of a federal search warrant at your residence or office; a federal arrest warrant; or any indication that federal authorities are investigating you or your conduct. Federal investigations frequently develop over 12-24 months before any indictment is returned — and your exposure during that pre-indictment window is shaped substantially by what counsel can accomplish before the grand jury votes. Pre-charge counsel can shape the charging decision, preserve Fifth Amendment rights, present material that may persuade the AUSA to decline prosecution or charge less aggressively, and develop the Van Buren gates-up theory before indictment forecloses certain defense moves. Many CFAA matters never result in indictment when counsel intervenes early and effectively. The pre-indictment window is the most strategically valuable defense lever — defendants who retain counsel only after indictment have already lost it.

References

All citations link to statutes.capitol.texas.gov for primary text. Footnote numbers in the body link here; the arrow returns to the citing paragraph.

  1. Tex. Penal Code § 38.04 — Evading arrest or detention.
  2. Tex. Penal Code § 12.21 — Class A misdemeanor punishment range.
  3. Tex. Penal Code § 12.34 — Third-degree felony punishment range.
  4. Tex. Penal Code § 12.33 — Second-degree felony punishment range.
  5. Tex. Penal Code § 9.22 — Necessity affirmative defense.
  6. Tex. Code Crim. Proc. art. 38.23 — Suppression of evidence from unlawful search/detention.
  7. Tex. Code Crim. Proc. art. 39.14 — Michael Morton Act discovery.
  8. Tex. Code Crim. Proc. art. 42A.054 — 3g offenses (not including evading).

Related resources

Related reading

Deep dive

40+
Years
Combined defense experience
$0
Consult
Free initial consultation
24/7
Available
Direct-to-attorney for jail release
About the authors

The attorneys behind this page

Reggie London

Reggie London

Co-Founding Partner · Criminal Defense Attorney

Admitted in Texas, TXND, TXED, and the U.S. Court of Appeals for the Fifth Circuit. Practice spans DWI, drug, weapons, theft, and process crimes — plus federal practice.

Texas Bar No. 24043514 · Read full bio →
Njeri London

Njeri London

Co-Founding Partner · Criminal Defense Attorney

Texas-licensed criminal defense attorney with deep Fourth Amendment motion practice. Focus: suppression hearings, drug-crime defense, federal-practice support.

Texas Bar No. 24043266 · Read full bio →
Free Consultation · 24/7

Talk to an attorney — not a screener.

Tell us about your case. Most clients hear back within an hour. Often within minutes.

(972) 370-5060
5899 Preston Rd, Ste 101 · Frisco, TX 75034

By submitting, you agree to our Privacy Policy.

Call (972) 370-5060

Attorney Advertising

This website is for general information purposes only and constitutes attorney advertising under the Texas Disciplinary Rules of Professional Conduct. Nothing on this site should be taken as legal advice for any individual case or situation. Receipt or viewing does not create an attorney–client relationship.

Past results do not guarantee similar outcomes. Each case is unique and must be evaluated on its own facts and circumstances.

L and L Law Group, PLLC attorneys are licensed to practice in the State of Texas. Njeri London (Texas Bar No. 24043266) and Reggie London (Texas Bar No. 24043514) are the attorneys responsible for the content of this site. None of the attorneys at L and L Law Group, PLLC are Board Certified by the Texas Board of Legal Specialization unless specifically and separately stated.

Please do not transmit any confidential information to L and L Law Group, PLLC by email, web form, or telephone before a written engagement is in place. Privacy Policy.

Service Areas

L&L Law Group represents clients across North Texas counties for DWI, assault, drug crimes, juvenile defense, outstanding warrants, bond reduction, and expunction matters.

DWI

Assault

Drug Crimes

Juvenile Defense

Outstanding Warrant

Bond Reduction

Expunction

By City & County

Federal Districts
Northern District of Texas (TXND) Eastern District of Texas (TXED)
En Español
Inicio Abogado Criminalista Frisco Abogado DWI Frisco

Defense by County

Collin County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Dallas County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Denton County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Tarrant County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Rockwall County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Kaufman County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Ellis County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Johnson County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants
Hunt County
Criminal Defense DWI Defense Assault Defense Drug Crimes Expunctions Juvenile Defense Bond Reduction Outstanding Warrants

Cities We Defend

Collin County
Frisco Plano McKinney Allen
Dallas County
Dallas Garland Irving Mesquite Carrollton Richardson
Tarrant County
Fort Worth Arlington Grand Prairie Cleburne
Denton County
Denton Lewisville
Rockwall County
Rockwall
Kaufman County
Kaufman
Ellis County
Waxahachie
Hunt County
Greenville
Call Email Map Top
developed by MPR Digital Legal Services