Supreme Court Narrowly Interprets CFAA to Avoid Criminalizing 'Commonplace Computer Activity'
The Court held that only those who obtain information from particular areas of the computer which they are not authorized to access can be said to "exceed authorization."
July 01, 2021 at 04:05 PM
10 minute read
On June 3, 2021, the United States Supreme Court issued a 6-3 opinion in Van Buren v. United States, No. 19-783, resolving the circuit split regarding what it means to "exceed[] authorization" for purposes of the Computer Fraud and Abuse Act (CFAA). The Court held that only those who obtain information from particular areas of the computer which they are not authorized to access can be said to "exceed authorization," and the statute does not — as the government had argued — cover behavior, like Van Buren's, where a person accesses information which he is authorized to access but does so for improper purposes. This was a long-awaited decision interpreting the CFAA, which has become an important statute in both criminal and civil enforcement relating to computer crime and hacking.
|Background
The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. §1030 et seq., was passed in 1986 as a targeted measure to combat a fairly circumscribed category of "computer trespassing" crimes. At that time, computer usage did not remotely resemble what it does today — in 1989, for example, about 15% of American households owned a personal computer and most people had never heard of the Internet. Despite significant changes in technology and an explosion in the use of electronic data since that time, many of the CFAA's provisions have not changed. Nevertheless, in recent years it has become the primary federal law used to prosecute hackers, including in a number of high-profile cases such as WikiLeaks founder Julian Assange, Aaron Swartz (co-founder of Reddit), Gilberto Valle (the "Cannibal Cop"), and Lori Drew (whose MySpace hoax was blamed for the suicide of a 13-year-old neighbor).
The CFAA prohibits accessing a computer "without authorization" or in a manner "exceeding authorized access." 18 U.S.C. §1030(a)(2). "[E]xceeding authorized access" is defined as "access[ing] a computer with authorization and … us[ing] such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter." Id. §1030(e)(6). Notably, the CFAA does not require that the person who accesses the computer actually do anything with the information they see or obtain. For that reason, many had previously expressed concern about the statute, arguing that it was subject to selective prosecution, allowing a prosecutor to bring felony charges even when there was little or no harm, just because the government disapproved of the activity. Those who violate Section 1030(a)(2) face penalties ranging from fines and misdemeanor sentences to imprisonment for up to 10 years. The CFAA also provides a private civil cause of action, which allows persons suffering damage or loss from CFAA violations to sue for money damages and equitable relief.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
When Police Destroy Property, Is It a 'Taking'? Maybe So, Say Sotomayor, Gorsuch
Justices Seek Solicitor General's Views on Music Industry's Copyright Case Against ISP
Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
Supreme Court Drops Facebook's Appeal in Securities Case as 'Improvidently Granted'
Law Firms Mentioned
Trending Stories
- 1Baker McKenzie Accepts Defeat on Australian Integration With Firm's Asia Practice
- 2PepsiCo's Legal Team Champions Diversity, Wellness, and Mentorship to Shape a Thriving Corporate Culture
- 3The Dynamic Duo Behind CMG's Legal Ops Team
- 4Land Use Issues Presented By Cold Storage Warehouses
- 5Zero-Dollar Verdict: Which of Florida's Largest Firms Lost?
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
