A Georgia conviction is the vehicle accepted by the U.S. Supreme Court to resolve a circuit split on whether an authorized computer user violates the Computer Fraud and Abuse Act by using it for an improper purpose. 

The justices Monday granted certiorari in the case of a former Cumming, Georgia, police officer who was convicted of computer fraud after he took money to access a state criminal database to check whether a woman was an undercover officer.

The U.S. Court of Appeals for the Eleventh Circuit in October agreed with several other circuits that the improper computer use was illegal and affirmed his 18-month prison sentence.

But lawyers for Nathan Van Buren argued the interpretation embraced by the trial court and appellate panel is far too narrow, claiming that reading of the law would make it a crime to join an office sports pool or check a bank balance on a company-owned computer. 

Appellate courts are "intractably divided" with four circuits accepting the "improper purpose" conclusion, while three others say the law criminalizes access only if there is no authority to access it at all, the defense said. 

Otherwise the law would "criminalize ordinary computer use throughout the country," wrote Van Buren's lawyers, Federal Defenders Stephanie Kearns and Rebecca Shepard, Atlanta solo Saraliene Durrett and Jeffrey Fisher with the Stanford Law School Supreme Court Litigation Clinic. 

"We're grateful for the court's willingness to review the case and look forward to making our arguments on the merits," Fisher said by email.

There was no immediate response from the office of U.S. Solicitor General Noel Francisco, which will argue for the government.

As detailed in court filings, Van Buren was a police sergeant who struck up a friendship with Edward Albo, a retiree in his 60s who "allegedly fancied younger woman, including minors and prostitutes," whom he would pay only to later accuse them of stealing his money.

Van Buren's chief warned his officers that Albo was mentally unstable and "volatile," and the sergeant  "often handled the disputes between Albo and various women."

At some point Van Buren asked Albo to lend him  $15,368, claiming he needed to pay his son's medical bills.

Albo secretly recorded the conversation, then reported the incident to a Forsyth County sheriff's detective, saying Van Buren was shaking him down. 

The FBI got involved and set up a sting in which Albo told Van Buren he was interested in a woman he met at a strip club but was afraid she was an undercover cop. 

Albo gave Van Buren $5,000 and provided a phony license number from the FBI. He later gave the officer another $1,000.

Van Buren ran the number through the Georgia Criminal Information Center database and told Albo he had some information for him.

The next day, agents of the FBI and Georgia Bureau of Investigation showed up at Van Buren's door, and he admitted running the license for Albo.

In 2016, a federal grand jury indicted Van Buren on one count of honest-services wire fraud and one count of felony computer fraud. U.S. District Judge Orinda Evans sentenced him to two concurrent 18-month terms. 

Van Buren appealed both convictions, and the Eleventh Circuit ordered a new trial on the honest-services fraud count due to flawed jury instructions.

He also challenged the computer fraud statute, arguing "he was innocent because 'he accessed only databases that he was authorized to use,' albeit for inappropriate reasons."

Eleventh Circuit Judge Robin Rosenbaum, writing for a panel that included Judge Beverly Martin and Sixth Circuit Judge Danny Boggs, rejected that argument.

"We noted that the computer-fraud statute defines 'exceeds authorized access' as 'to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled to obtain or alter,' " she wrote. The officer violated the law when he obtained the information "for a nonbusiness reason." 

Van Buren argued the precedent "allows employers or other parties to legislate what counts as criminal behavior through their internal policies or their terms of use," Rosenbaum said. 

She acknowledged other circuits warned this interpretation could leave open the possibility of someone facing criminal charges for everyday computer use such as chatting on Google, playing games or viewing Facebook at work.

"But under our prior-precedent rule, 'a prior panel's holding is binding on all subsequent panels unless and until it is overruled or undermined to the point of abrogation by the Supreme Court or by this court sitting en banc,' " Rosenbaum wrote. 

Van Buren's lawyers told the Supreme Court that it is "critical that this court resolve the conflict over the scope of the CFAA."

"At its core, the question presented is whether the CFAA applies only to hacking and related activities or whether it extends to 'whole categories of otherwise innocuous behavior,'" they wrote. 

 

Most every March, they said tens of millions of Americans participate in March Madness office pools, and many likely violate their employers' computer policies.

"The question whether such commonplace activities violate the CFAA should not be left unresolved," Van Buren's petition said. "It is intolerable for a broad swath of conduct to be entirely innocent in parts of the country but to constitute a federal crime in others."

Amicus briefs were filed by the National Association of Criminal Defense Lawyers, Electronic Frontier Foundation, Center for Democracy & Technology and New America's Open Technology Institute.