Build a custom email digest by following topics, people, and firms published on JD Supra.
In Van Buren v. United States, No. 19-783 (June 3, 2021), the Supreme Court of the United States recently waded into the meaning of the Computer Fraud and Abuse Act’s (CFAA) “exceeds authorized access” prohibition.
The six-justice majority held that a former Georgia police sergeant, Nathan Van Buren, did not violate the CFAA when he violated departmental policy restricting use of a police database for law enforcement purposes by running a license plate search in exchange for money. Van Buren was convicted under the CFAA, which imposes criminal and civil penalties for computer hacking and employee misuse of company computers. Although Van Buren concerned a criminal conviction, the Court’s analysis will also apply to civil claims brought under the CFAA.
The CFAA prohibits an individual from accessing a computer without authorization or exceeding authorized access, and “allows persons suffering ‘damage’ or ‘loss’ from CFAA violations” to recover civil money damages and equitable relief. According to the CFAA, 18 U.S.C. § 1030(e)(6), “exceeds authorized access” means “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/25417952/transformers_megatron.jpg){kind=spacer}
