[iw] - SCOTUS narrows CFAA

[Richard Forno]

(x-posted)

Supreme Court narrows cybercrime law
By Chris Mills Rodrigo - 06/03/21 12:19 PM EDT

https://thehill.com/policy/technology/556686-supreme-court-narrows-cybercrime-law

The Supreme Court limited the scope of a crucial federal computer fraud 
law Thursday by overturning the conviction of a former police officer 
accused of misusing a government database.

The justices sided 6-3 with Georgia police sergeant Nathan Van Buren in 
his appeal of a conviction under the Computer Fraud and Abuse Act. 
Conservative Justices Clarence Thomas, John Roberts and Samuel Alito 
dissented.

The 1986 law prohibits accessing a computer “without authorization or 
exceeding authorized access."

The Justice Department had argued that Van Buren ran afoul of that law 
when he took a bribe to access a woman's license plate information in 
what was a 2015 FBI sting operation.

The former officer had argued that that interpretation was too broad 
because he did have legitimate access to the database, even if he 
misused it.

If simply violating the terms of a system is illegal under the CFAA, his 
team argued, then people could be charged for things as mundane as using 
work computers for personal use.

The majority opinion, penned by Amy Coney Barrett, echoed that 
assessment.

"The Government's interpretation of the 'exceeds authorized access' 
clause would attach criminal penalties to a breathtaking amount of 
commonplace computer activity," the opinion reads. "For instance, 
employers commonly state that computers and electronic devices can be 
used only for business purposes. On the Government's reading, an 
employee who sends a personal e-mail or reads the news using a work 
computer has violated the CFAA."