Article written by Haim Ravia and Dotan Hammer
A majority opinion of the Supreme Court of the United States has narrowed the scope of the federal Computer Fraud and Abuse Act (CFAA), holding that the prohibition on unauthorized access to information does not cover instances of misusing authorized access rights to information for “improper motives”.
At issue was the conviction of a former police officer who allegedly misused his authorized access to the police database to retrieve a license plate number, in exchange for payment. Federal prosecutors charged the former police officer with violation of the CFAA provision that prohibits the use of authorized access to a computer to obtain or alter information that the accessor is not entitled to obtain or alter.
The Supreme Court held that the CFAA only applies to those who “obtain information from particular areas in the computer – such as files, folders, or databases – to which their computer access does not extend”. As per the Court’s majority opinion, this does not apply to those who have “improper motives” for retrieving information that they are otherwise authorized to access. The Court overturned the officer’s conviction, pointing out that if the CFAA’s prohibitions were to apply to such cases, it would render a variety of everyday actions technically illegal, such as using a work Zoom account to make a personal call.
Justices Thomas, Roberts, and Alito dissented, opining that by misusing access privileges “under circumstances that were expressly forbidden”, the former police officer exceeded his authorized access in violation of the CFAA.
CLICK HERE to read the U.S. Supreme Court decision in the case of Van Buren v. United States.