CFAA Conviction Requires Some Kind Of A "Hack," Supreme Court Says

Constangy, Brooks, Smith & Prophete, LLP
Contact

Constangy, Brooks, Smith & Prophete, LLP

Mere "misuse" of information is not enough.

The U.S. Supreme Court decided yesterday that a criminal conviction under the Computer Fraud and Abuse Act cannot be based merely on misusing information obtained through a computer system. Instead, the defendant must have either had no legitimate access, or exceeded the legitimate access that he had.

The Court's decision could have implications in cases involving theft of an employer's trade secrets, or misuse of an employer's customer lists or other confidential and proprietary information. If the employee or former employee had access to the computer system from which the information was obtained, then there will be no violation of the CFAA, even if that information was later misused.

Of course, employers will still have remedies under applicable trade secret protection statutes and other causes of action, including breach of non-compete agreements. And misuse of an employer's confidential information remains a legitimate ground for termination of employment.

In Van Buren v. United States, a police sergeant in Cumming, Georgia, had been under investigation by the FBI. As part of his normal job responsibilities, he had access to a law enforcement database with license plate information. An FBI informant offered him money to access the database and find out whether a woman the informant supposedly knew was an undercover officer. The sergeant accepted payment, accessed the database, obtained the requested information, and told the informant he had it. (As you might have guessed, this was all a set-up.) Then the sergeant was arrested and ultimately convicted of violating the CFAA. 

The sergeant appealed to the U.S. Court of Appeals for the Eleventh Circuit, arguing, among other things, that the CFAA did not apply because he had legitimate access to the database. The Eleventh Circuit affirmed the CFAA conviction in 2019, finding that the sergeant's misuse of the information to which he had access violated the CFAA. The Supreme Court agreed to review the decision in April 2020.

Yesterday's majority opinion, written by Justice Amy Coney Barrett, and joined by a "bipartisan" group that included Justices Stephen Breyer, Neil Gorsuch, Elena Kagan, Brett Kavanaugh, and Sonia Sotomayor, parsed the language of the statute and determined that it applied only to individuals who lacked legitimate access to either the computer or system, or to a portion of the system, such as a secure file. The CFAA does not apply to individuals who have legitimate access but then use the data obtained for an improper purpose, according to the Court.

U.S. Courts of Appeal for the Second and Ninth Circuits had already issued decisions consistent with yesterday's Supreme Court decision.

Justice Clarence Thomas, joined by Chief Justice John Roberts and Justice Samuel Alito, dissented.

Don't go away! Ron Sarian, chair of our Digital Workplace & Data Privacy practice group, will have a more in-depth article about the Van Buren decision, and recommendations for employers seeking to protect their data and information.

Image Credit: Caricature of Justice Amy Coney Barrett from flickr, Creative Commons license, by DonkeyHotey. First image from Adobe Stock.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Constangy, Brooks, Smith & Prophete, LLP | Attorney Advertising

Written by:

Constangy, Brooks, Smith & Prophete, LLP
Contact
more
less

Constangy, Brooks, Smith & Prophete, LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.