Supreme Court Narrows Computer Crime Law

Weiner Brodsky Kider PC
Contact

Weiner Brodsky Kider PC

The U.S. Supreme Court recently held that the Computer Fraud and Abuse Act (CFAA) is not applicable to someone who accesses a computer he or she is allowed to access, and does not exceed the scope of the information he or she is permitted to access, but does so for a prohibited purpose.  In a 6-3 split, the justices reversed the Eleventh Circuit’s October 2019 decision to uphold an ex-police officer’s conviction for having “exceeding” his authorized access to a law enforcement database by accepting money to run a license-plate search using his computer system access.

The CFAA, which is the main federal anti-hacking law used by prosecutors when individuals are accused of breaking into government or private computer networks, makes it illegal “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”

While the officer clearly violated his department’s policy, which authorized him to obtain database information for law enforcement purposes only, the court held that he did not violate the CFAA.  The Court held that an individual “exceeds authorized access” when he accesses a computer with authorization but then obtains information located in particular areas of the computer – such as files, folders, or databases – that are off limits to him, but not by using resources he would normally be entitled to use.

The parties agreed that the officer accessed a computer with authorization, the issue, however, was whether he was “entitled so to obtain” that information.  The Court reasoned that the government’s interpretation of the “exceeds authorized access” clause would attach criminal penalties to a “breathtaking amount of commonplace computer activity,” such as employees who use computers or electronic devices for personal purposes despite company policies that they are to be used for business purposes only. Because the officer was authorized to use the law enforcement database and was authorized to obtain this type of information, he did not violate the CFAA.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC
Contact
more
less

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.