On June 3, 2021, the U.S. Supreme Court issued its opinion in Van Buren v. United States. At issue was whether the Computer Fraud and Abuse Act of 1986 (“CFAA”), which was aimed at targeting computer fraud and hacking, makes it illegal for an authorized user of a computer system to use their access to obtain information with an improper motive or for an improper purpose. No. 19-783, at 1 (June 3, 2021). Specifically, petitioner Nathan Van Buren, a former police sergeant, used his computer to access a government database to retrieve information about a particular license plate number in exchange for money. Id. at 3. Despite using his valid credentials to access the database, Van Buren violated his department’s policy, which “authorized him to obtain database information only for law enforcement purposes.” Id. at 1. Van Buren was charged with a felony violation of the CFAA on the ground that running the license plate number violated the CFAA’s “exceeds authorized access” clause at 18 U.S.C. § 1030(a)(2). Id. at 3-4. The jury convicted Van Buren and the U.S. District Court for the Northern District of Georgia sentenced him to 18 months imprisonment. Id. A panel of the U.S. Court of Appeals for the Eleventh Circuit affirmed Van Buren’s conviction in accordance with Eleventh Circuit precedent. Id. The Eleventh Circuit was joined by the First, Fifth and Seventh Circuits in taking a broader view of the “exceeds authorized access” clause whereas the Second, Fourth, Sixth and Ninth Circuits all held a narrower view. Id. at 4. The Supreme Court granted Van Buren’s petition for a writ of certiorari to resolve the circuit split “regarding the scope of liability under the CFAA’s ‘exceeds authorized access’ clause.”
Please see full Publication below for more information.