The US Supreme court granted certiorari Monday for a case concerning whether accessing authorized computer information for improper purposes is a crime.
The case, Van Buren v. United States, involves police sergeant Nathan Van Buren of Cumming, Georgia. Van Buren contacted a local man associated with criminal activity for a personal loan. In a sting operation, the FBI and local police instructed the man to ask Van Buren to search the license plate numbers of a local strip club dancer in exchange for the loan. Van Buren used his police authorizations to conduct the computer search. The FBI then arrest Van Buren and charged him with felony computer fraud under the Computer Fraud and Abuse Act (CFAA).
The petitioner in this case argues that the CFAA does not not criminalize using authorized computer access for improper purposes like in this case:
The courts of appeals are openly divided four-to-three over whether a person with permission to access information on a computer violates the Computer Fraud and Abuse Act when he accesses that information for an improper purpose. This Court should use this case to resolve the conflict. This case squarely presents the issue, and the Eleventh Circuit’s expansive construction of the CFAA is incorrect. The most natural reading of the CFAA is that a person “obtain[s] information in the computer that [he] is not entitled so to obtain,” 18 U.S.C. § 1030(e)(6), only if he had no right at all to access the information. Reading the statute more broadly would criminalize ordinary computer use throughout the country, thereby inviting arbitrary enforcement and flouting the principle that a federal criminal statute should not be construed to encompass a broad swath of everyday behavior unless the statute’s text unambiguously demands that result.
The CFAA criminalizes a person “access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] information from any protected computer.” Additionally, the act defines “exceed[ing] authorized access” as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
The Supreme Court will decide whether the conduct in this case was criminalized under the CFAA.