Posted Sun on Nov 29th 2020 12:52 pm by Ronald Mann
Van Buren v. United States gives the Supreme Court its first opportunity to interpret the Computer Fraud and Abuse Act, a federal law that establishes civil and criminal liability for unauthorized access to computers. The case, which will be discussed on Monday, raises a key question about the law that has deeply divided the lower courts: how does the law apply when a person is entitled to receive information from a computer for some purposes but not for others .
Nathan Van Buren was a Georgia police officer who was authorized to search computerized license plate records for law enforcement purposes. He fell in love with an FBI stab and searched these records for private purposes (at the request of an FBI informant who offered to pay him several thousand dollars for the information). The government charged Van Buren with two fraud cases in a federal district court: computer fraud under the CFAA and cable fraud in honest services under another law. A jury condemned him on both counts. The U.S. Court of Appeals for Circuit 11 overturned the wire fraud conviction but upheld the conviction under the CFAA. Van Buren appealed to the Supreme Court last December.
Everyone agrees that the case enables the vague language of the CFAA, which sanctions any person who transgresses authorized access to a computer. The law defines this term as “accessing a computer with authorization and using such access to obtain or modify information on the computer that the access is not authorized to obtain or modify”. Van Buren argues that the law only applies if the defendant receives information that he was not entitled to receive under any circumstances. From Van Buren’s point of view, a defendant who receives information that he was allowed to obtain from the computer for certain purposes (such as the license plate records at issue here) should not only be because of the particular way in which he received the information, Subject to federal criminal penalties Information was inappropriate (as seen here). Van Buren undoubtedly faces sanctions for violating the police agency’s computer usage rules, but that is the department’s responsibility, he says, not a US attorney.
It is fair to say that the Statute was not drawn up with a view to answering the question before the judges in Van Buren. It is therefore likely that the practical consequences of the decision will have a significant impact on the court’s analysis. On this point, the biggest problem the government is facing is the breadth of law enforcement measures available under its reading. For example, Van Buren points to a student who is viewing material on amazon.com while on a law degree and who openly violates computer use restrictions imposed by the professor. The government has no obvious answer as to why this is beyond the scope of the law, other than the implicit suggestion that prosecutors would rarely bring cases of this type. Several strong amicus filings in support of Van Buren highlight some of the startling practical implications of the government’s reading. At the same time, it seems clear that in many cases the government has legitimate law enforcement needs that a narrow reading of the CFAA would not achieve.
Unless the judges see clarity in the statute, which seems to have escaped most observers, they may find the prosecution’s broad range of government reading to be tolerable, as they expect Congress to slightly amend the CFAA to more precise cases of demonstrable urgency to reach the prosecutor. We should know a lot more about it by the end of the dispute on Monday.
Ronald Mann, Case Preview: Judges Who Should Consider the Width of the Federal Law on Computer Fraud,
SCOTUSblog (November 29, 2020, 12:52 p.m.), https://www.scotusblog.com/2020/11/case-preview-justices-to-consider-breadth-of-federal-computer-fraud-statute/