was the Supreme Court鈥檚 first opinion interpreting the . Originally drafted as an anti-hacking statute, the Act prohibits people from accessing computers or computer systems 鈥渨ithout authorization鈥 or in a way that 鈥渆xceeds authorized access.鈥 Violations of the Act are punishable by civil and criminal penalties.
The question before the Court in Van Buren was how to interpret the phrase 鈥渆xceeds authorized access鈥 and whether it means that people are prohibited from obtaining information from some parts of a computer system but not others or whether it applies more broadly to people who are allowed to access a computer system but use that access to obtain information for improper purposes.
Van Buren involved a former Georgia police officer who was charged with a felony for violating the Computer Fraud and Abuse Act. Officer Nathan Van Buren was accused of taking money in exchange for running a search in a law enforcement license plate database. This conduct violated a police policy that requires that the database be used for law enforcement purposes only. Van Buren was convicted of violating the CFAA because he used the database for an improper purpose, even though it was a database he was allowed to access.
The Court鈥檚 decision has broad implications for our everyday lives. If the Court interpreted the Computer Fraud and Abuse Act broadly, the decision could have criminalized 鈥渁 breathtaking amount of commonplace computer activity鈥 such as employees who violate an employer鈥檚 policy that computers be used for business purposes by using a work computer to send a personal email or check the news.
A broad interpretation of the CFAA could have also criminalized violations of a website鈥檚 terms of service agreement, the restrictions imposed on users in click-through agreements.
But the Court ultimately interpreted the CFAA more narrowly, finding that the Act did not apply to people who simply 鈥渉ave improper motives for obtaining information that is otherwise available to them.鈥
The majority opinion, authored by Justice Barrett on June 3, 2021, rejected the government鈥檚 plea for an expansive interpretation of the CFAA, finding that doing so could criminalize employees for using business computers for non-work purposes. The Court also ruled that violating a website鈥檚 terms of service agreement is not a criminal violation.
Three of the Court鈥檚 conservative justices, Clarence Thomas, Samuel Alito, and John Roberts, dissented from the majority ruling.
Interpreting the Computer Fraud and Abuse Act narrowly, the Court adopted a 鈥済ates-up-or-gates-down鈥 test, finding that a person must bypass a gate that is down in order to be held criminally liable. Specifically, a person must enter an area of the computer system that they are not supposed to access, entering 鈥減articular areas of the computer鈥攕uch as files, folders, or databases鈥攖hat are off limits.鈥
Under the Court鈥檚 interpretation of the CFAA, the two ways of violating the CFAA work together. Prohibiting 鈥渁ccess without authorization鈥 means a person is not allowed to enter a computer or computer system that they are not authorized to access. This prohibition targets outside hackers who try to enter a computer system with no authorization whatsoever.
The prohibition on 鈥渆xceeding authorized access鈥 means that people are not permitted to enter 鈥渁 part of the system to which a computer user lacks access privileges.鈥 This language targets inside hackers who access a computer with permission but exceed the bounds of that authorized access by entering an area of the computer system that they do not have authorization to access.
Using the gates-up-or-gates-down analogy, a person either can or cannot access the computer system, and they can or cannot access areas within the system. Applying this reasoning, Mr. Van Buren did not violate the CFAA because he had access to the database; the rule prohibiting non-business use was not a closed gate.
Under the Court鈥檚 interpretation in Van Buren, the Computer Fraud and Abuse Act is ultimately a trespassing law. A user is prohibited from going places in the computer system that they are not permitted to go. When the gate is down, the user is prohibited from wrongfully bypassing the gate.
Future analyses of violations of the CFAA may turn on questions of authentication, such as how a user gained authorization to bypass a gate by giving the correct username and password.
Even though the Court in Van Buren interpreted the CFAA narrowly, allegations of fraud and other internet crimes are serious, and conviction can carry significant penalties.
If you have been charged with online criminal activity, you need an experienced criminal defense attorney on your side. You need a lawyer who understands the intersection of technology and the law and will fight to protect and defend your constitutional rights.
Hope Lefeber has been representing people accused of crimes in federal court for more than 30 years. She began her career as an enforcement attorney with the United States Securities and Exchange Commission (SEC), where she learned first-hand how the government prepares and prosecutes cases in federal court. Today, she uses that experience to defend people accused of internet crimes in federal court.
Ms. Lefeber is staunchly committed to keeping the government out of people鈥檚 personal lives and vehemently defends her clients with passion, skill, and dedication. You will find her to be meticulously prepared and hands-on in her approach to criminal defense.
If you are under investigation or have been charged with a crime in federal court, Hope Lefeber should be your first call. Contact Ms. Lefeber today to schedule a free, confidential consultation to discuss your case.
漏 2026 有料盒子| View Our Disclaimer | Privacy Policy