In a 6-to-3 decision, the Supreme Court massively restricted the scope of the Computer Fraud and Abuse Act of 1986, a federal anti-hacking law.
As reported by The Washington Post, “the majority of justices [said] the government’s ‘breathtaking’ interpretation of the statute could make criminals of ‘millions of otherwise law-abiding citizens.’”
The case discussed whether Nathan Van Buren, a former Georgia police officer, violated the Computer Fraud and Abuse Act, which makes it illegal to “access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
As The Washington Post explained, “Van Buren was paid about $5,000 by an acquaintance to use his official computer access to track down information on a woman the man had met at a strip club,” with the former police officer later learning that “the 2015 payment, from someone police officers had been warned to steer clear of, was part of a sting operation.”
The Supreme Court ruling reverses the decision of the U.S. Court of Appeals for the 11th Circuit, which “upheld Van Buren’s conviction and sentence of 18 months in prison.”
Writing the majority opinion, Justice Amy Coney Barrett said that while Van Buren violated department policy, his behavior did not meet this definition, which “covers those who obtain information from particular areas in the computer — such as files, folders, or databases — to which their computer access does not extend.”
The provision “does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them,” she added.
This case represents a deeper debate over the breadth of the Computer Fraud and Abuse Act of 1986. Those in favor of broadening its reading refer to the access and release of “corporate secrets,” or “nefarious” use of such information. Those in favor of narrowing its reading argue in favor of protecting workers “who used their company laptops for activities such as checking social media or shopping for shoes,” as well as whistleblowers who could be prevented from exposing “wrongdoing.”
“The government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Barrett wrote, noting the potential criminalization of “everything from embellishing an online-dating profile to using a pseudonym on Facebook.”
On the subject of workplace concerns, Barrett added that “employers commonly state that computers and electronic devices can be used only for business purposes. So on the government’s reading of the statute, an employee who sends a personal e-mail or reads the news using her work computer has violated the CFAA.”
For the first time, the three justices nominated by President Donald Trump — Associate Justices Neil Gorsuch, Brett Kavanaugh, and Amy Coney Barrett — joined the court’s “liberal” justices — Associate Justices Stephen Breyer, Sonia Sotomayor, and Elena Kagan — in their decision regarding Van Buren v. United States. The dissenting opinion was filed by Associate Justice Clarence Thomas, joined by Chief Justice John Roberts and Associate Justice Samuel Alito.
“Both the common law and statutory law have long punished those who exceed the scope of consent when using property that belongs to others,” Thomas wrote. “A valet, for example, may take possession of a person’s car to park it, but he cannot take it for a joyride.”
“Van Buren never had a ‘right’ to use the computer to obtain the specific license plate information. Everyone agrees that he obtained it for personal gain, not for a valid law enforcement purpose. And without a valid law enforcement purpose, he was forbidden to use the computer to obtain that information,” Thomas continued.
While Thomas agreed that broader interpretations of such laws could further criminalize so-called “common practices,” he argued that this was hardly unique. “The number of federal laws and regulations that trigger criminal penalties may be as high as several hundred thousand,” he said.
“It is understandable to be uncomfortable with so much conduct being criminalized, but that discomfort does not give us authority to alter statutes,” Thomas added.