Statutory Interpretation – Computer Fraud and Abuse Act of 1986 – Exceeds Authorized Access

Listen to this article

United States Supreme Court

Case Name: Nathan Van Buren v. United States

Case No.: 19-783

Focus:  Statutory Interpretation – Computer Fraud and Abuse Act of 1986 – Exceeds Authorized Access

Nathan Van Buren, a former police sergeant, ran a license-plate search in a law enforcement computer database in exchange for money. Van Buren’s conduct plainly flouted his department’s policy, which authorized him to obtain database information only for law enforcement purposes. We must decide whether Van Buren also violated the Computer Fraud and Abuse Act of 1986 (CFAA), which makes it illegal “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter.”

He did not. This provision covers those who obtain information from particular areas in the computer—such as files, folders, or databases—to which their computer access does not extend. It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.

Reversed and remanded

Dissenting: THOMAS, J., filed a dissenting opinion, in which ROBERTS, C. J., and ALITO, J., joined.

Concurring:
Full Text

Derek A Hawkins is Corporate Counsel, at Salesforce.