December 6, 2021

Volume XI, Number 340


December 03, 2021

Subscribe to Latest Legal News and Analysis

BREAKING: SCOTUS Slashes Scope of Cybercrime Statute

Today, the Supreme Court handed down a decision significantly narrowing the scope of the Computer Fraud and Abuse Act (“CFAA”), a federal statute that can impose both criminal and civil liability on anyone who “intentionally accesses a computer without authorization or exceeds authorized access”, in its first-ever decision addressing this law.

In a 6-3 opinion in Van Buren v. United States, No. 19-783, authored by Justice Barrett, the Court reversed the Eleventh Circuit’s decision to uphold the conviction of a former police officer who was charged under the CFAA for searching a license plate in a law enforcement database for unofficial purposes.  His conviction concerned a provision of the statute that made it illegal “to access a computer with authorization and to use such access to obtain . . . . information in the computer that the accesser is not entitled so to obtain”.  The officer appealed, claiming that the CFAA did not cover unauthorized use of a database that he was otherwise authorized to access as part of his job.

Recall that the CFAA, which was passed in 1986, is considered to be the primary anti-hacking law and prosecutorial tool against outside actors who are accused of breaking into computer networks (although the statute has also been litigated recently in the commercial context, including in relation to data scraping).  It forbids individuals from intentionally accessing a computer without authorization or “exceed[ing] authorized access.”  The Supreme Court granted certiorari to resolve a split in authority among the Courts of Appeal regarding the scope of liability under the CFAA’s “exceeds authorized access” clause.

The majority opinion closely parsed the language of the CFAA and examined the types of activities that constituted “exceed[ing] authorized access.”  Ultimately, the Court concluded that the provision that Plaintiff had been convicted under “covers those who obtain information from particular areas in the computer—such as files, folders, or databases—to which their computer access does not extend.  It does not cover those who, like [Petitioner], have improper motives for obtaining information that is otherwise available to them.”  Op. at 1 (emphasis supplied).  Justice Barrett’s opinion also focused on the statute’s scope, noting that the government’s broad interpretation would criminalize a “breathtaking amount of commonplace computer activity,” including mundane activities such as using a work computer for personal purposes.

This case is a game changer for pending and future cases brought under the CFAA.  As CPW readers will remember, the hiQ/LinkedIn data-scraping saga ongoing in California federal court had been paused pending a ruling from SCOTUS in Van Buren.  All eyes will be back on that case now, in light of the circumscribed interpretation of the statute adopted by SCOTUS today.

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 154

About this Author

John A. Burlingame Business Litigation Attorney Squire Patton Boggs

John Burlingame is global co-chair of the Squire Patton Boggs Litigation Practice. He works extensively on high-value, high-profile cases and issues that receive national media attention. His experience as lead trial counsel spans a range of subjects, often involving matters of false advertising and unfair business competition. 

John’s cases have often received national media attention, including front page coverage in the Washington Post, the New York Times, the Wall Street Journal, and the Los Angeles Times. As a result, John regularly oversees...

+1 202 626 6871
Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

Christina Lamoureux Litigation Attorney Squire Patton Boggs Washington DC

Christina Lamoureux is an associate in the Litigation Practice in the Washington DC office. She represents a wide variety of clients in complex commercial matters.


  • District of Columbia, 2020

Related Services

  • Litigation