September 20, 2021

Volume XI, Number 263


September 20, 2021

Subscribe to Latest Legal News and Analysis

SCOTUS Overturns First, Fifth, Seventh, and Eleventh Circuits and Limits Scope of Computer Fraud and Abuse Act Prosecutions

This week, in United States v. Van Buren, the United States Supreme Court resolved a circuit split over whether a person who is authorized to access information on a computer for certain purposes violates Section 1030(a)(2) of the Computer Fraud and Abuse Act (“CFAA”) if the information is accessed for an improper purpose. The First, Fifth, Seventh, and Eleventh Circuits held that obtaining information with an improper purpose, i.e., violating employer “use restrictions,” is sufficient for a CFAA conviction. Comparatively, the Second, Fourth, and Ninth Circuits held that CFAA does not impose criminal liability on a person with permission to access such information on a computer, even if such information was accessed for an improper purpose. 
In Van Buren, a case on appeal from the Eleventh Circuit, a Georgia police sergeant became the subject of an FBI sting operation after asking Andrew Albo, an individual known for associating with prostitutes, for a loan. At the FBI’s instruction, Albo requested Van Buren to run a computer search for a license plate number that purportedly belonged to a local exotic dancer he fancied. According to the cover story, Albo wanted to verify that the dancer was not an undercover police officer. Van Buren accessed the Georgia Crime Information Center database, which contains license plate and vehicle registration information. As a law enforcement officer, Van Buren was authorized to access this database for law-enforcement purposes. After running a search for the license plate, Van Buren texted Albo the results; Albo then gave Van Buren $6,000. Van Buren was convicted of violating CFAA. The Eleventh Circuit Court of Appeals upheld the conviction, rejecting Van Buren’s argument that he could not have violated the Act because he had permission to access the databases.
In a 6-3 decision authored by the Court’s newest Justice, Amy Coney Barrett, the Court reversed and remanded Van Buren’s conviction. The majority, joined by Justices Breyer, Sotomayor, Kagan, Gorsuch, and Kavanaugh reasoned that a person violates CFAA’s “exceeds authorized access” language when they access files or other information that is off-limits to them on a computer system they are otherwise authorized to use. Since Officer Van Buren had authorized access to the database containing license plate and vehicle registration information—even though he accessed the information in question for improper purposes—he did not violate CFAA. Thus, the majority opinion resolved the circuit split in favor of the Second, Fourth, and Ninth Circuit’s “improper purpose” interpretation, agreeing that too strict of an interpretation of Section 1030(a)(2) would “criminalize every violation of a computer-use policy” and turn “millions of otherwise law-abiding citizens [into] criminals.” In their dissent, Chief Justice Roberts, along with Justices Thomas and Alito, applied a stricter interpretation of the CFAA and agreed with the First, Fifth, Seventh, and Eleventh Circuits. As Justice Thomas wrote, “It is understandable to be uncomfortable with so much conduct being criminalized, but that discomfort does not give us authority to alter statutes.”
The majority’s opinion takes note of the sweeping provisions of the CFAA and recognizes the dangers a strict interpretation of them creates for employers and employees in a highly digitized and computer-oriented world. Not wanting to create a federal case out of every computer-use policy violation, the Court’s majority opinion in Van Buren prevents the CFAA from turning the DOJ and Federal Courts into HR Departments with the power to turn violators into felons and shifts the analysis back towards Congress’ intent: allowing the DOJ and Federal Courts to hold hackers accountable.

© Polsinelli PC, Polsinelli LLP in CaliforniaNational Law Review, Volume XI, Number 155

About this Author

Ellen H. Persons Government Investigations Attorney Polsinelli Atlanta, GA

As a former assistant U.S. attorney, Ellen Persons uses her experience to help clients navigate through the complexities of government investigations. Ellen is tenacious and meets challenges head on. She develops innovative, pragmatic, and cost-efficient solutions to her clients' litigation issues. 

Ellen focuses her practice on defending clients against allegations of fraud. She has experience defending companies and executives against qui tam litigation and associated government investigations. She also has experience with internal corporate investigations and corporate legal...

Matthew L. Hickman White Collar Lawyer Polsinelli law firm

Matthew Hickman is an associate with Polsinelli’s Atlanta office. He represents clients in white collar matters. His practice focuses on helping clients respond to all types of government investigations based on alleged violations of various civil, criminal, and administrative laws. Matt also represents clients in white collar criminal matters and helps corporate and government clients conduct internal investigations.
Prior to joining Polsinelli, Matt clerked for the Honorable Judge Lisa Godbey Wood in the United States District Court for the Southern District of Georgia....