March 8, 2021

Volume XI, Number 67


March 08, 2021

Subscribe to Latest Legal News and Analysis

March 05, 2021

Subscribe to Latest Legal News and Analysis

SCOTUS Set to Resolve Circuit Split and Decide Scope of Computer Fraud and Abuse Act Prosecutions

Last week, the United States Supreme Court added United States v. Van Buren to its merits docket for next term. The Court will seek to resolve a circuit-split over whether a person who is authorized to access information on a computer for certain purposes violates Section 1030(a)(2) of the Computer Fraud and Abuse Act (“CFAA”) if the information is accessed for an improper purpose. The answer to this question has sweeping implications as computer access rights of nearly all computer users are governed by access and use policies, including website terms of service and the typical corporate policy that computers can be used only for business purposes.  If the Court adopts the “improper purpose” interpretation of CFAA offered below by the Eleventh Circuit, violating commonplace computer use policies can constitute a CFAA violation, thereby transforming seemingly innocuous activities—such as utilizing a work computer to talk with friends, access social media, shop, watch sports highlights—into federal crimes.   

The CFAA makes it a federal crime to access a computer without authorization or exceed authorized access on that computer, and in so doing obtain information from any protected computer. Although originally passed as an anti-hacking law, prosecutors have utilized CFAA’s broad statutory language to bring federal criminal charges against individuals premised on terms-of-use violations.  Convictions under CFAA carry weighty consequences for defendants, including a felony conviction and up to five years of imprisonment. CFAA also creates a civil cause of action, allowing any person who suffers damage or loss because of a violation of CFAA to sue for damages or equitable relief.

In Van Buren, a Georgia police sergeant became the subject of an FBI sting operation after asking Andrew Albo, an individual known for associating with prostitutes, for a loan. At the FBI’s instruction, Albo requested Van Buren to run a computer search for a license plate number that purportedly belonged to a local exotic dancer he fancied. According to the cover story, Albo wanted to verify that the dancer was not an undercover police officer. Van Buren accessed the Georgia Crime Information Center database, which contains license plate and vehicle registration information. As a law enforcement officer, Van Buren was authorized to access this database for law-enforcement purposes.  After running a search for the license plate, Van Buren texted Albo the results; Albo then gave Van Buren $6,000. Van Buren was convicted of violating CFAA. The Eleventh Circuit Court of Appeals upheld the conviction, rejecting Van Buren’s argument that he could not have violated the Act because he had permission to access the databases.

The First, Fifth, and Seventh Circuits are in agreement with the Eleventh Circuit, holding that obtaining information with an improper purpose, i.e., violating employer “use restrictions,” is sufficient for a CFAA conviction. In contrast, the Second, Fourth, and Ninth Circuits have each held that CFAA does not impose criminal liability on a person with permission to access information on a computer and who accesses that information for an improper purpose. Critics of the “improper purpose” interpretation note that limiting the statute’s use to scenarios where an individual is categorically forbidden from accessing particular information on the computer maintains the CFAA’s focus on hacking.

Stay tuned for updates on the Supreme Court’s ruling as it will likely have broad consequences for how employers, companies, website owners, and prosecutors pursue criminal and civil CFAA cases.   

© Polsinelli PC, Polsinelli LLP in CaliforniaNational Law Review, Volume X, Number 119



About this Author

Brian F. McEvoy Litigation Attorney Polsinelli Atlanta, GA
Office Managing Partner | Practice Chair

Brian McEvoy is an accomplished litigator with a well-earned reputation for working tirelessly to achieve the best outcomes for clients and for thinking creatively and strategically to resolve difficult problems with efficiency and professionalism. Brian is a former federal prosecutor with a practice focus on white collar criminal defense and a special emphasis in health care fraud matters. During his service as a federal prosecutor, he received special commendation from the Department of Health and Human Services by receiving the Inspector General's Integrity Award for...

Ellen H. Persons Government Investigations Attorney Polsinelli Atlanta, GA

As a former assistant U.S. attorney, Ellen Persons uses her experience to help clients navigate through the complexities of government investigations. Ellen is tenacious and meets challenges head on. She develops innovative, pragmatic, and cost-efficient solutions to her clients' litigation issues. 

Ellen focuses her practice on defending clients against allegations of fraud. She has experience defending companies and executives against qui tam litigation and associated government investigations. She also has experience with internal corporate investigations and corporate legal...

Andrew T. Fox Phoenix Polsinelli Government Investigations Labor and Employment Commercial Litigation Litigation and Dispute Resolution

As a member of Polsinelli’s Government Investigations practice, Andrew assists clients in all aspects of white collar criminal defense and internal corporate investigations. Working to understand each client’s unique situation, he helps guide clients through government inquiries and provides counsel that aligns to their business strategies. Andrew has experience drafting briefs, memoranda and responding to discovery requests.

Prior to joining Polsinelli, Andrew served as a law clerk to The Honorable Judge Douglas L. Rayes on the United States District Court for the District of...