September 20, 2021

Volume XI, Number 263

Advertisement

September 20, 2021

Subscribe to Latest Legal News and Analysis

September 17, 2021

Subscribe to Latest Legal News and Analysis

Supreme Court Computer Access Decision has Positive Implications for Whistleblowers

On June 3, 2021, the United States Supreme Court announced its decision in Van Buren v. United States.  While the case did not directly involve a whistleblower issue, the decision nevertheless held profound implications for whistleblowers. At issue in Van Buren was the proper interpretation of the Computer Fraud and Abuse Act of 1986 (“CFAA”), which makes it illegal to “exceed[] authorized access” of a computer. 

While the CFAA, which has both civil and criminal components, was originally enacted as an anti-hacking statute, many court decisions across the country have greatly expanded its reach as technology has become more sophisticated.

A circuit split had emerged regarding the proper scope of the CFAA, with several circuit courts adopting a broad view of the CFAA’s “exceeds authorized access” language such that a CFAA violation occurs whenever an individual that has been properly granted access to computer files for a certain purpose uses those files for a separate and unauthorized purpose.  

Conversely, the circuit courts adopting the narrow view of the CFAA have held that a CFAA violation occurs only when an individual accesses computer files they have not been authorized to access for any purpose.  

Ultimately the Supreme Court adopted the narrow view and held that “an individual ‘exceeds authorized access' when he accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off-limits to him” but the CFAA does not cover impermissible uses of properly accessible files.

While the Van Buren case dealt with criminal charges under the CFAA, the decision has far-reaching effects.  As stated by the Court, a broad reading of the CFAA “would attach criminal penalties to a breathtaking amount of commonplace computer activity,” and would “criminalize every violation of a computer-use policy.”  Thus, companies could have instituted “computer-use policies” that would have prevented employees from turning over files they were authorized to access to law enforcement in an effort to report criminal activity.

Such negative implications of a broad interpretation of the CFAA have already been felt by whistleblowers.  Specifically, companies had recently begun to weaponize the civil component of the CFAA to attack employee whistleblowers who took computer data from their employees and provided it to the government as evidence in support of qui tam False Claims Act (“FCA”) cases.  

In those situations, the only “unauthorized access” at issue was the whistleblower employees merely turning over computer data to the government as evidence of fraud against the United States. This act of attempting to recover taxpayer dollars from fraudsters opened the whistleblowers to costly CFAA actions.  However, with the decision by the Court in Van Buren, it appears likely that such retaliatory tactics by FCA defendants will be foreclosed.  

Copyright Kohn, Kohn & Colapinto, LLP 2021. All Rights Reserved.National Law Review, Volume XI, Number 155
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Todd Yoder Whistleblower Attorney Kohn Kohn Colapinto
Associate

Todd Yoder is an associate with the whistleblower law firm Kohn, Kohn & Colapinto, LLP. Since graduating cum laude from the Georgetown University Law Center in May 2016 he has represented whistleblowers in federal court and before federal agencies where he has helped secure numerous legal victories for his whistleblower clients.

202-342-6980
Advertisement
Advertisement
Advertisement