Supreme Court Expresses Skepticism Over 1986 Computer Crime Law

Illustration for article titled Supreme Court Skeptical About Law That Could Have a Chilling Effect On Security Research

Photo: Drew Angerer / Staff (Getty Images)

The Supreme Court on Monday expressed skepticism about the sweeping nature of the 1986 Computer Fraud and Abuse Act, claiming that the cybercrime law — the only one of its kind in the United States — could lead to a slippery slope where average Americans are criminalized for innocuous transgressions like checking Facebook at work.

The reexamination of the law comes during arguments for a case involving a Georgia police officer convicted of violating the Act after he accessed a license plate database in during an attempt to obtain information on a strip club dancer in what lawyers argued was an improper manner. Lawyers for the officer, Nathan Van Buren, say that he had not violated the CFAA and had, in fact, had legitimate access to the database through the course of his work.

The case — the first significant challenge to the scope of the CFAA to reach the nation’s highest court — spurred a string of amicus briefs from a wide range of technology, privacy and cybersecurity experts, many of whom argued that the law could discourage computer researchers and good-faith hackers from uncovering and disclosing security flaws.

“Under the government’s broad interpretation of the CFAA, standard security research practices — such as accessing publicly available data in a manner beneficial to the public yet prohibited by the owner of the data — can be highly risky,” one group of experts wrote.

Despite arguments from the government’s lawyer, Deputy Solicitor General Eric Feigin, that anxieties about overzealous enforcement of the law were overhyped, many of the Justices seemed concerned about the law’s broad scope.

According to Justice Neil Gorsuch, the DOJ’s argument threatened to “[make] a federal criminal of us all.” Justice Sonia Sotomayor argued that the government was “…asking us to write definitions to narrow what could otherwise be viewed as a very broad statute, and dangerously vague.”

Other members of the bench raised concerns about the key terms outlined in the statute.

“What is this statute talking about when it speaks of information in the computer?” Justice Samuel Alito asked…