The U.S. Supreme Court on Thursday said a Georgia police officer had not violated the country’s main anti-hacking law by improperly accessing a government database for financial gain, a decision likely to curtail prosecutions under the Computer Fraud and Abuse Act (CFAA) of individuals who misuse computer systems to which they have legal access.
The police officer, Nathan Van Buren, was arrested and charged under the 1986 law after accepting payment from an FBI informant to search a law enforcement database of license plate information. The government charged Van Buren with violating the CFAA, which prohibits people from knowingly “exceeding” their “authorized access” to a computer system.
The ruling is widely viewed as a win for criminal defense lawyers who’ve long criticized the statute as overly ambiguous and who’ve accused prosecutors of employing an overly expansive interpretation. The government has previously brought charges under the CFAA against people accused of violating corporate computer policies and website terms of service.
The ruling is “an important victory for civil liberties and civil rights enforcement in the digital age,” the American Civil Liberties Union said.
In its 6-3 decision, the Supreme Court found Van Buren’s use of the license plate database—however improper—was not “unauthorized,” insofar as the CFAA is concerned.
“In sum, an individual ‘exceeds authorized access’ when he accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off limits to him,” the court’s opinion, delivered by Justice Amy Coney Barrett, says.
Barrett went on to note the government has never argued that Van Buren was prohibited from accessing the database, even if his motives for doing so, in this case, were immoral. “The only question is whether Van Buren could use the system to retrieve license-plate information. Both sides agree that he could,” she wrote.
Justices Clarence Thomas,…