Supreme Court narrows scope of hacking law, but questions remain
The Supreme Court on Thursday narrowed the scope of the Computer Fraud and Abuse Act in a 6-3 decision that leaves open questions about the law’s application in the future.
The decision in Van Buren v. United States brought together a coalition of left-leaning and right-leaning justices. The case represents one of the most significant looks at the 1980s-era CFAA, which prohibits individuals from accessing a computer “without authorization or exceeding authorized access” and is a key statute in prosecuting computer crimes.
In the case that reached the high court Nathan Van Buren, a former police officer, was convicted of a CFAA violation after he was discovered using his official access to obtain information about an individual in exchange for a bribe. The case came to light in an FBI sting operation that targeted Van Buren. The ruling reversed a circuit court decision upholding Van Buren’s conviction and remanded the case for further consideration in light of the new reading of CFAA.
The majority opinion from Justice Amy Coney Barrett narrowed the scope of what is meant by “exceeding authorized access” under the law. The court found that if a user has rightful access to a computer, they are not necessarily in violation of the law simply because they use the device for something other than its expressed purpose.
“The Government’s interpretation of the ‘exceeds authorized access’ clause would attach criminal penalties breathtaking amount of commonplace computer activity,” according to the court’s opinion, written by Justice Amy Barrett.
The CFAA’s vague wording has had technology groups worried for some time about how it could be used by some companies to penalize competitors and would-be competitor and to criminalize a range of benign activity, including cybersecurity research.
“When it comes to cybersecurity, there is good news and bad news,” Harley Geiger, senior director of public…