Tag Archive for: supreme

Supreme Court Limits Scope of Controversial Hacking Law

/in



Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.

Source…

Supreme Court narrows scope of hacking law, but questions remain — FCW

/in


Cybersecurity

Supreme Court narrows scope of hacking law, but questions remain

  • By Justin Katz
  • Jun 03, 2021

US Supreme Court shutterstock photo ID: 376063027 By Tinnaporn Sathapornnanont 

The Supreme Court on Thursday narrowed the scope of the Computer Fraud and Abuse Act in a 6-3 decision that leaves open questions about the law’s application in the future.

The decision in Van Buren v. United States brought together a coalition of left-leaning and right-leaning justices. The case represents one of the most significant looks at the 1980s-era CFAA, which prohibits individuals from accessing a computer “without authorization or exceeding authorized access” and is a key statute in prosecuting computer crimes.

In the case that reached the high court Nathan Van Buren, a former police officer, was convicted of a CFAA violation after he was discovered using his official access to obtain information about an individual in exchange for a bribe. The case came to light in an FBI sting operation that targeted Van Buren. The ruling reversed a circuit court decision upholding Van Buren’s conviction and remanded the case for further consideration in light of the new reading of CFAA.

The majority opinion from Justice Amy Coney Barrett narrowed the scope of what is meant by “exceeding authorized access” under the law. The court found that if a user has rightful access to a computer, they are not necessarily in violation of the law simply because they use the device for something other than its expressed purpose.

“The Government’s interpretation of the ‘exceeds authorized access’ clause would attach criminal penalties breathtaking amount of commonplace computer activity,” according to the court’s opinion, written by Justice Amy Barrett.

The CFAA’s vague wording has had technology groups worried for some time about how it could be used by some companies to penalize competitors and would-be competitor and to criminalize a range of benign activity, including cybersecurity research.

“When it comes to cybersecurity, there is good news and bad news,” Harley Geiger, senior director of public…

Source…

Supreme Court Issues Radical New Reading of Anti-Hacking Law

/in


Morning commuters walk by The U.S. Supreme Court building May 24, 2021 in Washington, DC.

Morning commuters walk by The U.S. Supreme Court building May 24, 2021 in Washington, DC.
Photo: Anna Moneymaker (Getty Images)

The U.S. Supreme Court on Thursday said a Georgia police officer had not violated the country’s main anti-hacking law by improperly accessing a government database for financial gain, a decision likely to curtail prosecutions under the Computer Fraud and Abuse Act (CFAA) of individuals who misuse computer systems to which they have legal access.

The police officer, Nathan Van Buren, was arrested and charged under the 1986 law after accepting payment from an FBI informant to search a law enforcement database of license plate information. The government charged Van Buren with violating the CFAA, which prohibits people from knowingly “exceeding” their “authorized access” to a computer system.

The ruling is widely viewed as a win for criminal defense lawyers who’ve long criticized the statute as overly ambiguous and who’ve accused prosecutors of employing an overly expansive interpretation. The government has previously brought charges under the CFAA against people accused of violating corporate computer policies and website terms of service.

The ruling is “an important victory for civil liberties and civil rights enforcement in the digital age,” the American Civil Liberties Union said.

In its 6-3 decision, the Supreme Court found Van Buren’s use of the license plate database—however improper—was not “unauthorized,” insofar as the CFAA is concerned.

G/O Media may get a commission

“In sum, an individual ‘exceeds authorized access’ when he accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off limits to him,” the court’s opinion, delivered by Justice Amy Coney Barrett, says.

Barrett went on to note the government has never argued that Van Buren was prohibited from accessing the database, even if his motives for doing so, in this case, were immoral. “The only question is whether Van Buren could use the system to retrieve license-plate information. Both sides agree that he could,” she wrote.

Justices Clarence Thomas,…

Source…

On Beauty Queens, Hackers and the U.S. Supreme Court

/in


The U.S. Supreme Court may ultimately decide whether a Florida beauty queen and her mother are criminals, and indeed, the entire scope of the computer crime statute. According to reports in the Washington Post, 50-year-old Laura Rose Carroll, an assistant principal in the Escambia County School District in Cantonment (near Pensacola, Florida), used her access to school district computers not only to monitor the activities (and grades) of her daughter, a student at J.M. Tate High School (go Aggies!), but ultimately to allow her daughter to “rig” the election for homecoming queen.

While the details are a bit confusing, it appears that Carroll allowed her daughter to use her credentials to gain privileged access to an internal school system called FOCUS, and that permitted the daughter not only to see the records of her friends and others in the high school, but also to access an online voting system, called Election Runner, used by the school.

The daughter used the access to cast 117 additional votes for herself, triggering warnings in the cloud-based election software when all of the votes came from the same IP address. Oops. Mom and daughter were criminally charged with one count each of offenses against users of computers, computer systems, computer networks and electronic devices (a 3rd degree felony), unlawful use of a two-way communications device (a 3rd degree felony), criminal use of personally identifiable information (a 3rd degree felony) and conspiracy to commit these offenses (a 1st degree misdemeanor).

This is where things MAY get murky. The Florida computer crime statute makes it a crime to “willfully, knowingly, and without authorization …access[] or cause[] to be accessed any computer, computer system, or computer network [and] …take[] …equipment or supplies used or intended to be used in a computer, computer system, or computer network… for the purpose of devising or executing any scheme or artifice to defraud or obtain property.”

The “two-way” communications crime is even more bizarre. The “two-way communications” crime makes it a felony in Florida to use “a two-way communications device … to facilitate or further the commission of any…

Source…