Patterson Belknap Attorneys to Present PLI Webinar, “Van Buren v. United States: The Supreme Court Decision and Its Implications”

October 18, 2021 at 1:00pm2:00pm

The Computer Fraud and Abuse Act (the “CFAA”) provides for both criminal and civil penalties for those who access a computer either “without authorization” or in a manner “exceeding authorized access.”  18 U.S.C. § 1030(a)(2).  “Without authorization” has been clearly understood and uniformly interpreted, but the “exceeding authorized access” prong had led to differing interpretations and a circuit split.  In the CFAA, “exceeds authorized access” is defined as “access[ing] a computer with authorization and . . . us[ing] such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter.”  Id. § 1030(e)(6).  The split centered on whether unauthorized access, regardless of the purpose, should be criminalized, or whether only misuse of data was a violation, regardless of impermissible access.

In the case before the Court, a police sergeant named Nathan Van Buren used his patrol-car computer to access the law enforcement database—a database which he indisputably had authority to access.  However, his search for information was done in exchange for money from an acquaintance and was not for law enforcement purposes; it was therefore in violation of departmental policy.  The Court noted, however, that the relevant question was not whether Van Buren “exceeded his authorized access but whether he exceeded his authorized access as the CFAA defines the phrase.”

On June 3, 2021, the United States Supreme Court ruled on this issue, holding that only those who obtain information from areas of the computer for which they are not authorized to access can “exceed authorization.” In doing so, the Court concluded that the statute does not cover accessing information with authorization, but for an improper purpose.  While this ruling comes in the context of a criminal prosecution, it has ramifications in employment law and civil litigation.  For example, this decision will no doubt shape future analysis of what information someone is accessing and not the reasons behind that access, as well as workplace behavior and how companies and service providers can deter any unauthorized access on their systems.

This program will be presented by Michael F. Buchanan, Sara A. Arrow, and Patricia S. Kim, members of Patterson Belknap Webb & Tyler LLP’s litigation, privacy and data security, and employment and compliance practices.  The team draws upon its vast experience across multiple disciplines in advising clients and leverages its experience from many different perspectives.  They will:

  • Provide an overview of the Van Buren case and the circuit split surrounding the “exceeding authorized access” prong 
  • Discuss the Supreme Court decision and its dissent 
  • Highlight some possible future areas of analysis and litigation, as well as touch on company best practices to deter behavior that no longer violates the CFAA but may “exceed authorized access” under company policies 

To learn more or to register, please click here.