Supreme Court Narrowly Interprets CFAA to Avoid Criminalizing ‘Commonplace Computer Activity’

July 1, 2021Business Crimes Bulletin

On June 3, 2021, the United States Supreme Court issued a 6-3 opinion in Van Buren v. United States, No. 19-783, resolving the circuit split regarding what it means to "exceed[] authorization" for purposes of the Computer Fraud and Abuse Act (CFAA). The Court held that only those who obtain information from particular areas of the computer which they are not authorized to access can be said to "exceed authorization," and the statute does not — as the government had argued — cover behavior, like Van Buren’s, where a person accesses information which he is authorized to access but does so for improper purposes. This was a long-awaited decision interpreting the CFAA, which has become an important statute in both criminal and civil enforcement relating to computer crime and hacking.

To continue reading Maren Messing and Patricia Kim's article in Business Crimes Bulletin, please click here