Since 1986, the United States has operated under a federal cybercrime law known as the Computer Fraud and Abuse Act (CFAA) that has increasingly been used to hold individuals criminally liable at the federal level for various crimes, both major and minor, involving the use of a computer.
That will likely change going forward as the Supreme Court, in an “ideologically scrambled” 6-3 decision, ruled this week that the scope of the law should be more narrowly interpreted, SCOTUSblog reported.
The majority opinion, written by Justice Amy Coney Barrett, was joined by fellow Trump-appointed justices, Neil Gorsuch and Brett Kavanaugh, as well as the court’s three liberal justices, Stephen Breyer, Elena Kagen, and Sonia Sotomayor. A dissent was written by Justice Clarence Thomas and was joined by Chief Justice John Roberts and Justice Samuel Alito.
Narrowing the scope of a broadly applied law
At issue in the case of Van Buren v. United States is a former Georgia police officer named Nathan Van Buren who, in accepting a bribe that turned out to be an FBI sting, used his authorized access to the state license plate database to recover information about a specific plate number in exchange for money, The Daily Wire reported.
There is no disputing that Van Buren violated departmental policy and deserved some measure of accountability, but federal prosecutors also charged him with violating the CFAA, specifically a provision making it illegal to “access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
In the end, the majority determined that the law had been applied too broadly in the case of Van Buren and overturned his conviction, which had been upheld by the 11th Circuit Court of Appeals, while remanding the case back down to the lower courts for further consideration.
Criminalizes ordinary computer usage
In the majority opinion, Justice Barrett dissected the wording of the particular statute at length, probing the meaning of certain words and phrases, and found that Van Buren’s behavior, while unacceptable and wrong, did not fit with the court’s more narrow interpretation of the law that has been broadly applied by the government.
“This provision covers those who obtain information from particular areas in the computer — such as files, folders, or databases — to which their computer access does not extend,” Barrett wrote. “It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.”
Though ostensibly not a major factor in the court’s decision, she also spent some time discussing the ramifications of how the government’s broad “interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity.”
Using computer-use policies in the workplace as one example, Barrett noted that “an employee who sends a personal e-mail or reads the news using her work computer has violated the CFAA.” Likewise, so too would it criminalize “everything from embellishing an online-dating profile to using a pseudonym on Facebook,” or even “checking sports scores or paying bills at work.”
In his dissent, Justice Thomas focused less on the broad interpretation of the statute and more on the protection of property rights and the misuse of access for unauthorized purposes, which he argued was the laudable intent of the CFAA.
“Both the common law and statutory law have long punished those who exceed the scope of consent when using property that belongs to others,” Thomas wrote. “A valet, for example, may take possession of a person’s car to park it, but he cannot take it for a joyride.”