In its June 3rd decision, the Supreme Court greatly narrowed the scope of the federal Computer Fraud and Abuse Act (CFAA). The CFAA, the main federal anti-hacking law, prohibits outside actors from illegally accessing – breaking into – government or private computer networks. In addition, it is routinely used to charge authorized users of a computer network who exceed the scope of their access, those who “access a computer with authorization and use such access to obtain or alter information in the computer that the accessor is not entitled to obtain or alter.” Such instances include employees taking corporate secrets, customer lists, source codes and the like.

The case, Van Buren v. United States, involved a local police officer who accepted money from a third party for him to access the police database to check on whether an individual was an undercover officer. Thus, the officer exceeded the authorized use of the government database. In its 6-3 decision, the majority of the Court held that the CFAA’s language was too broad in scope, that it would “attach criminal penalties to a breathtaking amount of commonplace computer activity.” The majority sided with the defense’s argument that the CFAA’s broad language allows prosecutors, and private entities seeking civil remedies under the law, to pursue claims based on activities as minor as an employee breaching company policy by sending a personal email on a work computer or researchers who exceed the scope of a website’s terms of service.

The CFAA was enacted in 1984, and amended in 1986, at the infancy of the internet. It has since been used by corporate employers and the federal government to charge insiders with exceeding the scope of their authorized access or use. Since its enactment, the internet and use of computer networks have greatly expanded and access issues have become much more sophisticated and complex. The ill-defined, broad language in the statute was likely due to the nascent use of computers in 1984. The Court’s decision will likely result in Congress rewriting the statute to clarify its scope and reflect today’s computer usage. In the meantime, corporations will likely tighten their employment rules regarding access and privileged data, and the government will look to use other statutes in these types of cases.

Stahl Criminal Defense is here for all of your criminal legal needs during this time. To contact the firm’s NJ office, call 908.301.9001 and to contact the firm’s NYC office, call 212.755.3300, or email Mr. Stahl at rstahl@stahlesq.com.