Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
SCOTUS Narrowly Interprets CFAA to Avoid Criminalizing 'Commonplace Computer Activity'
On June 3, 2021, the United States Supreme Court issued a 6-3 opinion in Van Buren v. United States, No. 19-783, resolving the circuit split regarding what it means to "exceed[] authorization" for purposes of the Computer Fraud and Abuse Act (CFAA) 18 U.S.C. §1030 et seq. The Court held that only those who obtain information from particular areas of the computer which they are not authorized to access can be said to "exceed authorization," and the statute does not — as the government had argued — cover behavior, like Van Buren's, where a person accesses information which he is authorized to access but does so for improper purposes. This was a long-awaited decision interpreting the CFAA, which has become an important statute in both criminal and civil enforcement relating to computer crime and hacking.
Background
The CFAA was passed in 1986 as a targeted measure to combat a fairly circumscribed category of "computer trespassing" crimes. At that time, computer usage did not remotely resemble what it does today — in 1989, for example, about 15% of American households owned a personal computer and most people had never heard of the Internet. Despite significant changes in technology and an explosion in the use of electronic data since that time, many of the CFAA's provisions have not changed. Nevertheless, in recent years it has become the primary federal law used to prosecute hackers, including in a number of high-profile cases such as WikiLeaks founder Julian Assange, Aaron Swartz (co-founder of Reddit), Gilberto Valle (the "Cannibal Cop"), and Lori Drew (whose MySpace hoax was blamed for the suicide of a 13-year-old neighbor).
The CFAA prohibits accessing a computer "without authorization" or in a manner "exceeding authorized access." 18 U.S.C. §1030(a)(2). "[E]xceeding authorized access" is defined as "access[ing] a computer with authorization and … us[ing] such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter." Id. §1030(e)(6). Notably, the CFAA does not require that the person who accesses the computer actually do anything with the information they see or obtain. For that reason, many had previously expressed concern about the statute, arguing that it was subject to selective prosecution, allowing a prosecutor to bring felony charges even when there was little or no harm, just because the government disapproved of the activity. Those who violate Section 1030(a)(2) face penalties ranging from fines and misdemeanor sentences to imprisonment for up to 10 years. The CFAA also provides a private civil cause of action, which allows persons suffering damage or loss from CFAA violations to sue for money damages and equitable relief.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Overview of Regulatory Guidance Governing the Use of AI Systems In the Workplace
Businesses have long embraced the use of computer technology in the workplace as a means of improving efficiency and productivity of their operations. In recent years, businesses have incorporated artificial intelligence and other automated and algorithmic technologies into their computer systems. This article provides an overview of the federal regulatory guidance and the state and local rules in place so far and suggests ways in which employers may wish to address these developments with policies and practices to reduce legal risk.
Is Google Search Dead? How AI Is Reshaping Search and SEO
This two-part article dives into the massive shifts AI is bringing to Google Search and SEO and why traditional searches are no longer part of the solution for marketers. It’s not theoretical, it’s happening, and firms that adapt will come out ahead.
While Federal Legislation Flounders, State Privacy Laws for Children and Teens Gain Momentum
For decades, the Children’s Online Privacy Protection Act has been the only law to expressly address privacy for minors’ information other than student data. In the absence of more robust federal requirements, states are stepping in to regulate not only the processing of all minors’ data, but also online platforms used by teens and children.
Revolutionizing Workplace Design: A Perspective from Gray Reed
In an era where the workplace is constantly evolving, law firms face unique challenges and opportunities in facilities management, real estate, and design. Across the industry, firms are reevaluating their office spaces to adapt to hybrid work models, prioritize collaboration, and enhance employee experience. Trends such as flexible seating, technology-driven planning, and the creation of multifunctional spaces are shaping the future of law firm offices.
From DeepSeek to Distillation: Protecting IP In An AI World
Protection against unauthorized model distillation is an emerging issue within the longstanding theme of safeguarding intellectual property. This article examines the legal protections available under the current legal framework and explore why patents may serve as a crucial safeguard against unauthorized distillation.