Supreme Court Issues Ruling Limit Under CFAA

Share post:

The Supreme Court has issued a ruling limiting what is considered a felony under the Computer Fraud and Abuse Act (CFAA).

This was exemplified in the case of Nathan Van Buren, a former Georgia police sergeant, who used his own login credentials to obtain information about a license plate from a law enforcement database.

The sergeant searched for money and purposes outside of law enforcement, in direct violation of department policy. He was charged with a crime under the CFAA, convicted in May 2018 and sentenced to 18 months in prison.

The federal appeals court upheld the decision, only to be overturned by the Supreme Court in a 6-3 decision that said Van Buren had not violated the CFAA.

Judges noted that the Cybersecurity Act does not make it a crime to obtain information from a computer if the person has access to a machine despite improper motives.

This landmark ruling could have a ripple effect on government prosecutions.

The CFAA originally banned access to certain financial information but has since expanded the scope to include all information that comes from or influences a computer used in interstate or foreign trade and communications.

Violations of the CFAA result in a substantial fine and imprisonment that can last up to 10 years. Persons who suffer loss or damage due to CFAA violations can also seek damages.

When Van Buren appealed his conviction to the U.S. Court of Appeals, he argued that the “exceeds authorized access” clause in the CFFA applies only to those who have received information to which their computer access does not extend, and not to those who misuse existing access.

While the appeals court ruled against it, the Supreme Court agreed with Van Buren’s argument.

The case revolved around the word: as used in the CFAA’s prohibition on obtaining or modifying information on a computer committed by the access that is not authorized to receive or modify information.

The majority of the court disagreed with the government, because the statute is structured in such a way, and “because without ‘so,’,” it could be interpreted as containing all kinds of restrictions on the right to information.

For more information, read the original story in Arstechnica.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Compel social media apps to toughen their privacy, trust practices, Parliament told

Committee hearing told social media apps can be exploited for propaganda and radi

Canada’s privacy czar investigating data theft of federal employees from relocation companies

Canada’s privacy commissioner has opened an investigation into the theft of 24 years of data of federal employees from two government-contracted relocation firms. As we reported earlier this week, the Treasury Board said data as far back as 1999 on military, RCMP, and federal employees held by Brookfield Global Relocation Services (BGRS) and Sirva Canada,

Ottawa and provinces should harmonize privacy laws, says think tank

In a discussion paper on proposed privacy legislation now before Parliament the C.D. Howe Institute offers ways the law could be implemented, including the creation of a public-private council to review the effectiveness of pr

Data stolen on Canadian federal employees in third party hack may go back 24 years

Data involves military, RCMP and public servants moved to new posts held by two relocatio

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways