WASHINGTON—The U.S. Supreme Court today agreed to decide whether individuals who misuse their authorized computer access can be held liable under the Computer Fraud and Abuse Act.
Justices will consider the case of Nathan Van Buren, a Cumming, Ga., police sergeant who conducted a search for an improper purpose—to check a strip club dancer’s license plate in a law enforcement database as a favor, according to a petition to the high court.
Van Buren did the search at the request of a man who gave him $6,000. But, as it turns out, he was set up by the FBI and convicted under the act. He was sentenced to 18 months in prison, which he has yet to serve, and later appealed his case to the 11th U.S. Circuit Court of Appeals.
In an amicus brief, the Electronic Frontier Foundation, as well as other groups, said that some courts have rightly interpreted the law narrowly, focusing on hacking and other illegal computer intrusions.
“But other courts have bought into tactics used by creative prosecutors, who argue that when the statute outlaws exceeding authorized access to a computer, it also covers violating the terms of service of websites and other apps,” the EFF told the high court in a brief urging it to take the case.
“Some courts take a narrow view that the law covers only those who hack into or use a system without permission. Other courts take a broader position that people authorized to use computer systems, such as the police officer, can still be violators.”
People who lie about their ages on dating apps or misuse Walmart’s Wi-Fi in violation of its policy could risk being held in violation of the law under the broad view, the EFF said
A ruling by U.S. justices is certain to have broad consequences for how website owners, employers and prosecutors can pursue criminal and civil computer hacking and fraud cases. The court will hear the case in its next term, starting in October.
“I hope that the result is a balanced standard so that the law is criminalizing true hacking and even some forms of unauthorized use of a computer, but not sweeping in innocent use of a computer for a purpose simply outside the scope of a user’s permission that has no harmful effect or deleterious motivation, such as to check lottery results for an employee pool,” industry attorney Maxine Lynn told AVN.
Lynn practices at the law firm of Keohane & D’Alessandro in Chicago and Albany, N.Y., and also operates Unzipped Media Inc., which publishes information on sex, technology and the law.
Lynn said that appeals courts in the U.S. are divided on how to interpret the provision of the 1986 law that makes it a crime to “exceed authorized access” and, thereby, obtain information from a protected computer.
"The U.S. Supreme Court will make a determination that may cure the split among the circuits as to the proper interpretation of the Computer Fraud and Abuse Act,” Lynn said. “The interpretations by various circuits are very different in breadth, and that can lead to vastly different outcomes for a defendant based on where a lawsuit is brought.
“In these situations, it is appropriate for the Supreme Court to step in to rectify the differing interpretations into a single standard, such that federal laws are applied uniformly—across the board, so to speak,” she said.
“When evaluating the merits of this case, the justices will likely look at the legislative intent behind the statute, the facts of the case at issue, and other relevant information on the split among the circuits.”