Supreme Court Limits US Hacking Law in CFAA Ruling

Supreme Court Ruling on Police Access to License Plate Data

The Supreme Court has determined that a police officer’s use of a license plate database to locate an acquaintance, in return for payment, did not constitute a breach of U.S. hacking regulations.

Clarification of the Computer Fraud and Abuse Act

This significant decision brings closure to a protracted legal battle, offering clarity regarding the scope of the Computer Fraud and Abuse Act (CFAA). The ruling establishes boundaries for prosecutable conduct under the CFAA.

The court delivered a 6-3 verdict in favor of Nathan Van Buren, a former Georgia police sergeant who initiated the case. He had initially faced two charges: accepting a bribe for database access and violating the CFAA.

Authorized Access and the Core Legal Question

While Van Buren’s initial conviction on the bribery charge was reversed, the CFAA conviction remained until this ruling. The central legal issue revolved around whether Van Buren had surpassed the limits of his authorized access to the license plate database.

Justice Amy Coney Barrett, authoring the majority opinion, explained that the CFAA applies to individuals who access computer areas – such as specific files or databases – beyond the scope of their permitted access.

Narrowing the Definition of “Unauthorized Access”

The court emphasized that although Van Buren disregarded departmental regulations, his actions did not violate the CFAA. The justices rejected a broad interpretation of the law.

Originally enacted in 1986 to prosecute malicious hackers gaining “unauthorized” access, the CFAA’s definition of “unauthorized” has been a source of contention.

Potential Overreach of the CFAA

Legal scholars have cautioned that an expansive reading of the CFAA could potentially criminalize commonplace online activities, like violating a website’s terms of service or even sharing streaming service passwords.

The court acknowledged that the government’s proposed interpretation would subject a vast range of routine computer use to criminal penalties.

Dissenting Opinions

However, not all justices concurred with the majority. Justice Thomas, joined by Justices Alito and Roberts, dissented, arguing that Van Buren was prohibited from using the computer system to obtain the information without legitimate law enforcement justification.

Calls for Congressional Action

Following the ruling, civil liberties advocates have urged Congress to revise the CFAA. They believe amendments are necessary to address remaining ambiguities.

Alex Abdo, litigation director of the Knight First Amendment Institute, stated the decision is a positive step for digital research and journalism, but further action is required.

Protecting Research and Journalism

Abdo suggested Congress should create a “safe harbor” for researchers and journalists investigating online disinformation and discrimination, preventing major technology companies from unduly restricting such vital public interest work.