Expand your corporate data technology and strategy at Transform 2021.
For those tech-savvy among us, last week’s Supreme Court decision in Van Buren versus United States is one we shouldn’t forget anytime soon. In a 6-3 advisory opinion from Judge Barrett, the Supreme Court overturned the 11th District Court of Appeals decision and referred the case for further processing.
Nathan van Buren was a former Georgia police officer who, after the Computer Fraud and Abuse Act (CFAA). He was accused of taking money in exchange for looking up a license plate in a law enforcement database and was convicted by the district court of violating the CFAA for allegedly using that database for an improper purpose when it was a database which he was to have access for work purposes.
The CFAA, 18 US Code §1030, makes it a federal crime to access a computer without authorization or to go beyond authorized access to obtain information. Exceeding authorized access is defined in §1030 (e) (6) as using authorized access to a computer to obtain or even change information that the person with the authorization is not authorized to do.
Yet the CFAA has many critics, including the Center for Democracy and Technology, New America’s Open Technology Institute, and the Electronic Frontier Foundationwho in this case filed all Amicus pleadings. Each of these advocacy groups believe that the CFAA itself is vague and that the District Court and Eleventh District decision is a very dangerous and far too broad interpretation of the law. Pragmatists on both sides of the argument agree that the goal of Congress in passing the CFAA was to illegally destroy or even temporarily disrupt the functionality of a computer (which would include the many types of computers we use today) close. The sides diverge as to whether Congress wanted to extend this illegality to things that a service provider did not want, which is at least in the vicinity of several slippery slopes.
In the majority opinion, Judge Barrett argued that exceeding authorized access under the CFAA does not include “violating circumstance-based access restrictions on employers’ computers.” “So a person exceeds authorized access if they access a computer with authorization but then receive information that is in certain areas of the computer – such as files, folders or databases – that are inaccessible to them.”
What does that mean for you and me?
Had the court upheld the Eleventh Ward, it could mean that every time we violated a website’s terms of service we would commit a federal crime, which honestly could mean that we would commit federal crimes on a daily basis. The danger is that a broad legal interpretation of the CFAA will become a real Pandora’s box, in which private companies can decide which of our daily user behavior (such as “beautifying an online dating profile,” as quoted from Barrett’s statement) They seek to prosecute and when.
Unfortunately, for those thinking of Aaron Swartz, you’ve come to the right stadium. A decade ago Swartz was arrested by MIT police of break-in and break-in charges in Massachusetts after he connected a computer to the MIT network and set it to systematically download scientific journal articles from JSTOR using a guest account issued to him by MIT.
So this parallel is clear: Both van Buren and Swartz had at least limited legal access to use, and in both cases the CFAA was applied (or misapplied depending on your orientation here) to incriminate them. Ultimately, in both cases, critics felt that the charges were overzealous (“Nixonian,” in the Swartz case) and exaggerated, but led to van Buren’s conviction and Swartz’s suicide before his trial.
But nothing is set in stone by Van Buren. At least not now. In his dissenting opinion, Judge Thomas, along with Judges Alito and Chief Justice Roberts, throws a softball that the court may use in any future case in a similar situation:
“The question here is simple: would a normal reader of the English language understand that Van Buren has ‘exceed’?[ed] authorized access’ to the database when he was using it under circumstances that were expressly prohibited? From my point of view the answer is yes. The necessary prerequisite that would allow him to receive this data was missing. “
It becomes clear that this incarnation of the Supreme Court proves to be unpredictable, sometimes surprising, and always entertaining for those who enjoy watching Supreme Courts do their thing. The 6: 3 majority opinion here is a serious hodgepodge of political leanings, from Barrett, Gorsuch, and Kavanaugh on the right to Breyer, Sotomayor, and Kagan on the left. The ideological differences between the two extremes in this group (probably Barrett on the right and quite clearly Sotomayor on the left) are quite massive.
Especially when dealing with an unpredictable court, nobody should believe that this question has been resolved. Don’t be surprised if a similar issue plays up the ranks and ladders in the courts and makes it back to the Supreme Court as early as the 2021-2022 term due to begin this October. The way our digital rights advocates feel about content this week, they could feel equally affected in a year, if not sooner.
Aron Solomon is Head of Strategy for Esquire Digital and Associate Professor of Business Administration in the Desautels Faculty of Management at McGill University. Since graduating with a law degree, Solomon has spent the past two decades advising law firms and attorneys. He founded LegalX, the world’s first Legal Technology Accelerator and was chosen in Fastcase 50 to recognize the world’s leading legal innovators.
VentureBeat’s mission is to be a digital marketplace for technical decision makers to gain knowledge of transformative technologies and transactions. Our website provides essential information on data technologies and strategies to help you run your organization. We invite you to become a member of our community to gain access:
- current information on the topics of interest to you
- our newsletters
- closed thought leadership content and discounted access to our valuable events, such as Transform 2021: Learn more
- Network functions and more
become a member