Monday, November 30, 2020

Van Buren in the Supreme Court

 This is the case out of the 11th Circuit dealing with the Computer Fraud and Abuse Act.  Although the 11th Circuit vacated Van Buren's conviction for honest services fraud, it ruled against him on the computer fraud issue.  The question presented is:

Whether a person who is authorized to access information on a computer for certain purposes violates Section 1030(a)(2) of the Computer Fraud and Abuse Act if he accesses the same information for an improper purpose.

Nathan Van Buren was a police officer in Georgia authorized to search computerized records about license plates for law-enforcement purposes. Falling for a sting conducted by the FBI, he searched those records for private purposes (at the request of an FBI informant who offered to pay him several thousand dollars for the information). The government charged Van Buren in federal district court with two counts of fraud: computer fraud under the CFAA and honest-services wire fraud under another statute. A jury convicted him of both counts. The U.S. Court of Appeals for the 11th Circuit vacated the wire-fraud conviction but upheld the conviction under the CFAA. Van Buren appealed to the Supreme Court last December.

All agree that the case turns on the vague language of the CFAA, which sanctions any person who “exceeds authorized access” on a computer. The statute defines that term as meaning “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” Van Buren argues that the statute applies only if the defendant obtains information that he was under no circumstances entitled to obtain. From Van Buren’s perspective, a defendant who obtains information that he had a right to obtain from the computer for certain purposes (like the license-plate records at issue here) should not face federal criminal sanctions solely because the particular way in which he obtained the information was inappropriate (as it was here). Van Buren doubtless faces sanctions for violating the police department’s computer-use rules, but that is a matter for the department, he says, not for a U.S. attorney.

The government argues that Van Buren’s reading of the CFAA eliminates the word “so” from the relevant statutory phrase, which criminalizes obtaining information that the defendant “is not entitled so to obtain or alter.” For the government, the inclusion of “so” in that phrase means it is a crime if, as is the case here, the defendant was not entitled to obtain (or alter) the information in the particular way that the defendant did. A potential problem with that reading as a textual matter is that nothing in the earlier phrases of the statute suggests that “so” is meant to incorporate into the CFAA the kinds of limitations on computer access that are at issue here (and in numerous other prosecutions under the CFAA) – specifically, access limitation that derive from employment contracts, terms-of-use policies or other private agreements.

1 comment:

Anonymous said...

It’s not the first time the 11Cir removes a ‘so’ or an ‘or’ from a statutory requirement..

They downplayed the seriousness of the bribery, but are generalizing a statute meant to prevent records access from unauthorized persons.