Lawyer Commentary JD Supra United States US Supreme Court to Clarify ‘Exceeds Authorized Access’ Provision of Computer Fraud and Abuse Act

US Supreme Court to Clarify ‘Exceeds Authorized Access’ Provision of Computer Fraud and Abuse Act

Document Cited Authorities (6) Cited in Related

If an employee uses a work computer to access, for personal reasons, sensitive information that their employer said can only be accessed for work purposes, has the employee violated the federal Computer Fraud and Abuse Act (CFAA)? The US Supreme Court has an opportunity to clarify this issue in Van Buren v. United States. Oral argument is scheduled for November 30, 2020.

Van Buren was a police sergeant in Georgia. In exchange for $15,000 cash, he agreed to use a state database to determine whether a particular woman was an undercover police officer and then inform a man of his findings. The state had authorized and trained Van Buren to access the database for official purposes only, and expressly disallowed access for personal gain. The danger to the woman in this case, and to anyone whose personal information could be compromised in similar situations, is grave. But did Van Buren violate the Computer Fraud and Abuse Act[1] (CFAA)?

The CFAA, which is an analog to the concept of trespass to real property and can be enforced both criminally and civilly, states that whoever “intentionally accesses a computer without authorization or exceeds authorized access” has committed a violation. 18 USC § 1030(a)(2) (emphasis added).

The United States successfully prosecuted Van Buren for exceeding authorized access when he ignored the state’s boundaries and accessed the database for personal use. The US Court of Appeals for the Eleventh Circuit affirmed, as its precedent held that an individual can “exceed authorized access” to a protected computer when he accesses the computer for a prohibited purpose or use. United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010).

OTHER COURTS’ VIEWS AND POSSIBLE IMPACT IF SUPREME COURT SIDES AGAINST VAN BUREN

A circuit split exists on this issue, with some courts holding that ignoring the computer system owner’s written or oral instructions or restrictions as to what the authorized user may do is insufficient to trigger the CFAA because the “exceeds authorized access” clause is not that broad and instead contemplates actions more akin to trespass; for example, hacking into a portion of a computer system (e.g., a locked database reserved only for certain personnel, or someone else’s email account) for which the authorized user does not have permission to access. See, e.g., United States v. Valle, 807 F.3d 508, 526-28 (2d Cir. 2015) (reversing CFAA conviction of NYPD officer who accessed federal database for personal use...

Get this document and AI-powered insights with a free trial of vLex and Vincent AI

Start a free trial

Experience vLex's unparalleled legal AI

Access millions of documents and let Vincent AI power your research, drafting, and document analysis — all in one platform.

Start a free trial

Start Your 3-day Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant

  • Access comprehensive legal content with no limitations across vLex's unparalleled global legal database

  • Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength

  • Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities

  • Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting

vLex

Start Your 3-day Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant

  • Access comprehensive legal content with no limitations across vLex's unparalleled global legal database

  • Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength

  • Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities

  • Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting

vLex

Start Your 3-day Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant

  • Access comprehensive legal content with no limitations across vLex's unparalleled global legal database

  • Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength

  • Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities

  • Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting

vLex

Start Your 3-day Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant

  • Access comprehensive legal content with no limitations across vLex's unparalleled global legal database

  • Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength

  • Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities

  • Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting

vLex

Used by the world's leading companies

Herbert Smith Freehills Logo Princeton University Logo University of Oxford Logo K2 Intelligence LLC Logo Bryan Cave Leighton Paisner LLP Logo Kobre & Kim LLP Logo Wiley Logo ABA Logo Perez Lorca Logo Fisher Phillips Logo
vLex Footer Logo
© 2025 vLex. All rights reserved.