When enacted by Congress back in the 1980s, the Computer Fraud and Abuse Act (“CFAA”) was intended to prevent hacking of government computers, computer fraud and other forms of cybercrime. Around that time, there was a popular Hollywood movie released called War Games. In the movie, cyber hackers gained access to government computers that controlled and operated nuclear missiles. The movie had a happy ending, but it highlighted the need for criminal statutes to punish cybercrime.
Over the years, the CFAA has been expanded and, now, there are about 10 specific crimes that are punished under the statutory scheme. Thus, for example, the CFAA criminalizes:
- The use of any computer to obtain and access national security information
- Accessing, without authority, any governmental computer for any reason
- Damaging a computer physically or through computer viruses and other malware
- Use of a computer to commit fraud
Almost all sections of the CFAA involve some behavior that legally constitutes “unauthorized” or “exceeding authorized” access. That is, in general, to obtain a conviction, federal government prosecutors must prove beyond a reasonable doubt that the accused accessed a relevant computer without authorization or that the accused exceeded the access that was granted. So, the CFAA applies to hackers gaining access from the internet but also to persons who have authorized physical access to a relevant computer like an employee or a contractor.
Why Legal Definitions Matter
For the last couple of decades, there has been a vigorous debate among criminal defense lawyers, prosecutors and judges about the meaning of “exceeding authorized access.” Prosecutors have argued that “exceeding authorized access” includes the idea of exceeding “authorized use” of information obtained. To explain, imagine an example where a Georgia police officer is authorized to access police computers (authorised physical access) and also authorized to access information about the owners of license plates (authorised data access). However, the police officer is NOT authorized to give the data to some third party (use limitation). But, suppose, that the officer in question takes a $5,000 bribe and gives license plate data to a third party? Has the officer committed a crime that violates the CFAA? According to a recent US Supreme Court case, the answer is “no.” See Van Buren v. United States, Case No. 19-783, 141 S.Ct. 1648 (June 3, 2021).
Van Buren is a case that demonstrates why legal definitions matter greatly for criminal defense and for post-conviction appeals. The above hypothetical is patterned after the facts in Van Buren. In that case, the Georgia police officer’s name was Nathan Van Buren and he was convicted of violating the CFAA for conduct similar to our hypothetical. His criminal defense team argued at the trial level — and on post-conviction appeal — that his violation of his USE limitations were NOT violations of the CFAA as defined by the CFAA. Van Buren’s defense team failed at the trial level and at the Court of Appeals level. But, the Supreme Court agreed with Van Buren’s interpretation of the law. His criminal conviction was overturned.
The Supreme Court agreed that the CFAA can be violated by an unauthorized access to a computer AND by a person who has authorized access but who accesses files or data or sections of a computer to which the person has no authority to access. However, the Supreme Court held that the CFAA does not criminalize a person’s violation of use limitations as long as the person is authorized to access the computer and to access the data that was accessed.
Van Buren is also a case that demonstrates the importance of retaining deeply experienced and dedicated criminal defense attorneys. Persistence is essential through the layers of post-conviction appeals.
Speak With a Criminal Defense and Post-Conviction Appeal Team Today
For more information, contact the criminal defense and post-conviction appeal team at the Federal Criminal Law Center. Our firm knows how to fully assess an individual’s case and how to identify the strongest grounds for appeal. Contact us today by calling (404) 633.3797 or by completing our quick and convenient online form. Remember, there are short-time deadlines for filing an appeal. Contact us today.