Police Sargent Van Buren used his patrol car’s computer to access a Georgia vehicle license database in order to find out an owner’s information associated with a specific license plate number. He took this action in exchange for a $5,000 bribe. Unfortunately, Van Buren was ensnared in an FBI sting operation which resulted in his being charged with a felony under the federal Computer Fraud and Abuse Act (the CFAA). After a jury trial, he was convicted and sentenced to 18 months imprisonment. This seemingly routine fact pattern resulted in the Supreme Court’s review of the scope of the CFAA to resolve conflicting interpretations among the federal circuits. Van Buren v. United States, 141 S.Ct. 1648 (2021). At issue was whether Van Buren exceeded his “authorized access” as defined by the CFAA. In a 6 to 3 split decision among the justices, Justice Amy Coney Barrett’s opinion found that the CFAA did not cover the misuse of computerized information if the person charged was otherwise authorized to access the data at issue.
At the dawn of the computer era, in the early 1980s the misuse of computers and information stored on computers exposed a hole in federal criminal laws. Gaining unauthorized access to a computer system for the purpose of stealing information or other misuse, i.e., “hacking”, was not clearly covered by any existing laws. An initial broad attempt was made within the Comprehensive Crime Control Act of 1984. Press reports at the time indicate that some of the Congressional motivation for this initial law was brought about by members of Congress who saw the 1983 movie WarGames which depicted youthful computer hacking. This limited first attempt was supplemented by the CFAA, including the provisions at 18 U.S.C. §1030, titled Fraud and Related Activity in Connection with Computers.