Employees use their employers’ computer networks for many purposes. Mostly, they perform work-related tasks, but they easily and often migrate to personal activities. If that personal activity exceeds the employee’s “authorized access,” however, the employee might technically trigger a broadly written federal law (the Computer Fraud and Abuse Act, or CFAA). In Van Buren v. United States, the court must decide whether a person, who is authorized to access information on a computer for permitted purposes, violates the CFAA when he accesses the same information for an unauthorized reason.

Under the CFAA, an individual engages in criminal behavior when he “accesses a computer without authorization or exceeds authorized access,” and obtains information from a protected computer. See, 18 U.S.C. Section 1030(a)(2)(C). Congress defined the phrase “exceeds authorized access” to mean: “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”