CONSUMER FRAUD AND ABUSE ACT

Van Buren v. United States

Issues

Does an individual “exceed authorized access” under the Consumer Fraud and Abuse Act (“CFAA”) when the individual is authorized to access information on a computer for a specific purpose but accesses that information for an impermissible purpose?

This case asks the Supreme Court to determine the scope of the “exceeds authorized access” clause of the Consumer Fraud and Abuse Act (“CFAA”). A person violates the CFAA when the person “accesses a computer without authorization or exceeds authorized access, and thereby obtains information” from the computer. Petitioner Van Buren was a policeman who was authorized to access a law enforcement database. For reasons unrelated to his job, he used that access to search a license plate for financial gain. Respondent United States contends that when Van Buren accessed the database for a reason unrelated to his job, he exceeded his authorized access and violated the CFAA. Van Buren argues that he did not exceed his authorized access because the “exceeds authorized access” provision does not punish individuals who misuse information they are otherwise authorized to access. The outcome of this case will have broad implications on how employers protect sensitive data and how prosecutors can pursue hacking and computer fraud. 

Questions as Framed for the Court by the Parties

Whether a person who is authorized to access information on a computer for certain purposes violates Section 1030(a)(2) of the Computer Fraud and Abuse Act if he accesses the same information for an improper purpose.

Nathan Van Buren, a police sergeant in Cumming, Georgia, befriended Andrew Albo, a man who had previously been arrested by Van Buren. United States v. Van Buren at 1197. Albo frequently paid prostitutes for services, and Van Buren helped managed disputes arising from those interactions. Id. 

Written by

Edited by

Additional Resources

Submit for publication
0
Subscribe to CONSUMER FRAUD AND ABUSE ACT