Van Buren v. United States, 593 U.S. ___, ___ S. Ct. ___ (Jun. 3, 2021)

The defendant, during his time as a police sergeant in Georgia, used his patrol car computer to run a license plate search in the law enforcement database in exchange for money. The defendant’s conduct was in violation of his department’s policy, which authorized access to database information only for law enforcement purposes. The federal government charged the defendant with a felony violation of the Computer Fraud and Abuse Act (CFAA) for “exceeding authorized access.” The defendant was convicted in district court, and the Eleventh Circuit affirmed.

The CFAA subjects to criminal liability anyone who “intentionally accesses a computer without authorization or exceeds authorized access.” 18 U. S. C. § 1030(a)(2). The term “exceeds authorized access” is defined to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” § 1030(e)(6).

The Supreme Court, in an opinion authored by Justice Barrett, did not dispute that the phrase “exceeds authorized access” readily encompasses the defendant’s conduct, but concluded that the defendant did not exceed his authorized access as the CFAA defines that phrase. The Court resolved that the phrase “is not entitled so to obtain” plainly refers to information that a person is not entitled to obtain, specifically by using a computer that he is authorized to access. The Court also noted that a broad interpretation of the statute would criminalize a wide array of commonplace computer activity.

The Court held that the “exceeds authorized access” clause covers those who obtain information from particular areas in the computer to which their computer access does not extend, but does not cover those who have improper motives for obtaining information that is otherwise available to them. Because the defendant had authorization to use the system to retrieve license plate information, he did not exceed authorized access within the meaning of the CFAA, even though he obtained the information for an improper purpose.

Justice Thomas, joined by Chief Justice Roberts and Justice Alito, dissented, declining to give the statute any limiting function and choosing to rely on the plain meaning of the phrase.