The Supreme Court sided with a police officer Thursday, saying he did not violate the nation’s top computer crime law when he accessed a license plate database for nonofficial purposes.
A third party, who was an FBI informant, had offered to pay Nathan Van Buren, who was a police sergeant in Cumming, Georgia, to search the license plate database, and Van Buren agreed, CNN reported.
The U.S. government alleged that Van Buren’s actions violated the Computer Fraud and Abuse Act.
“Van Buren’s conduct plainly flouted his department’s policy, which authorized him to obtain database information only for law enforcement purposes,” Justice Amy Coney Barrett wrote in the 6-3 majority opinion.
However, the court had been asked if he had violated the CFAA and the majority found that “he did not.”
“This provision covers those who obtain information from particular areas in the computer — such as files, folders, or databases — to which their computer access does not extend,” Barrett wrote.
“It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.”
She added that the government’s interpretation of the law “would attach criminal penalties to a breathtaking amount of commonplace computer activity.”
Justice Clarence Thomas argued in the dissenting opinion that Van Buren “exceeded authorized access to the database.”
“As a police officer, Nathan Van Buren had permission to retrieve license-late information from a government database, but only for law enforcement purposes,” he wrote.
“Van Buren disregarded this limitation when, in exchange for several thousand dollars, he used the database in an attempt to unmask a potential undercover officer.”
Thursday’s ruling informs the debate over the reach of the CFAA and what it can be applied to.
The law has been invoked in the past in cases involving website defacement and terms of service violations, which many people have argued is a broad interpretation of the CFAA, according to CNN.
The ruling will make it hard to apply the CFAA to individuals who are authorized to access the information but do so for “improper reasons.”
“Today’s decision is going to make it incumbent upon businesses and governments to be far more specific in their policies governing access to databases — not just about who is allowed to access particular databases, but about the specific purposes for which those individuals are and are not allowed to access that database,” said Steve Vladeck, CNN Supreme Court analyst and professor at the University of Texas School of Law.
“In the process, the court has made it a lot harder to punish those who misuse databases to which they generally have lawful access — and a lot more important for database owners to expressly prohibit uses of the data that aren’t specifically permitted.”
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.