The U.S. Supreme Court on Thursday limited the scope of a controversial anti-hacking law while overturning a former police officer’s conviction under the the Computer Fraud and Abuse Act (CFAA).
Nathan Van Buren, who was arrested after accepting payment from an FBI informant to search a police database in Georgia, had been charged with exceeding his authorized access to the network in violation of the CFAA.
In a 6-3 ruling, the court stated, however, that the 1986 law does not apply to individuals who improperly use systems that they are authorized to access.
In a statement on the ruling, Justice Amy Coney Barrett instead argued that the law applies only to those who access systems without authorization.
“This provision covers those who obtain information from particular areas in the computer—such as files, folders or databases—to which their computer access does not extend,” Barrett wrote. “It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.”
The ruling has dealt a major blow to the U.S. Department of Justice, who has repeatedly used the law to convict so-called “insider threats” who use their authorized access to computer networks for unapproved matters.
But Barrett further argued that the ruling has curtailed an overly-vague law that could be applied to millions of Americans who engage in activities such as checking sports scores on work devices in violation of corporate policy.
In statements to Gizmodo, the American Civil Liberties Union has heralded the ruling as “an important victory for civil liberties and civil rights enforcement in the digital age.”
“The Supreme Court’s decision will allow researchers and journalists to use common investigative techniques online without fear of CFAA liability,” the ACLU’s Esha Bhandari said. “It clears away a major barrier to online anti-discrimination testing and research, which is necessary to hold powerful companies and platforms accountable.”
Sen. Ron Wyden (D-Ore.), who co-sponsored legislation that would have amended CFAA, also said the Supreme Court’s decision “helps rectify the damage caused” by the law.
“The Supreme Court recognized today that the terribly written CFAA crossed the line by criminalizing everyday activities like using your work computer to read the news or send personal emails,” Wyden said in an emailed statement. “Today’s ruling helps rectify the damage caused by that reactionary law. However, today’s case highlights the pressing need for Congress to pass comprehensive privacy legislation and to protect users against corporate employees who abuse their access to databases of sensitive personal information.”