The Supreme Court, in a 6-3 decision which was issued on June 3, 2021, reversed an Eleventh Circuit decision and adopted a narrow interpretation of “exceeds unauthorized access” under the Computer Fraud and Abuse Act of 1986 (CFAA)Section 1030(a)(2). Specifically, the Court ruled that an individual “exceeds authorized access” when he or she accesses a computer with authorization but then obtains information located in particular areas of the computer – such as certain files, folders, or databases – that are off limits to them. (Van Buren v. United States, No. 19-783, 593 U.S. ___ (June 3, 2021)). The CFAA remains a seemingly underused and underappreciated tool in the arsenal of IP and technology lawyers in the fight against trade secret and confidential business information theft and destruction. With the Supreme Court weighing in, perhaps the CFAA will grow in prominence and use.
Van Buren involved a Georgia Police Sergeant, Nathan Van Buren (“Van Buren”), who used his patrol car computer to access a law enforcement database to retrieve information about a particular license plate number in exchange for money, rather than for a law enforcement purpose. He was charged criminally under the CFAA and convicted. Van Buren appealed to the Eleventh Circuit, which affirmed, and the Supreme Court then Reversed and Remanded the Decision, ruling that the CFAA does not criminalize the use of areas of a database which the bad actor has authorization to access.
In a civil context, this provision of the CFAA is regularly pled in cases involving former employees that accessed proprietary data from their work computers immediately before leaving their company to join a competitor. This decision suggests that the Court is approaching CFAA violation cases with an overarching question of “did one have authorized access, or not?” Meaning, the intent of the bad actor has little weight in determining liability or culpability under the CFAA; rather, the determination focuses on whether or not the areas of computer which were accessed were restricted to the individual, regardless of intent.
The Court also weighed in on what the limitations of “exceeding authorized access” are. In Van Buren, the Government contended that “exceeds authorized access” meant “exceed[ed] his authorized access to the law enforcement database when he obtained license-plate information for personal purposes.” Van Buren, 141 S.Ct. 1648 at 1649. The Court was unmoved, ruling that this interpretation was inconsistent with the language of the statute and would leave to an exorbitant amount of criminal charges and employees who use their work email for personal matters being subject to liability. Id. Moreover, the Court reasoned that the Government’s approach would “inject arbitrariness into the assessment of criminal [and civil] liability. . .” because whether the conduct violated the CFAA would be subject to how an employer phrased the policy which was violated (i.e. as a “use” restriction or an “access” restriction).
Thus, the Supreme Court has ruled that one “exceeds authorized access” only when one obtains information located in particular areas of the computer that the individual does not have authorized access to.
The IP and Trade Secret attorneys at Houston Harbaugh, P.C., have extensive courtroom, jury and non-jury trial and tribunal experience representing industrial, financial, individual and business clients in IP counseling, infringement litigation, trade secret protection and misappropriation litigation, and the overall creation and protection of intellectual property rights. From our law office in Pittsburgh, we serve clients in Pennsylvania and other states. Our Trade Secret Law Practice is federally trademark identified by DTSALaw®. We practice before the United States Patent and Trademark Office (USPTO) and we and our partners and affiliates apply for and prosecute applications for patents, trademarks and copyrights. IP section chair Henry Sneath, in addition to his litigation practice, is currently serving as a Special Master in the United States District Court for the Western District of Pennsylvania in complex patent litigation by appointment of the court. Pittsburgh, Pennsylvania Intellectual Property Lawyers | Infringement Litigation | Attorneys | Patent, Trademark, Copyright, DTSALaw®
Henry M. Sneath
Co-Chair of Houston Harbaugh’s Litigation Practice, and Chair of its Intellectual Property Practice, Henry Sneath is a trial attorney, mediator, arbitrator and Federal Court Approved Mediation Neutral and Special Master with extensive federal and state court trial experience in cases involving commercial disputes, breach of contract litigation, intellectual property matters, patent, trademark and copyright infringement, trade secret misappropriation, DTSA claims, cyber security and data breach prevention, mitigation and litigation, probate trusts and estates litigation, construction claims, eminent domain, professional negligence lawsuits, pharmaceutical, products liability and catastrophic injury litigation, insurance coverage, and insurance bad faith claims. He is currently serving as both lead trial counsel and local co-trial counsel in complex business and breach of contract litigation, patent infringement, trademark infringement and Lanham Act claims, products liability and catastrophic injury matters, and in matters related to cybersecurity, probate trusts and estates, employment, trade secrets, federal Defend Trade Secrets Act (DTSA) and restrictive covenant claims. Pittsburgh, Pennsylvania Business Litigation and Intellectual Property Lawyer. DTSALaw® PSMNLaw®