Van Buren v. United States (U.S. Supreme Court, June 2021)

The Federal Docket

June 3, 2021

Computer Crimes – An individual triggers criminal liability under the CFAA if they access information in a computer that they do have have authorization to access, but they do not violate the CFAA simply by accessing information for an improper purpose if they are otherwise authorized to access it.

Nathan Van Buren was convicted of violating the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030(a)(2), which applies to one who “intentionally accesses a computer without authorization or exceeds authorized access.” Van Buren was a police officer who, in exchange for several thousands dollars from an FBI informant, agreed to conduct a search on a police database in order to identify an undercover officer. The Eleventh Circuit upheld his conviction, holding that Van Buren violated the CFAA because, though he had access to the database, he used it for improper purposes and “exceeded authorized access.”

In a 6-3 decision, the Supreme Court reversed, narrowing the scope of the CFAA considerably. In a very technical opinion, the Court held that, given the statutory definition of “exceeds authorized access” under 1030(e)(6), an individual only exceeds authorized access when he obtains information “from particular areas in the computer–such as files, folders, or databases–to which their computer access does not extend.” The Court concluded that the law does not cover individuals who “have improper motives for obtaining information that is otherwise available to them.”

Here, Van Buren was authorized to access to the law enforcement database, and while he accessed it for an improper purpose, that was not sufficient to establish a criminal violation of the CFAA. The Court cautioned that the Government’s proposed reading of the law would be almost limitless and could reach innocent conduct, such as an employee using a work computer to read the news or send a personal email.

Justice Thomas dissented, arguing that the plain language of the law and common law principles regarding the scope of consent to use the property of another supported the government’s reading of the law. The dissent argued that the CFAA applies when an individual uses the computer of another for any purposes that have not been authorized.

On Certiorari to the Eleventh Circuit
Opinion by Barrett, joined by Sotomayor, Breyer, Kagan, Gorsuch, and Kavanaugh
Dissent by Thomas, joined by Roberts and Alito

Click here to read the opinion.

Tom Church - Tom is a trial and appellate lawyer focusing on criminal defense and civil trials. Tom is the author of "The Federal Docket" and is a contributor to Mercer Law Review's Annual Survey in the areas of federal sentencing guidelines and criminal law. Tom graduated with honors from the University of Georgia Law School where he served as a research assistant to the faculty in the areas of constitutional law and civil rights litigation. Read Tom's reviews on AVVO. Follow Tom on Linkedin.

Scroll to Top