The particular case under review concerns former police sergeant Nathan Van Buren who was convicted in 2017 under the CFAA for running a computer search for a license plate number. Van Buren had authorized access to the police\u2019s database, but in this case he ran a license check in return for cash.<\/p>\n
The full details are unedifying: Van Buren needed money and offered to run plate checks for a stripper named Albo. Albo went to the local sheriff\u2019s office, which contacted the FBI and they set up a sting operation giving Albo a fake license which she gave to Van Buren. She said that she wanted to know if it belonged to an undercover cop who was trying to bust her for prostitution. She gave Van Buren cash and he ran the plate.<\/p>\n
Van Buren was arrested for breaking the CFAA. But in court, Van Buren\u2019s lawyers argued that he was authorized to use the system as a police officer and that that access couldn\u2019t be unauthorized, regardless of why he performed the search itself.<\/p>\n
In other words, he could be taken to task for taking money from a stripper to run a license plate \u2013 clearly unethical behavior \u2013 but he couldn\u2019t be convicted under the CFAA for doing so.<\/p>\n
Honest guv<\/span><\/h3>\nHe was charged with two cases: committing computer fraud for financial gain (violating the CPAA) and honest services fraud and violating the CFAA. He was found guilty on both counts and sentenced to prison for 18 months, with two years of supervised release. He appealed and the \u201chonest services\u201d charge was overturned but the CFAA computer fraud charge was not. And that\u2019s why it may be the perfect test case.<\/p>\n
Lawyers and legal minds have been fighting over the question of authorized and unauthorized use under the CFAA ever since it was enacted back in 1986. The advent of the internet however made the issue 100 times bigger and hence 100 times more important.<\/p>\n
![\"Illustration](\"https:\/\/regmedia.co.uk\/2020\/03\/31\/shutterstock_cfaa.jpg?x=174&y=115&crop=1\")
<\/p>\nRelax, breaking a website’s fine-print doesn’t make you a criminal hacker, says judge in US cyber-law legal row<\/h2>\n
READ MORE<\/span><\/a><\/div>\nThe case has now been relisted with the Supreme Court because other Appeals Courts have had to decide similar cases in the meantime and have come up with different interpretations. In 2011, the Eleventh Circuit decided that violating a written restriction makes such access unauthorized in Van Buren\u2019s case.<\/p>\n
But the Second and Ninth Circuits have since rejected that argument, in large part because it would make criminals out of potentially millions of people for not following the terms of use put out by hundreds of different companies.<\/p>\n
As one example, professor of law at UC Berkeley, Orin Kerr, has argued<\/a> that if the CFAA is used to apply to terms of use then he is guilty of criminal conduct because he has given Facebook a false location for himself, an infringement of the social media giant\u2019s terms of us. And he commits a new crime every time he logs into the service.<\/p>\nVan Buren is a fairly clean one for the Supreme Court in the sense that the legal issues are cleanly decided. He was charged with violating the CFAA, convicted \u2013 by a jury \u2013 and that conviction was then upheld. But his entire sentence is now based on that interpretation of the CFAA.<\/p>\n
And there are other appeals courts that have clearly said they do not agree with the interpretation. Plus, of course, it is of significant public interest and importance because it impacts the behavior of just about every citizen on a daily basis.<\/p>\n
Not strong arguments<\/span><\/h3>\nThe government is fearful of losing at the Supreme Court because it would immediately lead to appeals for all those who have been convicted under its current interpretation of the CFAA.<\/p>\n
If the Supreme Court does take the case up it will have to dig into such questions as: who sets the usage rules? What is legal and illegal to do from the same computer with the same access? Can an employer effectively turn its employees into criminals if they don\u2019t follow its rules? Can a tech company like Facebook put people in jail if it catches them breaking its terms of use?<\/p>\n
And, just to open Pandora\u2019s Box a little more: a change in how the CFAA works would impact one of the most controversial cases it was used in \u2013 to prosecute Aaron Swartz for downloading millions of research papers.<\/p>\n
Back in 2013, House Representative Zoe Lofgren (D-CA) drafted a bill that would have specifically excluded terms of service from the CFAA because of what happened to Swartz. The young co-founder of RSS was aggressively pursued under that aspect of the law and told he would face a million-dollar fine and up to 35 years in prison for his actions. Unable to deal with the pressure, he committed suicide<\/a>.<\/p>\nLofgren\u2019s bill was beaten back \u2013 allegedly thanks to lobbying by Oracle \u2013 and she reintroduced it<\/a> in 2015, but it again went nowhere. At the time \u2013 five years ago now \u2013 Lofgren argued that the CFAA was \u201clong overdue for reform.\u201d<\/p>\n\u201cAt its very core,\u201d she argued, \u201cCFAA is an anti-hacking law. Unfortunately, over time we have seen prosecutors broadening the intent of the act, handing out inordinately severe criminal penalties for less-than-serious violations. It’s time we reformed this law to better focus on truly malicious hackers and bad actors, and away from common computer and Internet activities.”<\/p>\n
Somewhat unusually, a corrupt cop and a stripper may bring some much-delayed justice to Swartz and potentially dozens of others who have been found guilty under the government\u2019s interpretation of the CFAA. \u00ae<\/p>\n
Sponsored:<\/span> Practical tips for Office 365 tenant-to-tenant migration<\/a><\/p>\n
<\/p>\nRelax, breaking a website’s fine-print doesn’t make you a criminal hacker, says judge in US cyber-law legal row<\/h2>\n
READ MORE<\/span><\/a><\/div>\n The case has now been relisted with the Supreme Court because other Appeals Courts have had to decide similar cases in the meantime and have come up with different interpretations. In 2011, the Eleventh Circuit decided that violating a written restriction makes such access unauthorized in Van Buren\u2019s case.<\/p>\n But the Second and Ninth Circuits have since rejected that argument, in large part because it would make criminals out of potentially millions of people for not following the terms of use put out by hundreds of different companies.<\/p>\n As one example, professor of law at UC Berkeley, Orin Kerr, has argued<\/a> that if the CFAA is used to apply to terms of use then he is guilty of criminal conduct because he has given Facebook a false location for himself, an infringement of the social media giant\u2019s terms of us. And he commits a new crime every time he logs into the service.<\/p>\n Van Buren is a fairly clean one for the Supreme Court in the sense that the legal issues are cleanly decided. He was charged with violating the CFAA, convicted \u2013 by a jury \u2013 and that conviction was then upheld. But his entire sentence is now based on that interpretation of the CFAA.<\/p>\n And there are other appeals courts that have clearly said they do not agree with the interpretation. Plus, of course, it is of significant public interest and importance because it impacts the behavior of just about every citizen on a daily basis.<\/p>\n The government is fearful of losing at the Supreme Court because it would immediately lead to appeals for all those who have been convicted under its current interpretation of the CFAA.<\/p>\n If the Supreme Court does take the case up it will have to dig into such questions as: who sets the usage rules? What is legal and illegal to do from the same computer with the same access? Can an employer effectively turn its employees into criminals if they don\u2019t follow its rules? Can a tech company like Facebook put people in jail if it catches them breaking its terms of use?<\/p>\n And, just to open Pandora\u2019s Box a little more: a change in how the CFAA works would impact one of the most controversial cases it was used in \u2013 to prosecute Aaron Swartz for downloading millions of research papers.<\/p>\n Back in 2013, House Representative Zoe Lofgren (D-CA) drafted a bill that would have specifically excluded terms of service from the CFAA because of what happened to Swartz. The young co-founder of RSS was aggressively pursued under that aspect of the law and told he would face a million-dollar fine and up to 35 years in prison for his actions. Unable to deal with the pressure, he committed suicide<\/a>.<\/p>\n Lofgren\u2019s bill was beaten back \u2013 allegedly thanks to lobbying by Oracle \u2013 and she reintroduced it<\/a> in 2015, but it again went nowhere. At the time \u2013 five years ago now \u2013 Lofgren argued that the CFAA was \u201clong overdue for reform.\u201d<\/p>\n \u201cAt its very core,\u201d she argued, \u201cCFAA is an anti-hacking law. Unfortunately, over time we have seen prosecutors broadening the intent of the act, handing out inordinately severe criminal penalties for less-than-serious violations. It’s time we reformed this law to better focus on truly malicious hackers and bad actors, and away from common computer and Internet activities.”<\/p>\n Somewhat unusually, a corrupt cop and a stripper may bring some much-delayed justice to Swartz and potentially dozens of others who have been found guilty under the government\u2019s interpretation of the CFAA. \u00ae<\/p>\n Sponsored:<\/span> Practical tips for Office 365 tenant-to-tenant migration<\/a><\/p>\nNot strong arguments<\/span><\/h3>\n