Andrew Hinkes is an attorney with and an adjunct professor at the and .
This summer, the U.S. Supreme Court will consider how to interpret the 1986 Computer Fraud and Abuse Act, a key data protection law. The court’s decision could criminalize common but technically prohibited computer-related conduct, put limitations on a powerful law that punishes insider data theft and abuse like exchange hacks, or come down somewhere in the middle.
At issue in United States v. Van Buren is the interpretation of a provision of the CFAA, [18 U.S.C. § 1030(a)(2)(C)] which makes it a federal crime to “access a computer without authorization or exceed authorized access,” and “thereby obtain information from any protected computer.” To “exceed authorized access” means “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”