The US Supreme Court has narrowed the scope of the country’s hacking law after ruling that the Justice Department’s interpretation of the law was too broad and would mean “millions of otherwise law-abiding citizens are criminals”.
Justices had previously warned that the 1986 Computer Fraud and Abuse Act (CFAA) could attach a criminal penalty to acts such as checking social media at work.
The 6-3 decision, handed down on Thursday, means prosecutors cannot be charged for misusing a database they are otherwise permitted to use.
The majority decision said that a police officer convicted for taking a bribe to look up a license plate could not be prosecuted for violating the CFAA because he was permitted to use the database in his work.
“In the computing context, ‘access’ references the act of entering a computer ‘system itself’ or a particular ‘part of a computer system,’ such as files, folders, or databases,” said Justice Amy Coney Barrett, who wrote the majority opinion.
“It is thus consistent with that meaning to equate ‘exceed[ing] authorised access’ with the act of entering a part of the system to which a computer user lacks access privileges.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataBarrett added: “If the ‘exceeds authorised access’ clause criminalises every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals.”
Cybersecurity researchers have previously criticised the CFAA because it put them at risk of prosecution when testing systems for weaknesses.
“Under the government’s broad interpretation of the CFAA, standard security research practices — such as accessing publicly available data in a manner beneficial to the public yet prohibited by the owner of the data — can be highly risky,” a group of security researchers wrote in 2020.
However, the Supreme Court’s dissenting opinions argued that there are other areas of law where receiving permission to do one thing does not give permission to do another.
“A valet, for example, may take possession of a person’s car to park it, but he cannot take it for a joyride,” Thomas wrote in an opinion joined by Chief Justice John Roberts and Justice Samuel Alito.