United States Supreme Court Grants Certiorari in Van Buren v. United States: Court Will Review Whether the Computer Fraud and Abuse Act Prohibits an Individual Who Is Authorized to Access Information on a Computer for Specific Purposes from Accessing that Information for an Improper Purpose

Sullivan & Cromwell LLP - April 21, 2020

Yesterday, the U.S. Supreme Court agreed to hear argument in the closely watched case of Van Buren v. United States, No. 19-783, which will have significant implications for employers protecting sensitive data and information. The appeal presents the question of whether Section (a)(2) of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, which bars individuals from “exceed[ing] authorized access” to a computer, prohibits an individual who is authorized to access information on a computer for specific purposes from accessing that information for an improper purpose. This case will allow the Supreme Court to address an issue of law that has caused a significant split between the First, Fifth, Seventh, and Eleventh Circuits, which interpret Section 1030(a)(2)’s prohibition to apply to individuals who misuse information from a computer they were otherwise entitled to access, and the Second, Fourth, and Ninth Circuits, which interpret Section 1030(a)(2) to cover only cases where individuals had no right to access the information from the computer for any purpose.