At EFF, we have spent years fighting the Computer Fraud and Abuse Act (CFAA). The law was aimed at computer crime, but it is both vague and draconian—putting people at risk for prison sentences for ordinary Internet behavior. Now, we are asking the Supreme Court to step in and stop dangerous overbroad interpretations of the CFAA.
The CFAA was passed more than 30 years ago, before the invention of the World Wide Web. Consequently, the law is hard to make sense of in our increasingly digital world. Some courts have rightly interpreted the law narrowly, focusing on hacking and other illegal computer intrusions. But other courts have bought into tactics used by creative prosecutors, who argue that when the statute outlaws “exceeding authorized access” to a computer, it also covers violating the “terms of service” of websites and other apps.
Now, a former Georgia police officer who was wrongly convicted under the CFAA is asking the Supreme Court to take his case. In Van Buren v. United States, Van Buren was accused of taking money in exchange for looking up a license plate in a law enforcement database. This was a database he was otherwise entitled to access, meaning the CFAA is the wrong law to use when prosecuting his alleged behavior. In our amicus brief filed today with the Center for Democracy and Technology and New America’s Open Technology Institute, EFF argues that Congress intended to outlaw computer break-ins that disrupted or destroyed computer functionality, not anything that the service provider simply didn’t want to have happen.
It’s time we got some clarity about the CFAA. We hope the Supreme Court takes Van Buren and agrees on a narrow interpretation of this messy and confusing law.