Project for Privacy and Surveillance Accountability (PPSA)
  • Issues
  • Solutions
  • SCORECARD
    • Congressional Scorecard Rubric
  • News
  • About
  • TAKE ACTION
    • PRESS Act
    • Fourth Amendment Is Not For Sale Act
    • Over 3 Million Searches
  • Issues
  • Solutions
  • SCORECARD
    • Congressional Scorecard Rubric
  • News
  • About
  • TAKE ACTION
    • PRESS Act
    • Fourth Amendment Is Not For Sale Act
    • Over 3 Million Searches

 NEWS & UPDATES

Van Buren v. United States Says Police Misuse of Official Database Is Not a Crime

6/11/2021

 

Ruling Demonstrates Need for Other Checks on Government Misconduct

Police Data Van Buren v. United States
Credit: Photosani/shutterstock.com
​Are the police breaking the law when, using their official credentials, they access a database for an illicit purpose? This week, in a 6-3 decision, the Supreme Court said no.
 
In 1986, in response to rising cybercrime, Congress passed the Computer Fraud and Abuse Act (CFAA) to impose criminal punishment on anyone who “intentionally accesses a computer without authorization or exceeds authorized access.”
 
Nathan Van Buren, while a Georgia police sergeant, ran afoul of the CFAA when he conducted a license-plate search on a law enforcement database in exchange for a bribe. Because his department’s policy authorized him to access the database only for law enforcement purposes, Van Buren was convicted for “exceed[ing his] authorized access” and sentenced to 18 months’ imprisonment.
 
Van Buren appealed to the Eleventh Circuit, arguing that CFAA only applies to those who obtain information to which their authorized access did not extend. The Eleventh Circuit disagreed, adopting a broader view of the statute under which someone exceeds authorized access when that person intentionally accesses information within the scope of one’s credentials, but for an inappropriate reason.
 
Justice Barrett, writing for the majority, rejected that broader view as contrary to the language of the statute. Interpreting the CFAA definition of “authorized access” as creating a simple “gates-up-or-down” inquiry, she concluded that the statutory language imposed criminal liability only when a person accessed a computer system—or areas within that system—beyond what their official credentials would allow. Because Van Buren’s license-plate search violated his departmental policy but was performed with valid credentials, he did not exceed his authorized access under the CFAA.
 
Justice Barret’s opinion warned that a broader reading of the CFAA could have the effect of “criminaliz[ing] every violation of a computer-use policy”—potentially subjecting “millions of otherwise law-abiding citizens” to criminal punishment for relatively harmless acts like sending personal emails or checking the news on a work computer.
 
Nevertheless, the Court’s ruling has the effect of immunizing bad-faith government actors who abuse their official computer- and database-access.
 
The Supreme Court’s decision highlights a critical need for other enforcement tools to check government misconduct.
 
While PPSA recognizes both the legal and policy reasons underlying the Court’s decision, Van Buren removes the threat of criminal prosecution as a deterrent to government computer-search abuses. If the CFAA’s broad criminal liability is too sweeping a tool to prevent the ever-present danger of government overreach, then clearly a more appropriate mechanism is needed. New legislation, perhaps targeted just to official government misconduct, could avoid overcriminalization while giving official-use policies some needed teeth.

Comments are closed.

    Categories

    All
    2022 Year In Review
    Analysis
    Call To Action
    Congress
    Congressional Hearings
    Congressional Unmasking
    Court Hearings
    Court Rulings
    Digital Privacy
    Domestic Surveillance
    Facial Recognition
    FISA
    FOIA Requests
    Fourth Amendment Is Not For Sale Act
    Government Surveillance
    Insights
    In The Media
    Lawsuits
    Legislation
    News
    Opinion
    Podcast
    PPSA Amicus Briefs
    Private Data Brokers
    SCOTUS
    SCOTUS Rulings
    Section 702
    Spyware
    Stingrays
    Surveillance Issues
    Surveillance Technology

    RSS Feed

© COPYRIGHT 2023. ALL RIGHTS RESERVED. | PRIVACY STATEMENT