Van Buren v. United States, 593 U.S. ___, 141 S. Ct. 1648 (2021)

Nathan Van Buren, a former police sergeant, ran a license-plate search in a law enforcement computer database in exchange for money.  Among other things, Van Buren was charged with violation of the Computer Fraud and Abuse Act (“CFAA”) for “exceed[ing] authorized access” to the law enforcement database.  A jury convicted Van Buren of violating the CFAA, but Van Buren argued on appeal to the Eleventh Circuit that the “exceeds authorized access” clause of the statute applies only to those who obtain information to which their computer access does not extend, not to those who misuse access that they otherwise have.  In this opinion, the Supreme Court resolved a conflict among the circuits and agreed with the narrower interpretation of the law as advocated by Van Buren – and as already followed in the Ninth Circuit since United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc).  The Supreme Court concluded:  “In sum, an individual ‘exceeds authorized access’ [under CFAA] when he accesses a computer with authorization but then obtains information located in particular areas of the computer – such as files, folders, or databases – that are off limits to him.”