Hacking Defense : Computer Hacking, Cyber Crimes – Federal Crimes of Unauthorized Access to Computer Information
Author: John Helms – Dallas Criminal Defense Lawyer – Dallas Hacking Defense Attorney John Helms Explains Hacking Laws
Van Buren v. United States: The Supreme Court Says the Federal Computer Hacking Criminal Law Does Not Apply to People Who Simply Make Unauthorized Use of Information They Are Allowed to Access
The United States Supreme Court
The United States Supreme Court just handed down an important decision on the federal crime of computer hacking. The case is Van Buren v. United States, No. 19-783 (U.S., June 3, 2021). The opinion significantly narrowed the conduct that can be considered criminal under the federal computer hacking law. This is good news for those accused of federal computer hacking crimes.
The federal criminal computer hacking law
The federal criminal computer hacking law is called the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. §1030. The CFAA makes it a federal crime to gain unauthorized access to a computer intentionally. That is what we normally think of as “computer hacking.”
The law also makes it a crime, however, to “excee[d] authorized access” to a computer. The law defines this as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter.” 18 U.S.C. § 1030(a)(2). The issue in Van Buren was the meaning of this definition and whether it includes situations in which people obtain information that they are entitled to obtain, if they are obtaining it for an unauthorized purpose.
In Van Buren, a police officer was paid by a government informant to access a law enforcement license plate database to get information about the driver. The police officer understood that the informant planned to use the information for personal reasons and not for law enforcement purposes. The police officer had authority to access the database and to obtain the information, but according to the department policies, he was not authorized to do that unless it was for a legitimate law enforcement purpose.
The officer was found guilty at trial, and the Eleventh Circuit Court of appeals upheld the conviction. The officer appealed to the United States Supreme Court, which reversed the conviction. The Supreme Court held that the definition of “exceeds authorized access” deals with situations in which a person has the authority to access the computer, but goes into files or folders to which the person does not have access.
Most importantly, the Supreme Court rejected the Government’s argument that it is a federal crime for a person to access information that the person is allowed to access, but to do so for an improper purpose. Several courts of appeal, including the Fifth Circuit, which covers federal courts in Texas, Louisiana, and Mississippi, had held that an improper purpose was enough to make the access a crime. See United States v. John, 597 F.3d 263 (5th Cir. 2010). Van Buren therefore overrules what had been the law in federal courts in Texas for over ten years.
The Van Buren opinion makes sense. In the CFAA, Congress did not intend to turn violations of office policies into federal crimes. As Justice Barrett explained in Van Buren, the “for an improper purpose” interpretation criminalizes a “breathtaking amount of commonplace computer activity.” Van Buren, slip op. at 17. For example, an employee who uses office email for personal purposes in violation of company policy would commit a federal crime.
The Supreme Court’s interpretation places the law where Congress intended it—criminalizing breaking into computers or particular files, folders, or databases, but not using information that a person is authorized to access for an improper purpose. This will now be the rule in federal courts in Texas.
Why Computer fraud and hacking are serious federal crimes?
Computer fraud and hacking are serious federal crimes that can result in significant jail time. The law itself in this area is complicated, and the facts of these types of cases can be complicated as well. As someone who has prosecuted and defended people under this federal statute, and who has even represented someone in a civil case under it, I know how important it is for anyone accused of the crime of computer fraud or computer hacking to consult with an experienced federal criminal defense lawyer who understand cyber crime and hacking defense and who knows the ins and outs of the cybercrime law and who has experience with these cases.
What to do if you are charged with a cybercrime?
If you have been charged with a cybercrime that involves computer hacking, indictments for criminal cases involving some form of financial and banking Internet fraud linked to identity theft then the law office of John M Helms can help protect your rights and freedom. John Helms is a former federal prosecutor with experience prosecuting computer fraud crimes plus 30 years defending people charged with all types of computer related state and federal crimes. John has experience with state and federal computer hacking crimes, from online intellectual property infringements to phishing fraud scams, indictments like online harassment and cyberstalking. If you would like to speak with John Helms, author and attorney, because you or a loved one is either being investigated or has been charged with a crime, then contact our Dallas computer hacking criminal defense lawyers intake department. Cybercrime indictments will in all likelihood be heard by a federal magistrate in a federal criminal court and you will need to hire a Dallas criminal attorney who is both proficient as a state and federal defense lawyer specializing in all forms of computer cybercrimes.
Related Content from Author:
To request a consultation and have Mr. Helms contact you,
please fill out this form or call (214)-666-8010
Criminal Defense Lawyer John Helms
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.