Tech

Supreme Court reins in definition of crime under controversial hacking law

Protesters walking across a bridge. One holds a sign with a picture of Aaron Swartz that says,

Enlarge / In April 2013, more than 120 people attended a rally in Boston to remember Aaron Swartz and call for reform of the Computer Fraud and Abuse Act. (credit: Getty Images | Boston Globe)

The Supreme Court issued a ruling today that imposes a limit on what counts as a crime under the Computer Fraud and Abuse Act (CFAA).

The case involves a former Georgia police sergeant who “used his own, valid credentials” to get information about a license plate number from a law enforcement database, the court decision said. The sergeant ran the search in exchange for money and for non-law enforcement purposes, violating a department policy. He was charged with a felony under the CFAA, which says it’s a crime when someone “intentionally accesses a computer without authorization or exceeds authorized access.” He was convicted and sentenced to 18 months in prison in May 2018.

A federal appeals court upheld the conviction, but the Supreme Court reversed it today in a 6-3 decision that said Van Buren did not violate the CFAA. Justices found that the cybersecurity statute does not make it a crime to obtain information from a computer when the person has authorized access to that machine, even if the person has “improper motives.”

Read 21 remaining paragraphs | Comments