This Article addresses the impact of the U.S. Supreme Court’s June 2021 decision in Van Buren v. United States on what constitutes“ authorization” to access a computer under the Federal Computer Fraud and Abuse Act (CFAA)—a law that imposes both criminal and private civil liability for violations—and concludes that, so far, the Van Buren decision has not rendered the CFAA toothless. The Introduction briefly explains the history of the CFAA, a summary of why it was enacted, how organizations have relied upon it as an important tool to protect themselves from computer hackers and increased cybersecurity risks, and a Circuit of Appeals split about what it means to “exceed authorization.” The Article then, in a section titled “Exceeding Authorized Access: All That Is Not Permitted Is Forbidden,” tells the sordid tale of what happened to Van Buren and how the U.S. Supreme Court resolved his case, ultimately by reversing the Court of Appeals’s ruling affirming his CFAA conviction in an attempt to resolve the circuit split. It concludes in “Protecting Systems with a Sign on the Doorposts” by examining the two cases that, through December 2021, considered the authorization issue and what they indicate about the future of the post-Van Buren CFAA.
Scott T. Lashway and Matthew M.K. Stein, SIGNS INSCRIBED ON A GATE: THE IMPACT OF VAN BUREN V. UNITED STATES ON CIVIL CLAIMS UNDER THE COMPUTER FRAUD AND ABUSE ACT, 44 W. New Eng. L. Rev. 109 (2022), https://digitalcommons.law.wne.edu/lawreview/vol44/iss1/5