The Computer Fraud and Abuse Act of 1986 (CFAA) has been used for 35 years to prosecute cybercriminals and recover damages in civil suits. Those bad actors under the CFAA have more and more commonly been employees who violated company policies by accessing information that the technical controls placed on their employer-issued credentials allowed them to access.
The distinction between such employees and other bad actors is that their employers’ policies prohibited them from using the information in a manner that the employer didn’t like. Unlike the third-party hackers that come to mind when you think of computer fraud and cybercriminals, the employees were given credentials to use their employers’ computer systems in order to access the files within.
The core behavior at issue in Van Buren was whether a computer user who has authorized access to the computer system (in a technical sense) runs afoul of the CFAA if the user’s purpose in accessing the data is prohibited by the terms of their computer use policy.
[Read more…] about Supreme Court Refuses to Extend CFAA to Employer’s Computer Policies in Van Buren v. United States