- Court: U.S. Supreme Court Certiorari Granted
- Area(s) of Law: Criminal Law
- Date Filed: April 20, 2020
- Case #: 19-783
- Judge(s)/Court Below: 940 F.3d 1192 (11th Cir. 2019)
- Full Text Opinion
The Computer Fraud and Abuse Act (CFAA) prohibits a person from accessing a computer without authorization or to “exceed[] authorized access, and thereby obtain[] information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C). Under the act, exceeding authorized access is accessing a computer and obtaining information “that the accessor is not entitled so to obtain or alter.” Id. § 1030(e)(6). The FBI set up a sting to catch Petitioner, a policeman, running a computer search for a local man in exchange for a loan, accessing the Georgia Crime Information Center (GCIC) database, which contains license plate and vehicle registration information. Petitioner was found guilty under the CFAA. The Eleventh Circuit affirmed, rejecting Petitioner’s argument that he did not violate the act by accessing a system he was authorized to access, citing United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010) (holding a defendant violates the CFAA when he obtains information he has no authorization to acquire). Petitioner argues that the courts of appeal are split on the issue of whether someone who has authorization to access a database violates the CFAA when acquiring information for an improper purpose. Petitioner argues the importance of resolving this issue of whether the CFAA applies only to hacking or to accessing information for a wide variety of innocuous reasons.