Van Buren v. United States
A former Georgia police officer who was wrongly convicted under the notoriously vague Computer Fraud and Abuse Act ("CFAA") is asking the Supreme Court to reject a dangerously overbroad interpretation of the law. In Van Buren v. United States, Nathan Van Buren was accused of taking money in exchange for looking up a license plate in a law enforcement database. He was convicted of violating the CFAA because he allegedly used that database for an improper purpose, even though it was a database that he was allowed to access for work purposes. Under this expansive interpretation of the CFAA, it would be a federal crime any time a person violates a website's terms of service. If violating terms of service is a crime, private companies get to decide who goes to prison and for what, putting us all at risk for everyday online behavior.
Mr. Van Buren successfully petitioned the Supreme Court to review his case. EFF filed briefs both encouraging the Court to take the case and urging it to make clear that violating terms of service is not a crime under the CFAA. In an amicus brief filed on behalf of computer security researchers and organizations that employ and support them, we explained that the broad interpretation of the CFAA puts computer security researchers at legal risk for engaging in socially beneficial security testing through standard security research practices, such as accessing publicly available data in a manner beneficial to the public yet prohibited by the owner of the data.
Updates
-
The Supreme Court’s Van Buren decision today overturned a dangerous precedent and clarified the notoriously ambiguous meaning of “exceeding authorized access” in the Computer Fraud and Abuse Act, the federal computer crime law that’s been misused to prosecute beneficial and important online activity. The decision is a victory...
-
EFF has long fought to reform vague, dangerous computer crime laws like the CFAA. We're gratified that the Supreme Court today acknowledged that overbroad application of the CFAA risks turning nearly any user of the Internet into a criminal based on arbitrary terms of service. We remember the...
-
The armed Florida Department of Law Enforcement raid on Monday on the Tallahassee Florida home of data scientist and COVID whistleblower Rebekah Jones was shocking on many levels. This incident smacks of retaliation against someone claiming to provide the public with truthful information about the most pressing issue facing both...
-
Washington, D.C.—The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding that accessing computers in ways that violate terms...
-
At EFF, we have spent years fighting the Computer Fraud and Abuse Act (CFAA). The law was aimed at computer crime, but it is both vague and draconian—putting people at risk for prison sentences for ordinary Internet behavior. Now, we are asking the Supreme Court...
Pages
