The U.S. Supreme Court may decide in its new term if someone who uses a work computer
or takes social media data without authorization can be found guilty of breaking a
31-year-old federal law originally designed to criminalize hacking.
The high court has been asked to review two lower court decisions that held a defendant
can run afoul of the Computer Fraud and Abuse Act (CFAA) by accessing a computer or
social media data without permission—or when permission has been explicitly revoked.
The justices have the chance to clarify the scope of a law that plaintiffs have invoked
in scenarios that go well beyond an outside hacker breaking into a computer. The court
plans to consider the petitions for review at its Oct. 6 conference.
Courts have struggled to define what constitutes the term “without authorization”
under the law in the face of changing technology. The pending petitions present opportunities
for the high court to bring the law up to speed with the modern computer age, Jeffrey
D. Neuburger, a partner and co-head of the technology, media and communications group
at Proskauer Rose LLP, told Bloomberg BNA.
“The Supreme Court could add a level of consistency and uniformity across jurisdictions,
hopefully in a way that would apply in a variety of factual circumstances,” Neuburger
The U.S. Court of Appeals for the Ninth Circuit attempted to define “without authorization”
under the law, but critics argue its interpretation could criminalize password sharing
and stifle the growth of cloud computing and other technologies.
United States v. Nosal (Nosal II), petitioner David Nosal is asking the Supreme Court to determine if accessing a computer
with an account holder’s permission—but without the computer owner’s permission—constitutes
“access without authorization” under the CFAA (