Van Buren v. United States

Summarized by:

  • Court: United States Supreme Court
  • Area(s) of Law: Criminal Law
  • Date Filed: June 3, 2021
  • Case #: 19-738
  • Judge(s)/Court Below: BARRETT, J., delivered the opinion of the Court. THOMAS, J., with whom ROBERTS, C.J. and ALITO, J. dissenting.
  • Full Text Opinion

Under 18 U.S.C. § 1030(a)(2), the phrase “exceeds authorized access” is limited by the phrase “entitled so to obtain,” such that an individual cannot to have been said to violate the statute for obtaining information from a computer that they are otherwise authorized to access, even if the individual accessed the information for improper purposes.

Van Buren appealed his conviction of violating 18 U.S.C. §1030(a)(2) under the Computer Fraud and Abuse Act (“CFAA”) of 1986. The trial court convicted Van Buren under the CFAA for accessing a computer he was authorized to access and obtaining data—the trial court determined—he was not “entitled so to obtain.” The Eleventh Circuit affirmed the trial court’s conviction. The Court held that Van Buren did not “exceed [his] authorized access,” as that phrase is defined by the CFAA, even though he obtained information from the database for improper purposes. The Court reasoned that the term “entitled so to obtain” limited the circumstances under which an individual “exceeds authorized access.” The Court interpreted “entitled so to obtain” to mean that an individual only “exceeds authorized access” when an individual obtains information from a computer that they are otherwise authorized to access, but the location of the information in the computer is stored in a particular place that the individual is prohibited from accessing. Because Van Buren had authorization to access the database where he obtained information, it was determined that he was “entitled so to obtain” that information. The fact that he accessed the information for improper purposes was not a violation of the CFAA. Reversed and remanded.

Advanced Search


Back to Top