by: Guest Blogger Matt Dodge
The Supreme Court has granted another victory lap—the second in three years—to lawyers (and clients) from our Northern District of Georgia community.
Nathan Van Buren, a police officer in Cumming, Georgia, logged into a work laptop, searched the GCIC database for a license plate, and sold the results to an FBI confidential informant. The officer violated the police department’s personnel policy. But did he commit a federal crime?
Not so, says the Supreme Court. In Van Buren v. United States, the Court held that the officer did not violate 18 U.S.C. § 1030(a)(2), the Computer Fraud and Abuse Act of 1986. Why not? “This provision covers those who obtain information from particular areas in the computer—such as files, folders, or databases—to which their computer access does not extend. It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.”
Put another way, the law applies only to hackers, including both the outside hacker who breaks into a computer system and the inside hacker who has legitimate access to a computer system, but breaks into a digital space that is forbidden to him. Van Buren was not a hacker because he had permission and credentials to search GCIC data. His motives—what he intended to do with the data, in violation of the employee handbook—were beside the point.
The list of names who joined Justice Barrett’s majority opinion is remarkable: Justices Breyer, Sotomayor, Kagan, Gorsuch, and Kavanaugh. On many issues, the three progressives and three Trump nominees sit at distant poles on the political spectrum. Yet in Van Buren, these six justices signed this judicial Möbius strip, a one-sided geometric figure formed by twisting a strip of paper and gluing together the opposite ends.
A person violates § 1030(a)(2) when he “intentionally accesses a computer without authorization or exceeds authorized access,” and thereby obtains computer information. Van Buren had authorization to access the computer, of course, but did he “exceed authorized access”? That phrase means “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
Van Buren’s fate rested on the meaning of two words: “so” and “entitled.” That’s it. Justice Barrett, writing for majority, cited an entire bookshelf of reference materials—eight dictionaries and Scalia & Garner’s Reading Law—as she offered an exegesis of the text, a riff on legislative intent, and a take-down of Justice Thomas’s dissent. (Not to be out-done, he too cited dictionaries, Scalia & Garner, and even dusted off his copies of Restatement of Torts and Restatement of Contracts). All of that alone, would be plenty to resolve the case in Van Buren’s favor.
Yet Justice Barrett went on to describe just why Van Buren’s prosecution is so dangerous to us all. With a there-but-for-the-grace-of-God tone, she noted that if the government is right here, all of us (including you, me, and Justice Kavanaugh) may violate § 1030(a)(2) every day: “If the ‘exceeds authorized access’ clause criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals.” Any employee who uses his work computer to send a personal email, read the news, pay the bills, or check the Hawks score, she warns, would be guilty of this federal crime.
Once again, the Supreme Court has shined a light on the Eleventh Circuit’s fallibility. According to Ballotpedia, during the period between 2007 and 2020, the Supreme Court reversed our local appeals court no fewer than 48 times, an average of more than three cases each term. Indeed, among the 13 circuit courts (including the Federal Circuit), only three saw more reversals than the Eleventh Circuit.
And now we add another to the list, thanks to the Van Buren team: Saraliene Durrett and Michael Trost of the CJA panel, Rebecca Shepard of the Federal Defender Program, and Jeffrey L. Fisher & Co. of Stanford Law School.