Supreme Court Limits Scope of Controversial Hacking Law
The Supreme Court has ruled that a police officer in Georgia who received money for obtaining data from a law-enforcement database for an associate did not violate a controversial federal hacking law. This may mark a victory for the ethical hacking community as it sets a limiting precedent to the law’s scope. The law in question, the Computer Fraud and Abuse Act (CFAA) was enacted in 1986 and provides limitations on the authorized use of devices. The landmark ruling, Van Buren v. United States, was decided by a 6-3 vote after judges ruled that because Van Buren used his own credentials to access the information, he did not violate the law despite receiving financial compensation for retrieving the data.
The law subjects criminal liability to those who intentionally accesses a computer without authorization, which Van Buren did not do, according to the ruling. During the hearing, the court also highlighted a number of structural rules within the CFAA that pointed towards the fact that Van Buren did not violate it. One of these includes the phrase “exceeds authorized access,” which would suggest that Van Buren overstepped his authority as a police officer in accessing the database.