The US Supreme Court heard a case of Van Buren v. United States dealing with the definition of "exceeding authorised access" under the Computer Fraud and Abuse Act (CFAA).
Mr. Van Buren, a police officer was convicted of felony computer fraud by violating the CFAA because he allegedly used a law enforcement database for an improper purpose of looking up a licence plate for remuneration, even though he was allowed to access this database for work purposes.The core of this case is the interpretation of 'authorised access' definition under CFAA. The interpretation is currently split in US appeal circuit courts, some upholding a broad interpretation that accessing a computer with authorization, but for an improper purpose is a violation of the CFAA, while others interpreting it narrowly, stating that violation only occurs if the authorized user accesses information they were prohibited from accessing.
Many civil rights groups, such as the EFF have pointed out that when using an expansive interpretation of the CFAA, 'it would be a federal crime any time a person violates a website's terms of service. If violating terms of service is a crime, private companies get to decide who goes to prison and for what, putting us all at risk for everyday online behavior.'
The outcome of the case is expected to unify the interpretation and have significant impact on cybersecurity, law enforcement, employment, and criminal and civil liability in using computer databases in the USA.