Skip to Content
Subscribe Employer Law Blog

Employer’s Beware: The Supreme Court Narrowly Interprets Computer Fraud and Abuse Act

In Van Buren v. United States, the Supreme Court handed down its first major decision construing the Computer Fraud and Abuse Act. In general, the CFAA sets criminal and civil penalties for unauthorized access to a computer. The CFAA identifies two ways of violating the statute, "access without authorization" and "exceed[ing] authorized access". The typical scenario in the employment context is an employee accessing confidential computer data for improper purposes, such as downloading customer data to engage in post-employment competitive activity. Employers have consistently claimed that using confidential data for an improper purpose is tantamount to “exceeding authorized access”.

However, in narrowly construing the CFAA prohibitions, the Supreme Court disagreed with the improper purpose interpretation. The Court spoke in the term of “gates” and explained that the prohibition on "access without authorization" bans entering a computer one is not authorized to access, "targeting so-called outside hackers - those who access a computer without any permission at all". The prohibition on "exceed[ing] authorized access" bans entering a part of the system to which a computer user lacks access privileges. That language target[s] so-called inside hackers - those who access a computer with permission, but then exceed the parameters of authorized access by entering an area of the computer to which that authorization does not extend. Thus, under Van Buren, if an employee has permission to access computer data, then the improper use of any accessible data does not rise to the level of a CFAA violation.

Take away - Employers should maintain hierarchical tiered computer access protocols that provide employees limited access to computer data that is based on a strict need-to-know basis. Also, employers should review their nondisclosure agreements and policies to specifically address authorized access and proper use of confidential information.

For more information about protecting confidential information or trade secrets, please contact Timm Schowalter at tschowalter@sandbergohoenix.com or 314.425.4910, or contact another member of Sandberg Phoenix’s Labor and Employment Law Team.

Share This Blog Post

Related Services

Cybersecurity & Privacy Risk Management Employment Litigation Labor & Employment Counseling