ACM US Technology Policy Committee Urges Narrower Definition of Computer Fraud and Abuse Act
July 9, 2020
ACM's US Technology Policy Committee (USTPC) filed an amicus curiae ("friend of the court") brief with the United States Supreme Court in the landmark case of Van Buren v. United States. Van Buren marks the first time that the US Supreme Court has reviewed the Computer Fraud and Abuse Act (CFAA), a 1986 law that was originally intended to punish hacking. In recent years, however, the CFAA has been used to criminally prosecute both those who access a computer system without permission, as well as those who have permission but exceed their authority to use a database once logged in.
While the Van Buren case involves prosecution of a police sergeant who allegedly accessed a state license plate database for an impermissible purpose, USTPC notes in its brief that the questions posed in this case have broad implications for the work of data and computing scientists, as well as other professionals who make use of the internet and computing technology, particularly to access information posted online.
Accordingly, USTPC urges the Supreme Court to clearly and narrowly define the limits of the CFAA so that researchers “remain free to find, collect, and use publicly-available data, and to access the publicly-available systems on which data are maintained, without the threat of prosecution or civil lawsuit.”