{"id":832,"date":"2025-04-20T21:15:26","date_gmt":"2025-04-20T21:15:26","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/epres010\/?p=832"},"modified":"2025-04-20T21:15:26","modified_gmt":"2025-04-20T21:15:26","slug":"crjs-406-cfaa-analysis","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/epres010\/2025\/04\/20\/crjs-406-cfaa-analysis\/","title":{"rendered":"CRJS 406 – CFAA Analysis"},"content":{"rendered":"\n
\n

We are now studying the Computer Fraud and Abuse Act (CFAA) in which you will learn that Section 1030(a)(2) makes it a federal crime to “[access] a computer without authorization or [exceed] authorized access, and thereby [obtain] information from any protected computer.\u201d \u00a0In\u00a0Van Buren v. United States,<\/em>\u00a0593 U.S. ___ (2021), the U.S. Supreme Court considered the reach of the statute (the CFAA) as it applies to a Georgia police officer in his personal use of a department database.<\/strong><\/p>\n\n\n\n

Read about the case (either through its full decision here:\u00a0\u00a019-783 Van Buren v. United States (06\/03\/2021) (supremecourt.gov)<\/a>), or at least through these summaries:\u00a0 (1)\u00a0Van Buren v. United States – Ballotpedia<\/a>\u00a0and (2)\u00a0Van Buren v. United States | Oyez<\/a>.<\/strong><\/p>\n\n\n\n

Then do the following:\u00a0In your post, explain whether\u00a0you agree<\/em>\u00a0with the U.S. Supreme Court’s majority in its holding on whether Sergeant Van Buren violated the CFAA. Support your position by referencing the majority and\/or dissenting opinions, as well as any other material you deem relevant, and also provide practical support for your decision.\u00a0I want\u00a0proof\u00a0\u00a0<\/em>that you\u00a0have read the facts and opinions (majority and dissenting) carefully. I want some\u00a0detail\u00a0<\/em>in your response.<\/strong><\/p>\n\n\n\n

Be sure to have a good handle on the majority\u2019s holding and reasoning, as well as why some dissenters disagreed with the majority.<\/strong><\/p>\n\n\n\n

When considering both the court\u2019s majority and dissenting opinions, I am more inclined to agree with the Court majority holding that Van Buren did not violate the CFAA. My reasoning for this is the arguments of textual definitions and the restrictions that those definitions put in place for the inherent broadness of the Act.<\/p>\n\n\n\n

Referencing the full decision, \u201cexceeds authorized access\u201d is defined as \u201cto access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.\u201d From that definition, Van Buren made the argument that the \u201cso\u201d in \u201centitled so to obtain\u201d refers to information unobtainable from an already accessible computer compared to the government\u2019s perspective of specific circumstances. I agree with this argued definition from the original due to the technicality of Van Buren\u2019s access. Because he had the authorization and credentials to obtain the information, there was not a violation of the CFAA but only of the department\u2019s policy due to accessing said information for an unlawful purpose.<\/p>\n\n\n\n

Furthermore, the government\u2019s proposed definition of \u201cexceeds authorized access\u201d was also faulty due to seeing the clause as circumstantial compared to a gates-up-or-down inquiry. My issue with the government\u2019s definition is that a circumstantial approach to policy would make every instance of exceeding authorized access a violation of the CFAA, whether it would be examples of looking at personal emails or searching for something on the internet that is not related to the business that owns the devices.<\/p>\n\n\n\n

However, there were points on the dissenting side that I consider strong against the majority\u2019s position but still imperfect. These include the focus on the word \u201centitled\u201d and the consideration of property law concerning the Act. According to the dissent, \u201cA person is entitled to do something only if he has a \u201cright\u201d to do it.\u201d This led to the conclusion that because Van Buren had no law enforcement \u201cright\u201d to use the computer the way he did, he violated the CFAA. While a good point in connecting Van Buren\u2019s training to the CFAA, the problem lies in the word itself. Entitlement, in this case, is about the ability to do something, not why it is used to do something.<\/p>\n\n\n\n

Lastly, the point of property law does hold some weight but has a flaw. Both the majority and the dissent agree that the statute is meant to defend property, but the dissent relates the information in a computer to property, as well as claims that a crime like trespassing is comparable to that of Van Buren’s case. While there is an initial connection with the access, the flaw exists with the nature of the crimes, that being physical access compared to digital access. With trespassing, the crime is about exceeding physical access to enter an area that is clearly stated not to be entered or the person in question has had no permission to enter. Whereas, if someone is allowed to be somewhere but goes into an area they are not allowed to be in, they are not trespassing, but they are violating rules. Conversely, a database doesn\u2019t care what person is looking at it for any particular reason, the thing that does matter is whether or not someone has the credentials to access it at all, which Van Buren did.<\/p>\n\n\n\n

Overall, the dissenting opinion\u2019s perspective on the conclusion does hold some value in criticizing the meaning of entitlement and the connection of property law to the Act being significant counterpoints, but the majority\u2019s opinion of the definition \u201cexceeds authorized access\u201d and the perspective of both statutes being a gates-up-or-down approach creates necessary boundaries which prove Van Buren\u2019s crime came from his reasoning compared to his access, and therefore, did not violate the CFAA.<\/p>\n\n\n\n

Van Buren v. United States, 593 U.S. ___ (2021).\u00a0https:\/\/supreme.justia.com\/cases\/federal\/us\/593\/19-783\/case.pdf<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

We are now studying the Computer Fraud and Abuse Act (CFAA) in which you will learn that Section 1030(a)(2) makes it a federal crime to “[access] a computer without authorization or [exceed] authorized access, and thereby [obtain] information from any protected computer.\u201d \u00a0In\u00a0Van Buren v. United States,\u00a0593 U.S. ___ (2021), the U.S. Supreme Court considered … Continue reading CRJS 406 – CFAA Analysis<\/span><\/a><\/p>\n","protected":false},"author":24915,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/posts\/832"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/users\/24915"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/comments?post=832"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/posts\/832\/revisions"}],"predecessor-version":[{"id":833,"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/posts\/832\/revisions\/833"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/media?parent=832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/categories?post=832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/epres010\/wp-json\/wp\/v2\/tags?post=832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}