What Does it Mean to Exceed Authorized Access?
“After years of debate and prosecutorial overreach, the Supreme Court has now narrowed the Computer Fraud and Abuse Act (CFAA). In Van Buren v. U.S., the Court ruled that obtaining information by “exced[ing] authorized access” is limited to information on the computer that one is not authorized to access at all, rather than to information simply gathered for an improper purpose,” posts Michael Risch in their blog.
“To explain, consider the facts of Van Buren. Van Buren had rightful access to a database of DMV license plate information. He accessed that database using valid credentials, but looked up information for an improper purpose. He was convicted under the CFAA for exceeding his authorized access. I have blogged about this issue before. The broad reading that sent him to jail is a really scary interpretation< of the statute, one in which many ordinary people could go to jail for innocuous use of the internet.”