The Legal Intelligencer
July 6, 2021
The U.S. Supreme Court recently narrowed the Computer Fraud and Abuse Act of 1986 (CFAA), 18 U. S. C. Section 1030, a federal law that makes it illegal “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter.”
The high court decided, by a 6-3 margin, a former police
officer who used his position to search a computer database for license-plate
records for an illicit purpose, did not violate the CFAA.
The officer, Nathan Van Buren, from Georgia, sought a loan
from a man he befriended. The man went to the FBI. As part of a sting operation
the man agreed to offer Van Buren $5,000 if he would search the license-plate
database for a specific vehicle owner. Van Buren’s job gave him access to the
database; however, his search on that occasion violated department policy
because it was not done in connection with his duties.
Van Buren was charged with violating the CFAA. The act
subjects a person to criminal liability who “intentionally accesses a computer
without authorization or exceeds authorized access,” and thereby obtains
computer information. According to Justice Amy Coney Barrett’s majority
opinion, “It defines the term ‘exceeds authorized access’ to mean ‘to access a
computer with authorization and to use such access to obtain or alter
information in the computer that the accessor is not entitled so to obtain or
alter.’”
Barrett’s opinion was joined by an unusual coalition made up
of the other two justices appointed by President Donald Trump— Justices Neil M.
Gorsuch and Brett M. Kavanaugh—and the court’s three-member progressive wing,
Justices Stephen G. Breyer, Sonia Sotomayor and Elena Kagan.
The government argued that Van Buren’s violation of
department policy—accessing the computer for nonpolice-related data—resulted in
a violation of the CFAA. Barrett disagreed. “This provision covers those who
obtain information from particular areas in the computer—such as files, folders
or databases—to which their computer access does not extend,” wrote Barrett.
“It does not cover those who, like Van Buren, have improper motives for
obtaining information that is otherwise available to them.”
Barrett wrote, “If the ‘exceeds authorized access’ clause
criminalizes every violation of a computer-use policy, then millions of
otherwise law-abiding citizens are criminals.”
Barrett continued, “So on the government’s reading of the
statute, an employee who sends a personal e-mail or reads the news using her
work computer has violated the CFAA.” Barrett goes on to site amici briefs that
expound on the potential to “criminalize everything from embellishing an
online-dating profile to using a pseudonym on Facebook.”
Barrett summed up her opinion in this way, “The parties
agree that Van Buren accessed the law enforcement database system with authorization.
The only question is whether Van Buren could use the system to retrieve
license-plate information. Both sides agree that he could. Van Buren
accordingly did not ‘exceed authorized access’ to the database, as the CFAA
defines that phrase, even though he obtained information from the database for
an improper purpose.”
Interestingly, in this case Van Buren has the mens rea to
commit an illicit act. However, his conduct was a violation of the police
department policy and not federal law. Barrett’s concern that an overly
broad interpretation of the CFAA could mean “millions of otherwise law-abiding
citizens are criminals.” Her position is laudable. Yet, the federal crimes code
is loaded with crimes that don’t require ill intent.
In fact, the government argues in Van Buren’s case that the
“mens rea requirement ‘might” preclude liability in some cases.”
That is an interesting argument in light of the tireless
effort by Congress to expand the number of federal criminal laws that do not
require mens rea. Mens rea is the intent to commit a crime or more simply
a guilty mind.
People who do their best to remain law-abiding members of
society can no longer be confident that they are safe from prosecution.
This is not the sentiment of some bleeding heart criminal
defense attorneys. The Heritage Foundation, a conservative think tank, issued a
report suggesting, “Honest mistakes should not result in prison time. Every
criminal conviction should require proof beyond a reasonable doubt that
the person acted with criminal intent.”
Even the conservative Koch brothers are alarmed. A report by
The Charles Koch Institute reported that when the federal criminal code
was enacted in 1790, there were just 30 crimes. By the 1980s, the number had
exploded to more than 3,000. Today, the number of federal crimes and
regulations is unknown. Some studies estimate that there are as many as 5,000
statutes and 300,000 regulations that carry federal criminal penalties.
With too many criminal statutes and too little needed to get
a conviction everyone is at risk.
Here are a couple examples, cited by The Charles Koch
Institute, of the ridiculousness of crime without intent. A river guide
was charged with “obstructing government operations” when he dove into the
water to save a child instead of waiting for a search and rescue team to
arrive. A Christian outreach group offered food to homeless people in a
Fort Lauderdale park and its members were arrested because a local regulation
disallowed such food sharing.
Even Justice Clarence Thomas acknowledged in his dissent
in Van Buren that, “It is understandable to be uncomfortable with so
much conduct being criminalized.”
Throughout history, criminal statutes have required some
form of criminal intent such as negligence, recklessness, knowledge,
intent or willfulness. In 2015, the U.S. Supreme Court acknowledged the need
for an adequate mens rea requirement in criminal cases.
In Elonis v. United States, 575 U.S. ___ (2015) the
court declined to identify exactly what the appropriate mens
rea standard is under that statute used to prosecute Anthony Elonis. The
court recognized that a defendant’s mental state is critical when he faces
criminal liability and, as The Federalist Society—another bastion of
conservative thought—suggested, when a federal criminal statute is “silent
on the required mental state,” a court should read the statute as
incorporating “that mens rea which is necessary to separate
wrongful conduct from ‘otherwise innocent conduct.’”
There is more work to be done. Courts should demand clear
standards for mens rea in criminal statutes; Congress should begin to review
statutes that lack mens rea; and closely scrutinize future legislation when it
comes to criminal intent.
Matthew T. Mangino is of counsel with Luxenberg,
Garbett, Kelly & George. He is the author of “The Executioner’s Toll,”
2010. Contact him at matthewmangino@aol.com, www.mattmangino.com and follow him
on Twitter @MatthewTMangino.
To visit the column CLICK HERE
No comments:
Post a Comment