In Van Buren v. United States, the United States Supreme Court held that one does not “exceed authorized access” under the Computer Fraud and Abuse Act (CFAA) when one accesses information they were otherwise entitled to access. Part I will outline the legislative history of the CFAA, and will explain the circuit split between the Second, Fourth, Sixth, and Ninth Circuits and the First, Third, Fifth, and Seventh Circuits. Part II will detail the facts and procedural history of Van Buren, and will walk through the reasoning of the majority and dissent. Part III will analyze the majority’s narrow reading of the statute that employed a highly strict, granular textual analysis, including the CFAA’s use of the word “so.” Part III will also analyze the dissent’s conclusion that the circumstances of a potential CFAA offense should factor into the assessment of liability. In contrast to the majority’s highly technical reading, the dissent offered a plain meaning reading of the statute in congruence with its legislative purpose, the fundamentals of property law, and the importance of punishing bad-faith actors like Van Buren. Part IV will explore the impact of the decision. The dissent’s interpretation adequately limits liability under the CFAA through the statute’s mens rea requirement, while also protecting sensitive data from businesses, law enforcement, and the government.

First Page