Supreme Court Draws Limit to Anti-Hacking Law

In a 20-page opinion that, among other features, focused on the grammatical significance of the modifier “so,” Justice Barrett drew a sharp distinction: The law covers people who, although they are authorized to use a computer system, obtain files that are off-limits to them. But it doesn’t reach those who are entitled to access particular information—like Nathan Van Buren, a former Cumming, Ga., police sergeant who was authorized to use the motor-vehicle database—even if they misuse the data they pull.

To read the law more broadly “would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Justice Barrett wrote. “Employers commonly state that computers and electronic devices can be used only for business purposes. So on the Government’s reading of the statute, an employee who sends a personal e-mail or reads the news using her work computer has violated the CFAA,” she wrote.

Likewise, many websites and online services impose fine-print terms and conditions that sweep broadly but rarely are read. The government’s theory would “criminalize everything from embellishing an online-dating profile to using a pseudonym on Facebook,” Justice Barrett wrote, citing an argument that University of California, Berkeley, law professor Orin Kerr raised in a friend-of-the-court brief.

The decision saw an unusual lineup. The majority included Justices Barrett,

Neil Gorsuch

and

Brett Kavanaugh

as well as Justices Elena Kagan,

Sonia Sotomayor,

and

Stephen Breyer.

Justice

Clarence Thomas

dissented, joined by Chief Justice

John Roberts

and Justice

Samuel Alito.

Mr. Van Buren obtained the information “for personal gain, not for a valid law enforcement purpose. And without a valid law enforcement purpose, he was forbidden to use the computer to obtain that information,” Justice Thomas wrote.

Justice Thomas doubted that the law would be used against individuals who disregard little-noticed terms and conditions for websites. But in any event, he said, “the majority’s reliance on modern-day uses of computers to determine what was plausible in the 1980s wrongly assumes that Congress in 1984 was aware of how computers would be used in 2021.”

The case began when Mr. Van Buren  allegedly sought a loan from a widower he previously had arrested. The man secretly recorded the conversation and, calling it a shakedown, turned it over to authorities. The Federal Bureau of Investigation set up a sting operation in which the widower gave the officer thousands of dollars and asked that he use his access to a police database to look up a woman the widower supposedly met at a strip club.

After Mr. Van Buren did so, he was fired and charged with several federal offenses.

The case attracted interest from an array of technology and civil-liberties groups, as well as the news industry. Dow Jones & Co., publisher of The Wall Street Journal, joined dozens of media organizations in a brief arguing that the government’s view of the law would interfere with newsgathering by criminalizing whistleblowers who hold legitimate access to government and business materials.

Write to Jess Bravin at jess.bravin+1@wsj.com

Corrections & Amplifications
The first name of University of California, Berkeley, law professor Orin Kerr was misspelled as Orrin in an earlier version of this article. (Corrected on June 3.)