From Clickwrap to Rap Sheet: Criminal Liability Under the Computer Fraud and Abuse Act for Terms of Service Violations [Updated December 21, 2020]   [open pdf - 712KB]

From the Document: "'Update: On November 30, 2020, the Supreme Court held oral arguments in Van Buren v. United States--a case that could resolve the judicial disagreement over whether the Computer Fraud and Abuse Act (CFAA) authorizes criminal liability for the violation of a terms of service agreement. Specifically, the issue before the court is whether an individual may be held criminally liable under the CFAA if he is 'authorized to access information on a computer for certain purposes,' but accesses that information for unauthorized purposes. At oral argument, questioning by the Justices focused on the policy implications of interpreting the CFAA broadly or narrowly. Justices asked whether a broad interpretation would criminalize routine conduct like lying on a dating website in violation of its terms of service. Other questions focused on whether a narrow interpretation, on the other hand, could jeopardize personal privacy if, for instance, an employee might not be criminally liable under the CFAA for using highly sensitive customer information in ways that are outside the scope of his employment duties. At oral argument, the attorney for the government argued that the CFAA unambiguously prohibits accessing information for unauthorized purposes--a view adopted by some federal appellate courts, but rejected by others[.] [...] A decision in Van Buren v. United States is expected before the Court's summer recess.'"

Report Number:
CRS Legal Sidebar, LSB10423
Public Domain
Retrieved From:
Congressional Research Service: https://crsreports.congress.gov/
Media Type:
Help with citations