U.S. Supreme Court Cites Contracts 2d, Torts 2d, and Model Penal Code

U.S. Supreme Court Cites Contracts 2d, Torts 2d, and Model Penal Code

Associate Justice Clarence Thomas cited the Restatement of the Law Second, Contracts, the Restatement of the Law Second, Torts, and the Model Penal Code in support of his dissenting opinion that a police officer who runs a license-plate search in a law-enforcement database for personal purposes violates the Computer Fraud and Abuse Act of 1986 (CFAA), which makes it criminal “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”

In Van Buren v. United States, No. 19-783 (June 3, 2021), a Georgia police sergeant named Nathan Van Buren was charged with a felony violation of the CFAA when he used his valid credentials to obtain an individual’s license-plate information in exchange for money. After a jury convicted Van Buren, the U.S. District Court for the Northern District of Georgia sentenced him to 18 months in prison. The U.S. Court of Appeals for the Eleventh Circuit affirmed, holding that the sergeant violated the CFAA by accessing the law-enforcement database for an “inappropriate reason.” The U.S. Supreme Court reversed and remanded, holding that, while Van Buren violated his police department’s policy, which authorized him to obtain information from the database only for law-enforcement purposes, he did not violate the CFAA. Associate Justice Amy Coney Barrett, writing for the majority, explained that it was undisputed that the sergeant accessed the law-enforcement database with authorization, and that he could use the database to retrieve license-plate information; accordingly, Van Buren “did not ‘exceed authorized access’ to the database, as the CFAA define[d] that phrase, even though he obtained information from the database for an improper purpose.”

In a dissenting opinion joined by Chief Justice John G. Roberts and Associate Justice Samuel A. Alito, Justice Thomas disagreed with the majority, arguing that an ordinary reader of the English language would understand Van Buren to have “exceed[ed] authorized access” to the law-enforcement database when he used it under circumstances that were expressly forbidden by his police department. Justice Thomas cited Restatement of the Law Second, Torts § 168 in arguing by analogy to the common law of trespass that, when a person is authorized to enter land and entitled to use that entry for one purpose but does so for another, that person is liable for trespass; similarly, under The American Law Institute’s Model Penal Code § 223.2(1), a “[p]erson who is authorized to possess property for a limited purpose commits theft the moment he ‘exercises unlawful control over’ it, which occurs ‘whenever consent or authority is exceeded.’”

The dissent further relied on Restatement of the Law Second, Torts § 214 in arguing that “[p]roperty law generally protects against both unlawful entry and unlawful use after entry,” and that “Congress ensured protection against improper login as well as misuse after proper login” under the CFAA by including clauses that forbade use of a computer “without authorization” as well as use that “exceeds authorized access.” Justice Thomas rejected the majority’s argument that his interpretation of the CFAA would criminalize a “breathtaking amount of commonplace computer activity,” noting that the CFAA contained “the strict mens rea requirement that a person must ‘intentionally . . . exceed[] authorized access,’” and thus the CFAA might not apply to a person who believed that he or she was allowed to use a computer a certain way because that kind of behavior was common and tolerated, in a similar manner to “how an established ‘course of dealing’ can erase written limitations in certain contractual contexts” according to Restatement of the Law Second, Contracts § 223(2).

Read the full opinion here.