Supreme Court narrows the scope of a key anti-hacking law

You can't be charged under the CFAA if you're allowed to access a network.

Drew Angerer/Getty Images

The Computer Fraud and Abuse Act might not get quite so much use in the future. The Verge says the Supreme Court has limited the scope of the CFAA in a 6-3 ruling. The law doesn't cover instances when someone is abusing a network they're allowed to access, according to the decision. They could still face other charges in some situations, but not a violation of the Act.

The ruling came in a case involving former Georgia police officer Nathan Van Buren. He'd been accused of violating the CFAA by taking $5,000 to find a woman's license plate in a database, but his attorneys maintained that he didn't violate the law as he had permission to access that database.

Justice Amy Coney Barrett, who delivered the court's opinion, contended that allowing a broader definition would have serious repercussions. "Millions" of people could face CFAA charges simply for bending or breaking the rules like many do on a daily basis, the Justice said.

The ruling could prevent prosecutors from using the CFAA as a catch-all for computer crime, not to mention clarify just what access someone has. The Electronic Frontier Foundation also called the decision a win for researchers, investigative journalists and others who may need to probe a network for security issues or crucial information. While the EFF argued that the court should have narrowed the Act further to answer questions about needing to break "technological access barrier[s]," it felt the language was enough to offer protection for legitimate uses.