The United States Supreme Court has normally viewed data as property. Yet in United States v. Van Buren, the Court abandoned the property law angle. Van Buren included examination of the Computer Fraud and Abuse Act’s applicability to a police officer who accepted a bribe from undercover agents to look up a phony license plate. The Court held that under the CFAA someone only “exceeds authorized access” when they properly access a computer and then improperly access files “that are off limits to [them].”

This Case Note explores why the Supreme Court should not have abandoned the property analogy to data. The Court is wrong because it has effectively destroyed the limited license to data. Further, the Court’s analysis of the underlying technology leaves several questions unanswered for companies seeking to protect their data and employees looking to comply with the CFAA. For instance, users may have different levels of authorized access such as “Read” or “Write” permissions. But the Court merely approached data with an on/off false dichotomy. Van Buren ignores the nuance of data authority in the modern age.



Digital Object Identifier (DOI)