On March 30, 2018, in Sandvig v. Sessions,1 the U.S. District Court for the District of Columbia held that a group of academic researchers can move forward with their First Amendment challenge to the Computer Fraud and Abuse Act (CFAA),2 a federal law that criminalizes, among other things, accessing a computer in a manner that “exceeds authorized access.”
The CFAA was enacted in the early 1980s in response to concerns that there were not enough criminal laws on the books to address emerging computer crimes.3 In its early days, the statute narrowly prohibited harmful computer misuse such as malicious hacking and attempts to break into government computers. In 1986, however, Congress began passing a series of amendments that significantly expanded the statute’s reach. Today, many view the CFAA as an overbroad, vague law that criminalizes standard computer conduct in the digital age. Others view it as a pragmatic tool to deter unwanted computer misuse that harms businesses and consumers alike. As a result, the outcome of this case will have implications for individuals who seek to obtain data through means like scraping, and websites that seek to deter unwanted conduct through contract-based restrictions on access to their services.
Continue Reading Federal Judge Allows Researchers’ First Amendment Challenge to CFAA’s “Access” Provision to Move Forward