My Amicus Brief in Van Buren

The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

As regular readers know, I've been writing, blogging, and litigating about the scope of the Computer Fraud and Abuse Act (CFAA) for over twenty years. The Supreme Court is hearing a big CFAA case this fall, Van Buren v. United States. I figured this was an important case to chime in on, so today I submitted this amicus brief, on my own behalf, in the case.

Bonus: It discusses an old Volokh Conspiracy blog post and covers one of my favorite 1980s movies.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Hoffman and Hwang on Contracts Not Performed Because of Pandemic

Volokh Conspiracy

Hide Comments (17)

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Aladdin's Carpet 5 years ago

I think this case and Oracle vs. Google really show the limits of textualism and Originalism ... like there were briefs arguing, like an api is like a dictionary so google wins or an api is this so oracle wins, all trying to find the right analogy when none actually had any understanding of how computers actually worked.

The CFAA was written by legislators in the 1970s with no understanding of how computers or computer culture actually work. Your brief points out the analogy between trespassing and unauthorized access ... but it should be obvious those are completely different. Trespassing is clearly illegal. Hacking is done as a hobby.

Prof. Kerr, wouldn't it be more appropriate to abandon those approaches for these computer related cases and make a Breyer-esque value judgement?

Log in to Reply
1. Orin S. Kerr 5 years ago
  
  Alladin, I'm not sure I follow. It's a statutory case, so it doesn't involve originalism. And the text here doesn't answer the question, it seems to me. So you're left with what to do when the text doesn't provide an answer. If your own answer is that you just make a policy judgment, that's one view, although that doesn't answer how you provide a policy judgment: Based on what, with what end, with what institutional assumption, etc.? So I don't see this case as suggesting we should "abandon" textualism as much as saying it's about what to do when the text doesn't provide an answer.
  
  Log in to Reply
  1. Aladdin's Carpet 5 years ago
    
    I was more citing originalism in Oracle to note the limits of that in application to a computer case.
    
    I think it would be appropriate to start with deference to criminal defendants and the on notice requirement. The statute is clearly overbroad, so it would bring up significant fair notice concerns. One can limit it that way. I don't know if you mentioned that, didn't read through all of it.
    
    Log in to Reply
  2. Aladdin's Carpet 5 years ago
    
    But even in the first theory you mentioned, the CFAA may criminalize all actions of that sort but ... there is a world of difference between buying a zero day and using it or ... hey the guys password is "password".
    
    In other words, yeah the statute criminalizes relatively benign things but even straightforward and limited understandings of the notion of unauthorized use also brings up a bunch of issues.
    
    And you could make a trespassing analogy with, there is a difference between blowing open the door and walking in if the door is wide open but I don't know if these analogies are so clear cut.
    
    Log in to Reply
  3. MatthewSlyfield 5 years ago
    
    "So you’re left with what to do when the text doesn’t provide an answer. "
    
    If the text of a criminal statute doesn't provide a clear answer, the defendant should win.
    
    Log in to Reply
LawTalkingGuy 5 years ago

Admitting to a federal crime in an amicus brief is a bold strategy. Let’s see if it pays off.*

*It should of course.

Log in to Reply
California Dreamer 5 years ago

I never realized until now that I violated the blog's terms of use when I visited Alaska. Sealanders unite!

Log in to Reply
1. Leo Marvin 5 years ago
  
  I've been putting off my dream trip to Alaska for 12 years while criminals like you mock me with your contempt for the rule of law.
  
  Log in to Reply
  1. Orin S. Kerr 5 years ago
    
    I appreciate your commitment!
    
    Log in to Reply
Bruce Boyden 5 years ago

I knew it was going to be “Wargames”!

Log in to Reply
Dr. Ed 5 years ago

Whatever happened to "executive summaries" -- or why don't briefs have them?

A concise paragraph -- "this case is about X, I think the court should rule Y for reason Z."

Log in to Reply
1. hardreaders 5 years ago
  
  I'm not sure what you mean? The brief (Prof. Kerr's) does have a summary of argument on pp. 1-2, which is required (by Rule 37.5). It is a concise paragraph, I think, although perhaps not providing the contents you specified, but the rules don't dictate the summary's substance, only its existence. Moreover, the ToC, which is also required (by Rule 34.2), functions as a sort of supplemental summary. Finally, although not required, the start of the argument on pp. 2-3 has a further detailed summary, so you really get a 3-for-1 special here.
  
  Log in to Reply
Nick Gillespie's Jacket 5 years ago

You really should have concluded your brief with: “The only winning move is not to play.”

Log in to Reply
apedad 5 years ago

From the brief:

"Congress did define “exceeds authorized access” in 18 U.S.C. § 1030(e)(6), but that definition is notably unhelpful: the term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter. This definition is largely circular."

So what if it's circular?

It's still pretty clear.

Also,

"Express restrictions are treated only as an effort to impose a contractual obligation on the user. Violating those terms might be a breach of contract. But it is not an invasion of the computer owner’s property that is recognized as a trespass."

I disagree and give an example if I go into McD's.

I can go to the counter and dining area, but I obviously can't go into the kitchen area and could be found to be criminally trespassing if I don't leave.

Also, your Sealand example is ridiculous.

First, earlier in your brief you state the majority of people don't read the ToS, yet you actually read Facebook's ToS and then broke them.

Second, this is actually a breach of contract/usage which is NOT covered by CFAA because you didn't "exceed authorized access" (CFAA), you merely entered false info.

It's simply head-scratching why you're on the wrong side of this case.

Log in to Reply
1. LawTalkingGuy 5 years ago
  
  He didn't exceed authorized access under the code-limitation he is advocating for. He conceivably did if "authorized access" is defined by the TOS. Going outside of what is permitted by the TOS is exceeding authorized access.
  
  Log in to Reply
Dr. Ed 5 years ago

"I can go to the counter and dining area, but I obviously can’t go into the kitchen area and could be found to be criminally trespassing if I don’t leave."

McD's is *required* to have secured barriers such as counters and locked doors to prevent you from accessing the kitchen, and will be shut down if they don't.

It's THEIR problem if you wander in there by mistake.

Log in to Reply
1. David Nieporent 5 years ago
  
  McD’s is *required* to have secured barriers such as counters and locked doors to prevent you from accessing the kitchen, and will be shut down if they don’t.
  
  Is that in Leviticus?
  
  Log in to Reply

Please log in to post comments

The Volokh Conspiracy

My Amicus Brief in Van Buren

A submission for the Supreme Court's big CFAA case.

Latest

Cops Called on Dad for Playing Catch with 14-Year-Old Son at Park

ICE Denies Reason Access to Immigration Court In Miami Detention Center

Deported for Innocent Tattoos?

Oh, Canada

Federal Court 'Vacates in Its Entirety' the FDA's Costly and Onerous Lab Test Rule

Recommended

Login Form

The Volokh Conspiracy

Latest

Cops Called on Dad for Playing Catch with 14-Year-Old Son at Park

ICE Denies Reason Access to Immigration Court In Miami Detention Center

Deported for Innocent Tattoos?

Oh, Canada

Federal Court 'Vacates in Its Entirety' the FDA's Costly and Onerous Lab Test Rule

Recommended

Special Offer!