The Second Circuit has recently joined in a longstanding circuit split regarding the interpretation of the phrase “exceeds authorized access” under the Computer Fraud and Abuse Act (CFAA). The split centers around whether an otherwise authorized computer user who violates usage restrictions has exceeded authorized access. In United States v. Valle, the Second Circuit answered the question in the negative. Upon finding the phrase to be ambiguous, the Second Circuit invoked lenity, and therefore narrowly construed their interpretation in the defendant’s favor. This note argues that the Second Circuit was correct to apply lenity as the plain meaning of the phrase, the legislative history, and other similar statutes involving access, provide support for both sides of the split—rendering its interpretation fatally ambiguous. Additionally, by not narrowly construing the phrase, it would allow for arbitrary and draconian enforcement, as the lowest tier of punishment could plausibly criminalize any violation of a computer usage policy, no matter how minimal. Further, this note argues that under this narrow interpretation, the phrase becomes superfluous. To remedy this, and at the same time dissolve any ambiguity and policy concerns, the CFAA should be amended to expressly allow for an improper use analysis, but only if the alleged access violation is in conjunction with the malicious conduct enumerated in the CFAA’s second tier of punishment.
Charles S. Wood,
Cannibal Cop Out: The Computer Fraud and Abuse Act, Lenity, Quasi-Strict Liability, Draconian Punishment and a Surgical Solution,
82 Brook. L. Rev.
Available at: https://brooklynworks.brooklaw.edu/blr/vol82/iss4/10