Van Buren: Everything you need to know about the Supreme Court’s recent take on the CFAA

Presented at ShmooCon 2022 Rescheduled, March 25, 2022, 5 p.m. (90 minutes)

The Supreme Court’s recent decision in Van Buren v United States is good news for security researchers, overturning a dangerous precedent on criminalizing access in violation of terms of service and EULAs, clarifying the notoriously ambiguous meaning of “exceeding authorized access” in the Computer Fraud and Abuse Act, as well as endorsing the interpretation of the statute’s terms using their technical meaning.

The CFAA is the federal computer crime law that’s been misused to prosecute beneficial and important online activity, and one of the primary legal risks faced by security researched, for both criminal and civil liability. The presentation will explain the Van Buren decision in the context of the evolving CFAA law, what the new “gates up or down” approach to unauthorized access means for security researchers, how the Supreme Court’s opinion will guide future courts, and what the decision left unresolved in its mysterious Footnote 8.

Presenters:

• Kurt Opsahl
  Kurt Opsahl (@kurtopsahl) is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders’ Rights Project, which works to protect researchers through education, legal defense, amicus briefs, and involvement in the community with the goal of promoting innovation and safeguarding the rights of curious tinkerers and hackers on the digital frontier.

Similar Presentations:

• AppSec USA 2013 / Computer Crime Laws - Tor Ekeland, Attorney
• BSidesLV 2016 / Shall We Play A Game? 30 Years of the CFAA
• THOTCON 0x6 (2015) / Hacking the CFAA: What You Need to Know, What’s Happening, and Where It’s Going.