AMDR is pleased to report that in a 6-3 decision issued on Thursday, June, 3, the United States Supreme Court ruled in favor of the Petitioner in Van Buren vs. United States. AMDR filed an amicus curiae brief in support of Van Buren last July. The underlying question before the court was defining what constitutes “exceeds unauthorized access” to another’s computer under the Federal Computer Fraud and Abuse Act (CFAA).
Along with an esteemed group of other amicus filers including the Associated Press and the Washington Post, AMDR argued that it was not Congress’s intent to criminalize many now commonplace “computer” related activities – including elements of single-use medical device reprocessing that require our members to access and reset microchips in medical devices that have cleared by the U.S. Food and Drug Administration for reprocessing. AMDR argued, among other things, that Congress intended the CFAA to apply to instances of hacking, rather than misappropriation of information.
Mr. Van Buren was a police officer who accessed information in a police database (the identity of an individual based on a license plate look up) and provided such information to a third-party. The opinion stated the actions of Mr. Van Buren were not a violation of the CFAA because the information that he obtained was within the limits of what he could access with his authorization, but was done for improper reasons, and thus he could not be charged under CFAA for this crime. Although the court’s general view appears helpful and a victory for consumers, the legal finding itself was specific to the case. The court held:
In sum, an individual “exceeds authorized access” when he accesses a computer with authorization but then obtains information located in particular areas of the computer— such as files, folders, or databases—that are off limits to him.
Overall, this narrow court ruling is a big win for consumers. From cell phones to tractors, everyday items now constitute “computers” under the law. This ruling underscores the device owner’s ability to control their own assets without fear of litigation from the original manufacturer, or criminal prosecution. Health institutions have the right to repair and reprocess their devices that extend the life of equipment and thereby reduce waste, greenhouse gas emissions and costs.
This is AMDR’s second amicus brief to the U.S. Supreme Court in the last 20 years. We are pleased to have prevailed in both. AMDR is proud of the work our members do to make healthcare more environmentally and financially sustainable by protecting the rights of healthcare providers to control their assets.
Please see AMDR’s amicus filing announcement for more information.
Visit The National Law Review for their article SCOTUS Slashes Scope of Cybercrime Statute.
