My worry is not unfounded. A vaguely written US law called the Computer Fraud and Abuse Act makes accessing this kind of information in programmatic ways a potential crime. The decades-old law was introduced after lawmakers saw the 1983 movie WarGames and decided the US needed an anti-hacking law that forbids anyone from using a computer “without authorization or exceeding authorized access.”
While the law may have been well-intentioned and has been used to prosecute people who download things from their work systems that they’re not supposed to, it also catches a lot of other people in its widely cast net, including academics, researchers, and journalists.
What does “exceeding authorized access” mean in an age of social media? Does an employee who has access to a database of research journals for work and uses them for private purposes exceed authorized access? Does a reporter like me who gathers information using automated processes and her own Facebook account commit a crime?
Until now, interpretations of the law have ping-ponged from court case to court case, relying on various judges to give us a better definition of what exactly it means to exceed one’s authorized access to information. But soon the US Supreme Court will rule on the law for the first time, in the case Van Buren v. United States. Nathan Van Buren, a police officer, had access to confidential databases for work and sold information he looked up there to a third party. The court heard opening arguments on November 30 and could announce its decision any day.