Ars Technica: Supreme Court limits reach of hacking law that US used to prosecute Aaron Swartz
The Supreme Court issued a ruling today that imposes a limit on what counts as a crime under the Computer Fraud and Abuse Act (CFAA).
"The parties agree that Van Buren accessed the law enforcement database system with authorization," the ruling said. "The only question is whether Van Buren could use the system to retrieve license-plate information. Both sides agree that he could. Van Buren accordingly did not 'excee[d] authorized access' to the database, as the CFAA defines that phrase, even though he obtained information from the database for an improper purpose. We therefore reverse the contrary judgment of the Eleventh Circuit and remand the case for further proceedings consistent with this opinion."
But as we wrote in our story on the oral arguments, the government's argument "seems hard to square with past CFAA cases. TicketMaster's website, for example, is available to the general public. People who purchase tickets there aren't 'akin to employees.' Yet people got prosecuted for scraping it. Similarly, JSTOR doesn't hand-pick who is allowed to access academic articles—yet [Aaron] Swartz was prosecuted for downloading them without authorization."
Swartz committed suicide in 2013 when he was being prosecuted under the CFAA for downloading over 4 million academic journal papers from JSTOR over MIT's computer network.