Whether the Computer Fraud and Abuse Act (CFAA) should be interpreted to create liability for violations of computer use policies, including website terms of service.
The ACLU filed an amicus brief in the Supreme Court case of Van Buren v. United States on behalf of its clients in Sandvig v. Barr, Upturn, the Knight First Amendment Institute, and the ACLU of DC. The brief argues that the CFAA’s prohibition on “exceed[ing] authorized access” to a computer should not be interpreted to criminalize violations of computer use policies, including website terms of service. It explains that to rule otherwise would impair a broad range of First Amendment-protected activity, including online discrimination research and data journalism—both of which rely on acts often forbidden by website terms of service, such as collecting publicly available data, creating multiple accounts, and providing false information in tester accounts. Any interpretation of the CFAA that leaves open criminal or civil liability for online research will not only weaken enforcement of civil rights laws in the twenty-first century, it will also deprive the public and government of critical tools to hold increasingly powerful websites and platforms accountable.