https://arstechnica.com/tech-policy/2021/06/supreme-court-limits-reach-of-hacking-law-that-us-used-to-prosecute-aaron-swartz/ [arstechnica.com]
The Supreme Court issued a ruling Thursday [supremecourt.gov] that imposes a limit on what counts as a crime under the Computer Fraud and Abuse Act (CFAA).
The case involves a former Georgia police sergeant who "used his own, valid credentials" to get information about a license plate number from a law enforcement database, the court decision said. The sergeant ran the search in exchange for money and for non-law enforcement purposes, violating a department policy. He was charged with a felony under the CFAA, which says it's a crime when someone "intentionally accesses a computer without authorization or exceeds authorized access." He was convicted and sentenced to 18 months in prison in May 2018 [justice.gov].
A federal appeals court upheld the conviction, but the Supreme Court reversed it today in a 6-3 decision that said Van Buren did not violate the CFAA. Justices found that the cybersecurity statute does not make it a crime to obtain information from a computer when the person has authorized access to that machine, even if the person has "improper motives."