Photo of Patrick A. Wallace

Patrick focuses his practice on government investigations and white collar litigation. Prior to law school, Patrick was an assistant vice president in the Virginia State Government Relations group of McGuireWoods Consulting. During that time, he advised clients on a range of issues with a focus on the intersection of technology, privacy, and public policy.

Yesterday, the Supreme Court resolved a circuit split on the scope of the Computer Fraud and Abuse Act of 1986 (CFAA) in a decision that emphasizes the importance of how organizations manage access to their systems.  Employees with access to information at work sometimes access that information with improper motives, and in violation of office policies.  This inappropriate use of access has led to federal criminal prosecution for some.  In Van Buren v. United States, No. 19-783, the United States Supreme Court held that the CFAA is not properly applied to justify those prosecutions.

Nathan Van Buren was a police officer who accepted $6,000 from Andrew Albo, a participant in an FBI sting operation, to search a police database to determine whether a woman Albo professed interest in was an undercover police officer.  Van Buren ran a search for the woman’s license plate in the Georgia Crime Information Center database.  For doing so, Van Buren was charged and convicted of violating the CFAA, because he had “exceeded” his authority to access that database.

Continue Reading Federal Law Won’t Protect Your Organization from Bad User Access Control Practices