Last week I reported on an Eleventh Circuit decision concerning a former employee of the Social Security Administration who exceeded authorized access to the database to find out personal information on people he knew or was interested in romantically. I also referred to that case in a blog post reminding us that privacy breaches cause harm.
Today, Orin Kerr has a blog post about the case that focuses on the vague language of the statute and how difficult it may be to determine what constitutes the crime of exceeding authorized access:
Last week, the Eleventh Circuit decided an important case, United States v. Rodriguez, on the computer crime statute known as the Computer Fraud and Abuse Act, 18 U.S.C. 1030. The decision by Judge Pryor touches on the same issue that was in play in the Lori Drew case: When does violating express conditions on computer use constitute a crime? The court’s conclusion seems right on its specific facts, but I worry that it will be construed as adopting a very broad theory that would be quite troubling. So I want to introduce the legal issue, then talk about the Rodriguez case, and then return to the legal issue and talk about how it might apply going forward.
You can read his analysis and commentary on The Volokh Conspiracy.