An expected ruling by the U.S Supreme Court this summer on the interpretation of the 1986 Computer Fraud and Abuse Act could signal the future of data privacy in crypto operations. This Act is a fundamental pillar of data protection in the U.S having being established to guide the extent of access and authorization in modern-day computer ecosystems.
The case in question is ‘United States v. Van Buren', where the former went to court seeking clarification on CFAA, [18 U.S.C. § 1030(a)(2)(C)]. This underlying provision states that it is a federal crime to,
“access a computer without authorization or exceed authorized access,” and “thereby obtain information from any protected computer.” To “exceed authorized access” means “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
Van Buren who is a police officer in Georgia had been criminally charged with violating the highlighted CFAA provision. Having being authorized to access the police database, Buren used this opportunity to help a private citizen identify another person. In his defense, this act did not contradict or exceed the CFAA provisions of accessing data for impermissible or improper purposes.
However, the U.S government has maintained that Buren violated the Computer Fraud and Abuse Act for using the data in a ‘nonbusiness purpose',
“a defendant violates the CFAA not only when he obtains information that he has no ‘rightful’ authorization whatsoever to acquire, but also when he obtains information ‘for a nonbusiness purpose.’”
Following this argument, Buren was convicted; a decision which was later upheld after an appeal on the Eleventh Circuit Court. The conviction was based on precedence from United States Vs Rodriguez which argues that authorized computer accessors within a given entity,
“exceed[s] his authorized access” when he “obtain[s] … information for a nonbusiness reason.”
The implication for Crypto Operations
While the regulatory scope of crypto remains quite grey in most jurisdictions, this take by the Eleventh Circuit Court could be a good thing for crypto users. Currently, service providers such as crypto exchanges have an opening to leverage their clients' data by using it for ‘non-business' purposes. Should the summer ruling favor the limits on access and authorization, crypto ecosystems are highly likely to step-up data protection policies.
In addition, a 51% attack (like Bitcoin Gold suffered earlier this year) on public chains could become an issue of past given the recognition of resources as implied contracts. Basically, authorities would be able to implement legal action based on the CFAA data privacy provisions to the extent of protecting consumers' digital assets. Nonetheless, operations in areas like March Madness pools could be collateral damage since an interpretation in favor of the U.S government criminalizes such activities.