United States v. Cave, 2013 WL 3766550 (D. Neb. July 16, 2013)
This is a criminal case where the defendant is charged with exceeding authorized access under the Computer Fraud and Abuse Act. In the opinion the court denied the defendant’s motion to dismiss.
Defendant was a police officer who was given access to the Nebraska Criminal Justice Information System, a database used to search for information such as drivers’ license information, criminal history, employment history, and probation and parole status. In order to gain authorization to access the database, he was required to sign a memorandum of understanding and acknowledging the confidentiality of the information that specifically provided that access “is restricted to persons directly involved in the professional use for which the information is obtained.” Defendant, however, used his access to the database to obtain information that he then sold to car dealerships to assist them in repossessing vehicles – a use that was not within his professional capacity.
The District Court denied defendant’s motion to dismiss finding that the “memorandum of understanding limited the purposes for which Cave could access the database …. [t]herefore, any access made outside of that purpose exceeded his authorization.”
Note, the magistrate judge’s report and recommendation has a good explanation of the legislative history of the CFAA that supports the Intended Use Theory whereas most cases that involve a legislative history analysis tend to be in favor of the Strict Access Theory.