About the Authors

  • The Authors and Contributors of "Patent Docs" are patent attorneys and agents, many of whom hold doctorates in a diverse array of disciplines.
2018 Juristant Badge - MBHB_165
Juristat #4 Overall Rank

E-mail Newsletter

  • Enter your e-mail address below to receive the "Patent Docs" e-mail newsletter.

Contact the Docs


  • "Patent Docs" does not contain any legal advice whatsoever. This weblog is for informational purposes only, and its publication does not create an attorney-client relationship. In addition, nothing on "Patent Docs" constitutes a solicitation for business. This weblog is intended primarily for other attorneys. Moreover, "Patent Docs" is the personal weblog of the Authors; it is not edited by the Authors' employers or clients and, as such, no part of this weblog may be so attributed. All posts on "Patent Docs" should be double-checked for their accuracy and current applicability.
Juristat #8 Overall Rank


« Bio-Rad Laboratories, Inc. v. International Trade Comm. (Fed. Cir. 2021) | Main | Webinar on Patent Strategies for Personalized Medical Devices in Europe and U.S. »

June 03, 2021


A little presumptuous with the title....?

It is not, nor ever was, meant to be an "anti-hacking" law.

Sure, hacking IS one aspect of the law, but to limit the law to ONLY hacking goes to the opposite extreme that the FBI wanted.

Hacking could be seen to fall into the "Fraud" part of the title of the act, leaving the "Abuse" portion of the title to cover more than mere hacking.

If Congress does anything, it should take the initiative to develop a comprehensive data privacy scheme instead of trying to shoehorn that sort of content into the CFAA where it doesn't belong. Not that I'm holding my breath of course!

Otherwise, I do appreciate this concise, lucid summary. Aside from the observation above, the only thing I take issue with is the suggestion at the very end that the CFAA isn't suited for the internet age. Properly construed, it already does that job perfectly well.

CRS also put out a report last fall on the CFAA noting a number of unresolved issues. So this decision on the "access" provisions is likely not the last we'll hear about the statute.


I sure hope you're kidding. The whole point of the CFAA is to address hacking—the OP is totally correct on that score.

"hacking" is quite a broad category that certainly encompasses, among other things, both fraud and abuse. The former includes accessing systems through deceitful means. Social engineering is an example of this. However, I'd argue that the latter form of conduct—abuse—is really at the core of the hacking category. That includes things like exploiting a technical vulnerability to gain unauthorized access to a system or particular data on a system, altering or corrupting data, or compromising the functionality of a system.

If you have more to elaborate on what in your view the CFAA does cover aside from hacking, it'd be interesting to hear that.



I found the dissent in this case to be far more compelling than the majority opinion.

The dissent was a joke. Thomas either can't comprehend, or just refuses to acknowledge, that not every modern scenario has a meaningful analogy to the common law of property that was developed centuries ago. Especially when dealing with a very recent (speaking relatively) subject like computing, that should be exceedingly obvious.

And it's ironic because the misconduct that Van Buren unquestionably did commit—the invasion of sensitive personal information—also lacks a viable common law analog. Presumably, Thomas' moral outrage over the data privacy violation was a factor that inspired him to dissent. So you have the irony of using unworkable common law analogies to twist a statute to cover conduct that itself wasn't addressed at common law.

Alito's joining the dissent is also sort of ironic, or maybe a bit puzzling. In U.S. v. Jones, a big part of his concurrence was devoted to criticizing the futility of Scalia's majority opinion relying on common law analogies when faced with facts involving highly technical subjects. We all remember Alito's great quip about "tiny constables." But in this case, he joins on with a dissent taking the exact same approach he previously—and rightly—criticized.

Roberts' join is also a bit surprising, considering his opinions in Bond and McDonnell narrowing the scope of other federal criminal statutes. But he has a soft spot for data privacy as shown by Carpenter, so maybe that explains it.

In all fairness to Thomas, let me just point out one area where I actually think he was sort of correct.

At the top of his dissent p. 8 / start of section I.B.3, he does in fact do a fairly good job of noting how the majority's construction leads to some apparently inconsistent outcomes. But I have to qualify my praise a little. The inconsistencies, such as they are, don't arise because the majority is wrong. Rather, while the majority is right, its decision is incomplete because, at FN8, it refuses to address the distinction between technical and policy-based access restrictions. Had the majority gone the distance—and I recognize it might have had reasons for not doing so—I think the inconsistencies could have been avoided. But I do give Thomas a little credit for pointing them out.


I think that you may be too enamored with how you want to portray a dependence on analogy. Sure, analogies are used - but I do not see misuse as you seem to want to see.

I also think that you presume your own conclusion (that the law is strictly an "anti-hackers" law.

It simply is not, given that it is written to include those who need not have hacked to have access.

The comments to this entry are closed.

July 2024

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31