Supreme Court rules employees can use workplace computer data to expose fraud and misconduct.
This article, originally published on Whistleblower Network News and written by Geoff Schweller, details a landmark Supreme Court decision issued on June 3, 2021. The decision, which a leading whistleblower attorney described as “critically important to whistleblowers,” limits the scope of a computer access law that was often used to punish whistleblowers. Employees who turn computer data over to authorities as evidence of fraud or other misconduct should now be protected from prosecution under the Computer Fraud and Abuse Act of 1986.
National Whistleblower Day 2021 will feature panel discussions with leading experts on whistleblower law. Important legal developments, such as this Supreme Court ruling, will be explained by the lawyers and policymakers most familiar with the issues. RSVP for National Whistleblower Day 2021 here!
On June 3, the U.S. Supreme Court issued a decision in the case of Van Buren v. United States. The 6–3 decision greatly limits the scope of the Computer Fraud and Abuse Act of 1986 (CFAA). The decision means that federal prosecutors can no longer use the CFAA to charge employees who “exceed authorized access” to computer data that they were already authorized to view. Whistleblower advocates warned that the government’s broad interpretation of the CFAA criminalized whistleblowers who accessed workplace computer data to expose fraud and misconduct.
“The issue before the Court was critically important to whistleblowers,” explained Stephen M. Kohn, a whistleblower attorney with the law firm Kohn, Kohn and Colapinto, and the Chairman of the Board of Directors of the National Whistleblower Center (NWC). “Whistleblowers often access computer information and provide it to law enforcement officials, even if those disclosures were not ‘authorized’ by the company. Consequently, a broad reading of the CFAA could have criminalized typical whistleblower behaviors.”
The majority ruling, written by Justice Amy Coney Barrett, states: “[t]he Government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity. If the ‘exceeds authorized access’ clause criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals.”
NWC filed an amicus curiae brief with the court calling for a limitation of the scope of the CFAA. NWC argued that a broad application of CFAA towards any unauthorized use of computer data would lead to “retaliation against whistleblowers who provide evidence of criminal fraud and other criminal activity.”
…
In an article for The National Law Review, whistleblower attorney Todd Yoder of Kohn, Kohn & Colapinto further explained: “companies had recently begun to weaponize the civil component of the CFAA to attack employee whistleblowers who took computer data from their employees and provided it to the government as evidence in support of qui tam False Claims Act (FCA) cases.”
“In those situations,” Yoder continues, “the only ‘unauthorized access’ at issue was the whistleblower employees merely turning over computer data to the government as evidence of fraud against the United States. This act of attempting to recover taxpayer dollars from fraudsters opened the whistleblowers to costly CFAA actions. However, with the decision by the Court in Van Buren, it appears likely that such retaliatory tactics by FCA defendants will be foreclosed.”
…
Read the full story on Whistleblower Network News here.
Read the case file/Supreme Court decision document here: 19–783 Van Buren v. United States (06/03/2021)
Read Yoder’s article about the decision on The National Law Review here.
