Argument on legal access to online information and whether police and other enforcement officers can access information for personal purposes. Hear argument next in van buren versus united states. Mr. Fisher. Mr. Chief justice and may it please the court, the cfaa is an antihacking statute. To ensure comprehensive coverage, the statute prohibits exceeding authorized access. This ensures that the statute covers not just outside, but also inside hackers. In this case, however, the government seeks to transform the prong of the cfaa into a different prohibition. This prong covers obtaining any information via computer that the assessor is not entitled under the circumstances to obtain. It is no overstatement to say that this construction would brand most americans criminal on a daily basis. The scenarios are limitless, but a few examples will suffice. Imagine a secretary who says that her email or zoom account may be used only for businesses purposes or a person using a dating website where users include false information on their profiles. Or think of a lawsuit who has issued a login credentials for educational use only. If the government is right, then a computer user who disregards any of these statements commits a federal crime. For example, any employee who used a zoom account over thanksgiving to connect with distant relatives would be subject to the grace of federal prosecutors. The main argument the government offers in response of that result is that a single twoletter word of exceeds authorized access, the term so demands it. That word requires no such thing. It clarifies that the user must be prohibed from obtaining the information. It relieves the government of having to negate every possible alternative means by which the defendant might have obtained the information at issue. Thats all the word does. It does transform the cfaa into a sweeping policeman date. The court should reverse. Mr. Fisher, this is what we said, that statute provides two ways of committing the crime of improperly accessing a protected computer, obtaining access without authorization, and obtaining access with authorization but using that access improperly. You didnt mention that case in our opening brief. The government relied on it. You didnt mention it in your reply brief. I wonder what your answer to that quote is. Mr. Chief justice, my understanding in that case was the court was giving a thumbnail summary of how the statute works. The question presented here was not presented there. In fact, not even the exceeds authorized access prong was at issue there in the conspiracy issue the court reached. I understood what the court was doing in that summary, simply to be using the word improperly as a shorthand for whatever it is the act prohibits and moving along thats not what it says. It says and this seems to me to go to point at issue here. The second way you can violate is is by obtaining access with authorization but using that access improperly. Go ahead. I think my answer would be to look at the words of the statute. I think the definition of exceeds authorized access doesnt talk about improper use. It talks about obtaining information that the assessor is not entitled to obtain. As weve explained in our papers, we think the definition of that term leaves out improper purposes because we know congress has those words in the very original provision of the statute and they took them out in 1986. We know from other enactment that is we cited, for example, in page 19 of our blue brief, when Congress Wants to criminalize or prohibit improper use or unauthorized purposes, it does so expressly. Just to make sure i have your interpretation correct. If a bank has a policy barring employees from accessing facebook, an employee exceeds authorized access and would be covered if she goes onto facebook, but it wouldnt be a violation if she used that access to look up customer Social Security numbers and sell them to a third party, right . Im not sure i follow, mr. Chief justice. I think my position is it would not violate the cfaa for the employee to go on facebook. If youre asking me about the Social Security numbers, for example, it would depend on whether the employee actually had access to that information. As we explained in our brief, if that employee has to use certain login credentials that of something else, for example, to get that information, that would be a violation of the statute thank you. Justice thomas. Thank you, mr. Chief justice. Mr. Fisher, you gave a brief list of a parade of horribles. In ca11, this has been the rule for a while. Can you give us examples of that happening, someone getting violating this provision because of accessing zoom or Something Like that, or facebook . Justice thomas, not in the 11th circuit. But the papers discuss the drew case which was before the 9th circuit where somebody was prosecuted for misusing my space. Theres a case involving ticketmaster that we cite in the brief. More generally, i would point you to two other things. One is, remember, that the language of this statute has its own deterrent effect. And so for people who use the internet every day, they have to be aware of the criminal law both on the criminal side and, remember, this statue had a civil component. I think thats the critical thing that the court said in many other cases that you cant construe a statute simply on the assumption the government will use it responsibility. That doesnt enable the court to simply construe the statute on that promise. And so i think thats the critical problem with the governments point here. I would point you to the committee for justice brief which gives an example of just not everyday zoom use, but political prosecutions, mcdonald a little bit earlier. I think theres a case made in that brief how any one of those prosecutions could simply be repackaged as a cfaa prosecution if the government would win here. You seem to be making a point that, well, if you dont have the authority to access a certain area, for example, you have a level a clearance but you access information that is at a level b or something, that would be certainly with would exceed authorization. But why cant you have the exact same thing on the other end, that is you have authority to access information, but you are limited, that authorization is limited as to what you can do with it. For example, you work for a car rental and you have the access to the gps. But rather than use it to determine the location of a car that may be missing, you use it to follow a spouse or as in this case, the use of the information is a problem. So i dont understand why you make the distinction between this two ways that you can have or not have authorization. Because of the language of the statute, justice thomas. The statute asks whether the user is entitled to obtain the information and to use your car rental example, the user there is entitled to obtain that gps information. It may be a breach of company policy, it may be in the kacasef the stalking example, it may be a different crime. But the question in front of you here is whether it violates the cfaa as enacted and existing right now. Justice breyer . The argument on the history im interested in because there was a earlier statute which did say pretty clearly its a crime to use your access for purposes to which such authorization does not extend. And then that was changed to the present language. But at that time, the history says they didnt mean to make a substantive change. What do you respond to that . Two things, justice. Remember, first of all, that original provision of the statute was narrow. It applied to certain federal employees and certain information. When congress changed that law two years later in 1986, youre right, at one point of the committee report, it talked about simply clarifying the statute. In the other part, dealing with the same words, with the what Congress Said they had removed one of the murkier grounds for liability and refocused the statute on its principle object. You have those crosscutting pieces of legislative history. Even the government, i would stress, does flnot argument tha all that amendment did was clarify. The government says it expanded the statute to go beyond improper purposes to a violation of any stated use restrictions. Nobody here is arguing that the statute didnt change in 1986. Its a question of whether it expanded dramatically or took away that purpose language. I think justice breyer, the other thing i would stress is, because this is a criminal case, we think its improper in the very least very change to resolve ambiguity. You should look toward the principle last term in kelly where the court has resisted construes ambiguity in federal criminal statutes to vastly enlarge the speak of criminal liability. Thank you. Justice alito. Mr. Fisher, in this case, weve received amicus briefs from a number of organizations and individuals who are very concerned about what your interpretation would mean for personal privacy. There are many Government Employees who are given access to all sorts of highly personal information for use in performing their jobs. But if they use that for personal purposes, to make money, protect our carry out criminal activity, to hazarass people they dont like, they can do enormous damage. And the same thing for people who work for private entities. Think of the person in the fraud detection section of a bank who has access to credit card numbers and uses that information to sell for a personal profit. Do you think that that none of that was of concern when congress enacted this statute . Justice alito, i do not think it was. What congress was concerned about is computer hacking. This new problem of hacking. And i think that the two things i would add to that i understand the concern and there are powerful briefs about the policy question you raise and its possible congress may want to step in and regulate that, even criminalize to some effect. The question is, what is the statute you have in front of you right now do . And the problem with the governments view or those amicus briefs, theres no way to reach the federal the Government Employee or the financial employee that youre imagining without also reaching every other ordinary employee who violates an employee handbook let me ask you about that. Because you rely heavy on the parade of horribles. But in doing that, you read the provisions of this section very, very broadly. Take the example of the person who puts who lies about weight on the dating website. How would that be a violation of a statute . Well, under the governments theory, its a violation to use a website in violation of the terms of service. I think the government let the statute obtain information, obtain or alter information. How is that person obtaining or altering information . Its not the entering of the false information. Its then obtaining information on a dating website about a potential mate. Youre obtaining information from the website through a p profile that is false. Youve obtained that youve gotten on that website with authorization, with your login credentials because youre a Single Person and not married, et cetera, and you have obtained information in violation of the stated use restrictions on that website. So i dont see how the government gets out of that hypothetical. Thank you. Justice sotomayor. Counsel, i very much understand the concerns of my colleagues about the amicus briefs of illegal conduct that this would not cover. Including the one at issue here, your client, a local Police Officer. Not your client, im sorry yes, your local Police Officer. Who paid for information he got from a federal Computer System for personal reasons. But the fact that there isnt this federal crime doesnt mean this conduct isnt prosecuted in other ways, does it . No. For example, my client in this case was prosecuted also under a separate count that is pending on remand and as i said in the reply brief, other types of misconduct the government talks about, like the stalking example, misobtaining health information, misuse of trade secrets, all of those things can be prosecuted under different federal statutes. If congress decided it could enact the proposal the department of justice has given it a couple of times over the last several years to expand the cfaa in certain limited respects. As i was trying to say earlier, the core of the problem is theres no foothold in the statute to inch the statute forward to cover the conduct in this case without also covering all kinds of other violations of perpbas per purposebased restrictions, go back to the fact of this case and imagine mr. Van counsel, are there targeted changes that could be made to limit the reach of this statute to exactly the fears that i think one of my colleagues expressed of the kind of conduct that we would think of as subjecting someone to punishment . I know, for example, most statutes have obtaining information and using it for financial gain. Yes, justice sotomayor, the government itself has proposed amendments to the statutes that we cite in our brief. But i think g again, that shoul come from congress. Just back to this statute, as i was saying, what about oral directives to an officer that tomorrow when youre out on patrol, dont run license plates just in ordinary traffic stops. I want you to be more efficient. Any number of questions that would have to be addressed. Just look at subsection one of the statute. It does restrict federal employees use of information and giving it to third parties. That is not part of the provision at issue here. So, again, that would be a choice for congress to make and all of these things should be done on a legislative basis. Justice kagan. Thank you, council. Mr. Fisher, could you tell me again what you think so is. It means in the manner so described. Thats the blacks law definition. Translated to this statute what it means is, that youve accessed and obtained the information viac computer. Could you parse that a little bit. It asks for a reference back. What are we referring back to on your theory . Youre referring back to access a computer with authorization. So Justice Kagan, two things that might flesh this out for you, we give an example of another statute on page 2 of our yellow brief that uses so in this manner. It picks up what was said that was earlier. And the governments own hypothetical is the best way this plays out. Where they worry about a federal contractor obtaining salary information from a salary database that he does not have access to. And what so does, it prohibits that person from defending himself in a prosecution for hacking into that database saying i could have filed a request or called the employees themselves and asked them what they made and therefore i was entitled to obtain the information. That defense is off limits because of the word so. In that way, so helps the government. Okay. On your parade of horribles, one of your the features of your parade is an employee checking instagram at work. How is that obtaining or altering information . Its obtaining information because you are literally obtaining the words or pictures out of instagram and it would violate the governments rule the prosecutor himself told the jury this at closing argument. It would violate the governments rule because the employee would be at least theoretically, prohibited from using her work computer for personal reasons. Checking instagram through your work computer would be an improper purpose, it would be an improper use and you would obtain the information from the computer in the form of those pictures or words or whatever they might be. Thank you, mr. Fisher. Justice gorsuch. Picking up on your parade of horribles, could you explain to us what the institutionconstitu issues are with the parade. Thank you, Justice Gorsuch. There are two constitutional problems. One is the First Amendment problems with Certain Applications of the governments rule that are described in the amicus briefs. Secondly, theres the vagueness problem. Under the governments view, remember, using obtaining information viacom pewt via computer violates the statute. Either one of two things has to be correct. Either under the circumstances means literally every possible circumstance you could imagine, right down to somebody telling you not to do that. Imagine a parent telling her teenager, dont use instagram tonight until your homework is done. Or dont use facebook to talk to your friends. So theres opportunities for prosecutorial discretion are probably broader than any statute that the court has ever seen. The only alternative is under the circumstances, somehow, some of those circumstances in, some of them out, thats wholly indeterminant problem that violates the most basic fair notice principles of the law. On the reverse parade of horribles we heard from the other side. I guess im struggling to imagine how long that parade would be, given the abundance of criminal laws available. So if this one didnt cover that kind of conduct, but there were troublesome forms of it, like your clients behavior in this case, misusing a police database, i assume there are ample state laws available that criminalize a lot of that conduct. Am i mistaken . No, this case cos from georgia, and georgia has a statute about hacking or. Isusing computer information the government, as we point out in our reply brief, the government gave a few hypotheticals in its brief and a most everyone of them is already addressed by some other provision of even the u. S. Code, let alone state law. Even, remember, my client himself has already lost his job and has other forms of punishment that have already been brought to bear. If congress decides somehow that is not enough and it wants the cfaa to also be available in situations like this, it could amend the statute, but i do not think there is anything like or a comparable problem on the other side in terms of the breath issue in front of the court. Chief Justice RobertsJustice Kavanaugh . Justice kavanaugh thank you, mr. Chief justice, and good afternoon, mr. Fisher. Picking up on Justice Gorsuchs question there at the end, and following up on questions from earlier, one of the concerns, i suppose, are Government Employees, financial employees, or Health Care Company employees who have access to very sensitive, personal and i appreciate if you could give us a sense of federal statutes that you think would cover such disclosures, if any. I take your reference to state statutes. Are there any federal statutes that you want to identify that would cover that situation . I would start with page 19 where we cite a federal statute which prohibits obtaining classified information and using it for an unauthorized purpose. And others involving Social Security information. And there is trade see creates statute that was passed. It circles back to the justice buyer question. They knew how to do so. Those are the ones i would highlight. The government tried to use the wire fraud statute and that would be available in some situations as well. You have for the most part fairly comprehensive coverage. Sorry to interrupt, 1984 version of the statute likely would have covered this kind of activity. Why do you think congress would have narrowed it in 1986 when they were concerned about this activity. Why would have congress narrowed it in that sense . I think for two reasons. It would not have covered this case in 1984 because that statute dealt with federal employees and certain particular kinds of when Congress Expanded the statute eventually to cover all computers basically in the united states, it did at the same time remove that ground of liability because it was not as said as Congress Said in the report. I take your point and this kind of activity, not this case. And in a different context, i take your point about the kind of computers. Why wouldnt a mens rea to require knowledge of the law not just the facts. That mens rea would be you are violating a use restriction. Let me challenge your premise, what if we read it to avoid concerns knowledge of the law as we did with statutes that use the term lawfully. I think there, it would just a broad statute. And then you would have a problem of people who use west law and use personal computers for personal reasons and any other web sites as i was describing and i am told on a daily basis dont use the computer for this. Thank you, counsel, Justice Barrett. We have been about the access prong which is the prong that mattered to mr. Buren and how that prong relates to the other, access of the computer. Lets imagine that van buren faced a departmental policy that said he could not use the computer itself and gets into the computer and looks up license plates, has he violated the earlier prong, access to the computer . Probably not. I think the question you are asking is raising the question about whether the without authorization prong covers just code based restrictions or other kinds of directives and the best isdence i can give you is it subsection 6. Let me interrupt because im getting at a different point. The way that you are reading the statute gives authorization as an onoff switch, either you are authorized to use the computer or not or get a piece of information or youre not. Van buren could get the license plates and doesnt matter if he was getting them for a reason he wasnt supposed to. And it breaks down in a separate way where as the government is looking at scope of operation. My baby sitter might have a key to my car so she can but uses the car to run personaler ands and exceeded the scope of her authority. Why should we understand entitlement or authorization and not to have a scope component . For two reasons. One is that the statute itself doesnt have a scope component or purpose component but asks whether the person now back to our prong was entitled to obtain the information. Doesnt the idea of entitlement or authorization itself have a scope component . Thats what we would talk about an agents authority that the principal has given him. It can. I dont disagree with that but whether it necessarily does. We dont think it is a necessarily construction matter and when you compare this to other statutes that do carve out that is evidence that congress didnt think this was one of those kinds of statutes. And so, i think thats the other piece of it is to compare back to the prong that you started with is the without authorization prong. We know from the provision i was starting to read to you that congress thought of that as a path forward type restriction or technological based construction and thats what congress was not other softer. A minute to wrap up. I think mr. , chief justice, in the dialogue i was having with Justice Barrett, the core problem here is that once if you think the statute is ambiguous whether or not purpose restrictions come in,ist gives you know tools some of which are troubling and Justice Barrett was asking me about. You cannot distinguish those hint calls that the government wants to point to. You have cascade of contractbased and employee handbook restrictions, oral restrictions, all these things that could directly restrict the scope of use in the way that Justice Cavanaugh imagined that that violated the statute and that would be the sweeping criminal law concerns that this ourt has had over the. And we urge you not to go that far. Thank you, counsel. I dont think you heard my friend spend much time on the texan i want to start right there. In the words of six 1030, petitioner used his access, that is the credentials entrusted to him as a Police Officer that he was quote not entitled so to obtain when he looked up a license plate in return for a bribe. These are precisely what the statutory language is designed to cover. If a statute prohibited accessing a warehouse with authorization and using access to obtain items in the warehouse that the person is not entitled to obtain that would cover an employee that is allowed to take items for work but takes them for himself. Section 1030 extends the same propertybase protection to the private computer records that contain our sensitive, financial, medical and other data. Petitioner is trying to gut the statute and leave that data at the mercy of anyone who has any legitimate ground to see it under any circumstance. But in doing that, he failed to give effect to every word of the atute and he ignores Clear History and design. Hat he is relying on here is wild positions that tries to bury his own heartland statutory beneath hypothetical prosecution that he cant identify in the real world, presumably innocent conduct. Those cases would implicate limits such as the need for authorization and use of the access to reach inaccessible data that his own conduct clearly satisfies. Is your plan correct that everyone who violates a websites terms of service or workplace computer use policy is violating the cfaa . Absolutely. The reasons are different in the two different hint calls. On the public website, that is not a system that requires authorization and not one that uses required credentials that has individualized limit my question to any Computer System where you have to log on. I dont think all systems that require you to log in would be authorizationbased systems because what congress was driving at here are every system that has a password no, your honor. What congress was aiming at here were people who were specifically trusted, the kind of person that has been specifically considered and individually authorized. I dont think we say that you just talked about what congress was aiming at. Im concerned with the text of the statute. Sure, your honor. The reading of the word authorization requires individualized consideration. Makes sense in this context and consistent with the courts decision in Washington County and dictionary definitions cited on pages 37 and 38 of our brief. And i think it makes sense as a matter of plain english. I dont think you would say that a system that the museum of national africanAmerican History and culture required authorization to enter when you had a signup sheet and anybody from the public could come in. Just had to register for a particular time. Services like facebook and hotmail that give accounts to anybody who has a pulse and people who dont because they dont check. Those arent authorizationbased systems. And that makes a great deal of sense and takes care of nearly i dont understand. If the guard says, are you authorized to enter at this time , i dont know i dont understand your focus on authorization as a limiting term. I think authorization clearly as the court used it in Washington County refers to some consideration and thoughtout permission. Thank you. Justice thomas. Woy like you to respond to mr. Fishers arguments about the rule of leavitt. He seems to think if this is a tossup or looks like a tossup we should rely on that since this is a criminal statute. What is your response to that . I have two. m happy to get into this. I dont think there is an ambiguous statute. It clearly supports us and his reading is insupportable. And ill get back to that, the court does think the rule ought to apply here, the better place is on words like authorization or with the word use which has to require that the access is instrumental to obtaining data that the that otherwise would be inaccessible. Thats good enough. I would like to go to something slightly different. The language before the 1984 amendments seem to cover this more precisely or expressly. And we have a change in the few words and flows a bit better. Would you explain without getting too much in the legislative history, the change in language and why you think it actually expands its coverage as opposed to compressing as mr. Fisher seems to think. I dont know that it expands it so much as it just clarifies it. It is much simpler and more concise and i think one thing that it does, if you look at the previous language, i think it was potentially subject to the interpretation that you had to look to the purposes behind the authorization like why is this particular person authorized to use the system whereas the current language is much more focused on the express limits that are inherent in the authorization itself. And it clarifies that point. And doesnt invite any further inquiry. And your honor, i know the question was made without reference to legislative history but the legislative history is quite clear on this particular point. I take if i go to my p. C. , there are dozens and dozens and dozens of sites you can use this site if you agree. And you have a list of small print that goes on quite a long ways, pages. I take it that would be covered and the terms of access would be what is permitted or not, correct . No. Why not. Authorization in this statute has a meaning that is being to specific individualized. Im not granted that in this piece of paper, it says in the thing here are the terms of access. You can use whatever we are giving on this site for the following purposes, but not for the other purposes. That isnt covered . No. No more so than i would think you have been specifically authorized to enter if you walk into a building and a sign posted on the outside about some things you are not supposed to do in that building. The word authorization under the dictionary definitions requires some kind of individualized permission. If your employer tells you, mr. Jones you work for me, here is a p. C. And get all kinds of emails and never use this email for a personal purposes and then uses it for personal purposes, doesnt violate the statutes . This gets to the second limiting feature of the statute. Lets assume it is an employee that satisfied the definition of authorization. Specifically individually authorized to use the computer, i dont think the word use necessarily requires that the user do something, the user couldnt otherwise do and there are two reasons for that in the statute. First the statute refers separately to accessing the computer and using the access which shows using the access has a further narrowing function and the user has to use the access not just the computer itself. If he decides to send an email to your friend about to do it, you could do it from your phone. I point out to the warehouse example that i gave in my remarks that substitutes the word warehouse for computer and items for information. I dont think we would have any trouble. Thats the statutes aimed at insiders that are people to get into the warehouse and obtain items they are not supposed to obtain and dont think it would be covering these kinds of scenarios. If i were to talk about a statute where somebody steps on a ladder and uses such step to retrieve an item you would think the person couldnt get. And item that was reachable from the ground. I find this is a very difficult case to decide based on the briefs we have received. In response to the concerns about the effect on personal privacy of mr. Fishers recommended interpretation, he said dont worry about that because there are other statutes but i dont know what those statutes are in any of those instances. On your side with respect to the argument adopting your interpretation would criminalize all sorts of activity that people regard as largely innocuous, you suggest there are limiting instructions, limiting interpretations, but i dont know exactly what they are. And would really be helpful to see them in writing. So what exactly is authorization . What exactly does it mean to obtain or alter information . What is this statute talking about when it speaks of computer . N in the all information that somebody obtains on the web is in the computer in a sense. I have a feeling thats not what congress was thinking about when it adopted this. I dont know what to do i dont really understand the potential scope of the statute without having an idea about exactly what all of those terms mean. What help can you give us on that . Is this something that would be helpful to have specific briefing on the meaning of all these terms . I think the answer to that is no and the problem you are facing is because of the way petitioner has keyed up the case for you. Titioner is focusing on only one very small bit of the language here. He entitled so language and s cutting out this parade of horbles and interpret that language which i think is quite clear in his manner that would get rid of the statutory protection that the statute provides. There are limitations that your honor has pointed to. I dont think this is the case because he acknowledges that his own conduct satisfies them. We have identified tore the court the ways in which some ways in which courts could limit these things. The proof is in the pudding and i believe it was your honor who asked him where the parade really is and he could identify two members of the parade. One was the drew case that didnt result in the sustained nd the other was the ticketmaster case where the defendant hired bulgarian hackers to circumvent limitations and everybody understood the statute not to cover that kind of conduct and cover the conduct that is just here today. Justice sotomayor. Im sorry. My problem is that you are giving definitions that narrow the statute that the statute doesnt have. You are asking us to write definitions to otherwise what could be viewed as a broad statute and dangerously vague. But more importantly to me you said that there is no ambiguity in the statute. Let me give you an example. Imagine a law that says anyone who drives on elm street is not authorized so to drive, shall be punished. The so to drive means if you are not authorized to drive on elm street. Under your theory and could possible apply be read as saying, you cant ride on elm street if you are driving on it with an illegal purpose. You are speeding, you are breaking the law, curfew, texting, it could cover people who drive on elm street on their way to commit a different crime because they werent authorized to be on elm street for the purpose of committing a crime. To me, if all you are relying on is that word so, i dont get around the ambiguity especially when the other side points to so many examples in the criminal de where the so refers to in the manner that has just been described. Your honor, what i think petitioner lies in argument today and on page three of his reply brief, so doesnt refer back to accessing the computer but use such access. Everyone agrees so means in that manner and the statute refers to a particular discrete act. If on some occasion the user is not entitled to use his access to obtain certain information, he has clearly violated the statute. Doesnt your reading sort of i think what you are arguing is, im not authorized to go on the computer for this purpose, then we dont need the second half of the statute. Are you talking about without authorization prong . Exactly. Exceeding authorization access. I think it is their reading that collapses the two prongs because if all congress were concerned about were people who get information they are not supposed to obtain, it would have one statute that criminalizes accessing the computer. Instead it broke out a piece for people without access without authorization and people who access, insiders. And the main danger is the precise why do we need other parts of 3030a4 that talks about could exceeding authorized access. At is a completely super fluous. Amazon who at modifies a data base to get an extra item delivered to him or herself. Justice kagan. If i understand your brief correctly, you would concede if the word so wasnt there, you would lose this case . It would be a much tougher case without the word so, your honor. What is so mean . And picking up on what you were saying, if i understand mr. Fishers argument, he says so means by accessing the computer and you just said so means by using your access. Why is it that we should pick your choice of the prior reference rather than his choice of the prior reference . The antisurplus came in. If also is in the statute and this is reading. If also is in the statute to make sure that the statute covers someone who can get similar information from a noncomputerized source there it is surplusage. I think he dispute that. He says what that prevents is using the statute as the cases where you could obtain the information in a nondigital manner. The statute is already limited to information in the computer. The computer record bits and bytes. The statute considers obtaining and altering. Surely its referring to altering the specific record of say my birthday rather than the abstract fact of the day i was born simply because it is contained in the computer or computer that was accessed. If we are limiting this to people who cant obtain computer access as opposed to having something read to them over the phone. Hat is based into the statute. Justice gorsuch. Im curious about a bigger question, this case does seem to be the latest as the petitioner has pointed out and long line in cases where the government has sought to expand federal criminal jurisdiction and prettyly significant ways whether we are talking about macdonald, yates or bond. And im kind of why we are back here again on a rather small state crime that is prosecuteable under state law and perhaps under other federal laws to try and address conduct that would be rather remarkable perhaps making a federal criminal of us all. We dont think the statute does that tore the reasons i your honor, we think that this statute is aimed at this site sort of thing and i can give you several examples. Im asking a bigger question in that is that there is this pattern. I would have thought that the Solicitor Generals Office isnt just a rubberstamp for the attorneys offices and that there would be some careful thought given as to whether this is an appropriate reading of these statutes, in light of this courts holdings over now about 10 years, maybe more, in similar laws. Honor arson of the language at issue here. We dont think that every prosecution that they are positing or every prosecution , is one thatht would validly be brought under the statute. But the kind of misconduct that we have here where a Police Officer tips off a criminal about something is exactly the kind of misconduct that the statute was aimed at. The Police Officer is abusing his trust and access to state and national databases, which he , which the petitioner here abused. Thank. Just ask cavanaugh . Lets focus on the text of it. I look at the text and think access his computer without authorization means someone who gets on a computer that they are not allowed to get on. It seems authorized access and obtains information, i would think means you are allowed on the computer but you go into a file that you are not allowed to access. Things areose two what the statute might speak to and that the disclosure of information or misuse of isormation that you obtained something distinct, but merely browsing around looking at information you are not allowed the secondis what prong is getting at. Why is that wrong is a textual matter . A couple of points. First, i dont think thats if thats all that the second prong covers, then basically thats just like saying if we do brick and mortar analogy, its like saying you cant its a crime to go into the for an employee of the store to go into the back office and take money out of the shoebox where we keep petty cash because hes not allowed ever to get at the petty cash box. But he can take as much money for himself as he wants out of the Cash Register because he is entitled to go into the Cash Register and make change. So, its not just limited to files. We think it goes to the limits of the authorization. The second point i would make, to get back to the text here, your honor, as i was trying to ask mine earlier to the chief justice, authorization has a meaning here. Everyone i think in fairly agree that the meaning, one meaning of authorization is that you have given someone specific permission. Thats the definition we have cited in the brief and it is amply supported. The question, there might be a question as to how specific the permission has to be, but in context i think the permission needs to be fairly specific. So, there are going to be a number of systems that are necessarily covered by either prong directly. Sorry to interrupt, i want to get one more question in. You acknowledged to Justice Kagan that you would be in trouble if the word so were deleted and you relied on the surplus canon. It as she pointed out, there is some meaning offered by the petitioner to the word so. But even if it were surpluses, that canon can only take you so far. As Justice Gorsuch said, this would be a fairly substantial expansion of criminal liability based on one word that you are saying we have to part interpret a particular way. Can you respond to that . Let me tell you a couple of quick things about that. This may sound trite, but just because the word is two letters doesnt mean that the antisurplus canon should not apply. The second thing i would say is that the word so here really does ensure that this is covering the kind of conduct congress wanted to cover. It would be like without our interpretation, this is going to leave open anybody to use any information that they have or look up any information under any circumstances whatsoever so long as there is some narrow conceivable circumstance under which they are allowed to do so. Justice barrett . I want to follow up on Justice Kavanaughs question. The interpretation that he offered to you of that Language Access to computer without authorization or exceeds authorized access is similar to the on off switch i was describing to mr. Fisher. You are either authorized to be there or you are not and it context ake into scope. Are you saying there isnt a kind of inherent idea of a scope of authorization and the word authorize itself . There is inherent in the word authorization the scope of authorization. That is the access, the authorized access, then you are using the access in a manner not permitted so to use it. So, you are exceeding a limit on your authorization. But i think that so actually refers back to the word access. But to clear up any confusion , the word authorization refers to specific individualized permissions and there will be systems that dont really require that it all. If i access a public website, just like i wouldnt really normally talk about going to a public park with or without authorization, thats just a thing everyone can do, that wouldnt be a system. It seems to me you are putting a lot of specificity into the word authorization that it doesnt have. You could have authorization from an employer or even a professor. A professor teaching a small class, 12 seminar students and she says you may use a computer in class to take notes, but for no other reason. Like personal gmail . Your honor, i dont think that that is the kind of authorization the statute is referring to. Its talking about the owner of the computer data, not just an extra no constraint and i think that would be problematic under a petitioners reading of the statute because suddenly you are prohibited from going into any file in your computer and the person has been flatly prohibited that. He doesnt really avoid that the same way that the parentchild because ial falters could instruct my child not to go into a particular file or use a particular program. I understand the courts reaction. We are pointing to a bunch of limitations and trying to speck them out, but i think thats the problem with the way penn dish the way the petitioner teed up the case. Hes focused on this limited, specific portion of the language and has argued that unless you do what he wants, all this other stuff will be opened up. There isnt much case law on the other stuff because no one has ever made any real sustained effort to bring those kinds of cases. They certainly havent resulted in any kind of liability. Our point here isnt to defend door any particular case that isnt this one. To the extent that we start to see cases like that, it will give courts, including this court, if necessary, the opportunity to further articulate those limits. Mr. Feigin. Rap up, thank you, your honor. I think that but the court should not do is interpret this in in a textual manner that is different from how they view to the plain language in order to avoid creative hypotheticals that havent really occurred. Let me give you some examples of things that on his reading wouldnt be covered by this or any other federal statute, so far as we know. A Police Officer tipping off a friend with Insider Information that he got from a database. He knows the friend is a criminal but doesnt know the purpose towards which the friend will put it, so we cant get them for attempt or conspiracy. Someone who is leaving a company and he takes the entire customer database with him. Its not a trade secret, he just wants to use it for himself. Or an i. T. Technician in a court who reveals divisional emails from a court email server. Thank you, your honor. Thank you, con counsel. Rebuttal, mr. Fisher . First, as to the test, i dont think it matters that mr. Fagan said weather so refers to accessing the computer with authorization or whether it refers to access. Either way it refers to the manner of getting the information, which is by computer. It also disposes of the surplus argument later in the statute. Yes, it picks up in the computer , but the same information might be available from some other source and thats what so is doing. The second point is about authorization. The government is clearly putting a in normas amount of weight on that term in the statute, but there are very Serious Problems with that. For one thing, it talks about with authorization or without authorization. If you say that none of these public facing websites are being accessed with authorization, it might be that they are all being accessed without authorization, opening up a whole other set of problems. Even as to the plain meaning of the term proposed, it escapes me why logging into your work computer doesnt establish authorization. Or your web law account or an agebased restriction on facebook, or being single and therefore authorized to use a dating website. All of these websites and Work Computers are accessed only with authorization, as even mr. Feigin defines the term, so that doesnt meaningfully narrow the statute. So you are left with the problem of consequences and the best thing the government can say is that we havent brought a bunch of these, a bunch of these prosecutions yet. Even their 2014 policy doesnt talk about the other restrictions hes talking about today, it instead says that they may decide not to bring these kinds of cases. But for all the textual reasons we just described, they would be available under the government reading and you are left with Justice Gorsuchs point, the court over and over again has had cases in recent years and even further back where the ofernment offers a reading the federal statute that would sweep in everyday conduct and there has never been an answer for that kind of prague argument to say process wont bring those kinds of cases or that its true the way we have it now, if those problems come up in the future we address them. What the court has done in each of those cases is apply additional tools of construction to say ambiguity must be construed narrowly because of fair new to fair notice, federalism, and other weeknights this month, we are featuring American History tv programs to preview whats available every weekend on cspan3. Tonight, two best selling authors on how they use Historical Research in their work. Watch beginning at 8 00 p. M. Eastern, and enjoy American History tv every weekend on cspan3. American history tv on cspan3. Exploring the people and events that tell the american story every weekend. Coming up this weekend, saturday, at 10 00 p. M. Eastern on reel america, as Health Officials prepare to roll out a vaccine for the coronavirus, we take you back in time with five films about vaccines. On sunday at 6 00 p. M. Eastern on american artifacts, tour new york citys Lower East Side museum with reconstructed dwellings that show how immigrant families coped with poverty and crowded conditions in the 19th and early 20th centuries. At 6 30 pm, historian hitchcock, author of the age of eisenhower. Then at 9 00 p. M. , a u. S. Constitutional debate, featuring a reenactment from Founding FathersJames Madison and george mason oven issue from the bill of rights to slavery. Watch American History tv, this weekend on cspan3. Retired Army Lieutenant general h. R. Mcmaster, the former National Security adviser to president trump, discussed u. S. Foreign policy at an event hosted by the Atlantic Council. He talked about middle east security, u. S. Strategy toward china, and the military mission in afghanistan and iraq. This is 45 minutes. Pillow, and welcome. I am president and ceo hello and welcome. Im fred kemp, president and ceo of the Atlantic Council and i would like to welcome you to Atlantic Council front page. Global platform for global leaders. We have had heads of state and heads of government and former cabinet level officials and International Organization leaders, and sometimes they also of thisauthors wonderful book that i will talk a little bit more about. We are honored today to host Lieutenant General h. R