11/30/2020, Supreme Court Oral Argument - Van Buren v. United States(19-783)

This is a mobile-friendly version of the original article

SUPREME COURT OF THE UNITED STATES

IN THE SUPREME COURT OF THE UNITED STATES
No. 19-783
NATHAN VAN BUREN,
Petitioner,
v.
UNITED STATES,
Respondent.

Pages: 1 through 67
Place: Washington, D.C.
Date: November 30, 2020
Official - Subject to Final Review

Washington, D.C. Monday, November 30, 2020

The above-entitled matter came on for oral argument before the Supreme Court of the United States at 11:36 a.m.

APPEARANCES: JEFFREY L. FISHER, ESQUIRE, Stanford, California;
on behalf of the Petitioner.
ERIC J. FEIGIN, Deputy Solicitor General,
Department of Justice, Washington, D.C.;
on behalf of the Respondent.

CONTENTS
ORAL ARGUMENT OF:
JEFFREY L. FISHER, ESQ.
On behalf of the Petitioner
ORAL ARGUMENT OF:
ERIC J. FEIGIN, ESQ.
On behalf of the Respondent
REBUTTAL ARGUMENT OF:
JEFFREY L. FISHER, ESQ.
On behalf of the Petitioner

CONTENTS

ORAL ARGUMENT OF JEFFREY L. FISHER
ORAL ARGUMENT OF ERIC J. FEIGIN
REBUTTAL ARGUMENT OF JEFFREY L. FISHER

PROCEEDINGS (11:36 a.m.) CHIEF JUSTICE ROBERTS: We’ll hear argument next in Case 19-783, Van Buren versus United States.

Mr. Fisher.

ORAL ARGUMENT OF JEFFREY L. FISHER

ON BEHALF OF THE PETITIONER

MR. FISHER: Mr. Chief Justice, and may it please the Court: The CFAA is an anti-hacking statute. It prohibits obtaining information from a computer without authorization. And to ensure comprehensive coverage, the statute also prohibits “exceeding authorized access.” As Judge Kozinski put it, this – this ensures that the statute covers not just outside but also inside hackers.

In this case, however, the government seeks to transform the supplemental prong of the CFAA into an entirely different prohibition. In the government’s view, this prong covers obtaining any information via computer that the accessor is not entitled “under the circumstances” to obtain.

It is no overstatement to say that this construction would brand most Americans criminals on a daily basis. The scenarios are practically limitless, but a few examples will suffice. Imagine a secretary whose employee handbook says that her e-mail or Zoom account may be used only for business purposes. Or consider a person using a dating website where users may not include false information on their profile to obtain information about potential mates. Or think of a law student who is issued a log – log-in credentials for Westlaw or Lexis for educational use only.

If the government is right, then a computer user who disregards any of these stated use restrictions commits a federal crime. For example, any employee who used a Zoom account over Thanksgiving to connect with distant relatives would be subject to the grace of federal prosecutors.

The main argument the government offers in response to that startling result is that a single two-letter word in the CFAA’s definition of “exceeds authorized access,” the term “so,” demands it.

But that word requires no such thing. The word simply clarifies that a use – that the user must be prohibited from obtaining the information merely by a computer. It relieves the government of having to negate every possible alternative means by which the defendant might permissibly have obtained the information at issue.

But that is all the word does. It does not transform the CFAA into a sweeping Internet police mandate. The Court should reverse.

And I’m happy to take any questions.

CHIEF JUSTICE ROBERTS: Mr. Fisher, in Musacchio versus United States, this is what we said: That statute provides two ways of committing the crime of improperly accessing a protected computer: obtaining access without authorization and obtaining access with authorization but then using that access improperly.

You didn’t mention that case in your opening brief. The government relied on it. You didn’t mention it in your reply brief. I wonder what your – your answer to that quote is.

MR. FISHER: Mr. Chief Justice, my understanding in that case was the Court was simply giving a thumbnail summary of how the statute works. Of course, the question presented here was not presented there. And, in fact, not even the “exceeds authorized access” prong was at issue there in the conspiracy issue the Court reached.

I understood what the Court to be doing in that summary simply to be using the word “improperly” as a shorthand for whatever it is that the “exceeds authorized access” prong prohibits and then moving – and moving right along.

CHIEF JUSTICE ROBERTS: Well, but that’s not what it – that’s not what it says. It says – and this seems to me to go to the point at issue here – that the second way you can violate it is by obtaining access with authorization but then using that access improperly. Doesn’t –

MR. FISHER: Well, Mr. Chief –

CHIEF JUSTICE ROBERTS: Go ahead.

MR. FISHER: I’m sorry. I – I – I think my answer would simply be just to look at the words of the statute. And I think the definition of “exceeds authorized access” doesn’t talk about improper use. It talks about obtaining information that the accessor is not entitled so to obtain.

And as we’ve explained in our papers, we think the definition of that term leaves out improper purposes because we know Congress, in fact, had those – those words in the very original provision of the statute and they took them out in 1986. And we know from other enactments that we’ve cited, for example, at page 19 of our blue brief, that when Congress wants to criminalize or otherwise prohibit improper use or unauthorized purposes, it does so expressly.

CHIEF JUSTICE ROBERTS: Just to make sure I have your interpretation correct, if – if a – if a bank has a policy barring employees from accessing Facebook, and an employee exceeds her authorized access and would be covered if she goes onto Facebook, but it wouldn’t be a violation if she used that access to look up customers’ Social Security numbers to sell them to a third party, right?

MR. FISHER: I’m not sure I follow, Mr. Chief Justice. I think my position is that it would not violate the CFAA for the employee to go on Facebook.

If you’re asking me about the Social Security numbers, for example, it would depend on whether the employee actually had access to that information. As we explain in our brief, if – if that employee has to use certain log-in credentials that – of somebody else’s, for example, to get that information, that would not – that would – that would be a violated – violation of the statute.

CHIEF JUSTICE ROBERTS: Thank you.

MR. FISHER: The question again –

CHIEF JUSTICE ROBERTS: Justice Thomas.

JUSTICE THOMAS: Thank you, Mr. Chief Justice.

Mr. Fisher, you gave a brief list – a list, a parade of horribles. In CA 11, this has been the rule for a while. Has there been – can you give us some actual examples of – of that happening, someone getting – violating this provision because of accessing Zoom or something like that, or Facebook?

MR. FISHER: Justice Thomas, not in the Eleventh Circuit, but the papers discuss, for example, the Drew case out of the Ninth Circuit, which was issue – which was before the Ninth Circuit issued the Nosal decision, where somebody was prosecuted for misusing MySpace. There’s a case involving Ticketmaster that we’ve cited in the brief.

But, more generally, Justice Thomas, I’d also point you to two other things. One is remember that the language of this statute has its own deterrent effect. And so, for people who use the Internet every day, they have to be aware of the criminal law, both on the criminal side and, remember, this statute has a civil component.

And I think that’s the – the critical thing, is that the Court said in Marinello and many other cases that you can’t construe a statute simply on the assumption the government will use it responsibly. So, if the government has withheld the full brunt of the federal prosecutorial power, that doesn’t enable the Court to simply construe the statute on that promise.

And so I think that’s the – that’s the critical problem with the government’s point here.

I’d also point you to the Committee for Justice brief, which gives another example of just not everyday Zoom use or Facebook use but also political prosecutions, like the case in Kelly last term and McDonnell a little bit earlier, and I think there’s a persuasive case made in that brief how any one of those prosecutions could simply be repackaged as a CFAA prosecution if the government were to win here.

JUSTICE THOMAS: So you seem to be making a point that, well, if you don’t have the authority to access a certain area, for example, you’re – you have a level A clearance, but you access information that is at a level B or something, that – that that would be – certainly would – would – would exceed authorization.

But why can’t you have the exact same thing on the other end, that is, that you have authority to access information, but you are limited – that authorization is limited as to what you can do with it?

For example, you work for a car rental and you have the access to the GPS, but rather than use it to determine the location of a car that may be missing, you use it to follow a spouse, or as in this case, the – the use of the information is a problem.

So I don’t understand why you make the distinction between these two levels or ways that you can have or not have authorization.

MR. FISHER: Because – because of the language of the statute, Justice Thomas. The statute simply asks whether the user is – is entitled to obtain the information.

And to use your car rental example, the user there is entitled to obtain that GPS information.

Now it may be a breach of company policy. It may be – in the case of the stalking example that the government gives in its brief like that, it may be a different crime, but the question in – in front of you here is whether it violates the CFAA as enacted and existing right now. And so my only –

CHIEF JUSTICE ROBERTS: Justice Breyer.

JUSTICE BREYER: All right. The argument on the legislative history I’m interested in because there was an earlier statute which did say pretty clearly it’s a crime to use your access for purposes to which such authorization does not extend. And then that was changed to the present language. But, at that time, the history says they didn’t mean to make a substantive change.

So what do you respond to that?

MR. FISHER: Well, two things, Justice Breyer. Remember, first of all, that that original provision of the statute was exceedingly narrow. It applied just to certain federal employees and certain information.

When Congress changed that law two years later in 1986, you’re right that at one point of the committee report it talked about simply clarifying the statute, but in the other part of the committee report, dealing with exactly the same words, what the – what the – what Congress said is that they had removed one of the murkier grounds for – for liability and refocused the statute on its principal object.

And so you have those cross-cutting pieces of legislative history. And even the government, I would stress, does not argue that all that amendment did is clarify. The government says that that amendment actually dramatically expanded the statute to go even beyond improper purposes to a violation of any stated use restriction.

So nobody here is arguing that the statute didn’t change in 1986. It’s just a question of whether it expanded dramatically or took away that purpose language.

And I think, Justice Breyer, the other thing I would stress about the legislative history is, because this is a criminal case, we think it’s improper if not, at the very least, very dangerous to rely on legislative history to resolve ambiguity.

Instead, what you should look to are things like the Rule of Lenity and the principle of last term in Kelly and in Marinello where the Court has always resisted construing ambiguity in federal criminal statutes to vastly enlarge the sweep of criminal liability.

JUSTICE BREYER: Thank you.

CHIEF JUSTICE ROBERTS: Justice Alito.

JUSTICE ALITO: Mr. Fisher, in this case, we’ve received amicus briefs from a number of organizations and individuals who are very concerned about what your interpretation would mean for personal privacy.

There are many government employees who are given access to all sorts of highly personal information for use in performing their jobs. But, if they use that for personal purposes to make money, protect or carry out criminal activity, to harass people they don’t like, they can do enormous damage.

And the same thing for people who work for private entities. Think of the – the person in the fraud detection section of a bank who has access to credit card numbers and uses that information to sell for a personal profit.

Do you think that none of that was of concern when Congress enacted this statute?

MR. FISHER: Justice Alito, with due respect, I do not think it was. What Congress was concerned about was computer hacking, and that’s up and down the legislative history, this new problem of computer – of – of hacking.

And I think that the two things I would add to that, because I understand the concern, and there – there are powerful briefs about the policy question you raise, and it’s possible Congress may want to step in and regulate that and even criminalize it to some effect, but the question is, what does the statute you have in front of you right now do?

And the problem with the government’s view or those – or those amicus briefs is there’s no way to reach the federal – the government employee or the – or the financial employee that you’re imagining without also reaching every other ordinary employee who violates an employee handbook –

JUSTICE ALITO: Well, let me ask you – let me –

MR. FISHER: – every student who violates the course –

JUSTICE ALITO: Yeah, let me ask you about that, because you rely heavily on former Judge Kozinski’s parade of horribles, but, in doing that, you read the provisions of this section very, very broadly.

Take – take the example of the person who puts – who lies about weight on a dating website. How would that be a violation of this statute?

MR. FISHER: Well, under the government’s theory, it’s a violation to use a website in violation of the terms of service. I think the government –

JUSTICE ALITO: Well, but the statute says –

MR. FISHER: – its own theory of this fact –

JUSTICE ALITO: – if you obtain information, obtain or alter information. How is that person obtaining or altering information?

MR. FISHER: Well, I think, typically, when you use it –

JUSTICE ALITO: They’re putting in information.

MR. FISHER: No, it’s – it’s not the entering of the false information, Justice Alito. It – it’s then obtaining information on a dating website, for example, about a potential mate. So you are obtaining information from the website through a profile that is false, and that violates the terms of service of that website, and it falls squarely within the government’s theory because you have obtained that – you’ve gotten on that website with authorization, with your log-in credentials, because you’re a single person and not married, et cetera, and you have obtained information in violation of the stated use restrictions on that website. So I don’t see how the government gets out of that hypothetical.

JUSTICE ALITO: All right. Thank you.

CHIEF JUSTICE ROBERTS: Justice Sotomayor.

JUSTICE SOTOMAYOR: Counsel, I very much understand the concerns of my colleagues about the amicus briefs of illegal conduct that this would not cover, including the one at issue here, your client, a local police officer – not your client, I’m sorry – yes, your client – a local police officer who paid for information he got from a federal computer system, which – for personal reasons.

But the fact that there isn’t this federal crime doesn’t mean this conduct isn’t prosecuted in other ways, does it?

MR. FISHER: No. For example, my client in this case was prosecuted also under a separate count that’s pending on remand. And as I said in the – in our reply brief, other types of misconduct the government talks about, like the stalking example or like mis-obtaining health information, misuse of trade secrets, all of those things can be prosecuted under different federal statutes.

And if – if – if Congress decided, it could enact the – the proposal the Department of Justice has given it a couple times over the last several years to expand the CFAA in certain limited respects.

But, as I was trying to say earlier, Justice Sotomayor, the core of the problem is there is no foothold in the statute to inch the statute forward to cover the conduct in this case without also covering all kinds of other violations of purpose-based restrictions that could appear in terms of service contracts, employee handbooks, course syllabuses, syllabi at universities, or even oral dictates.

So just take – go back to the facts of this case and imagine Mr. Van Buren’s supervisor had told him, please don’t do any license plate searches this evening until you’ve finished your paperwork, or tomorrow, when you’re out on patrol –

JUSTICE SOTOMAYOR: Counsel – counsel, are – counsel, are there targeted changes that could be made to limit the reach of this statute to exactly the fears that I think one of my colleagues expressed of the kind of conduct that we would think of as subjecting someone to punishment?

I know, for example, most statutes have a obtaining information and using it for financial gain.

MR. FISHER: Yes, Justice Sotomayor, the government itself has proposed amendments to the statute that we cite in our brief. Professor Kerr in his amicus brief describes those proposals as well and endorses them. And – but I think, again, the critical point I would make is that that should come from Congress.

Just back to this statute, as I was saying, what about oral directives to a – to an officer that tomorrow, when you’re out on patrol, don’t run license plates, just in ordinary traffic stops; I want you to be more efficient.

You know, there’s any number of questions that would have to be addressed. Just look at subsection 1 of this statute, Justice Sotomayor. It does restrict federal employees’ use of information in giving it to third parties. That is not part of the provision at issue here. So – so, again, that would be a choice for Congress to make, and all these things should be done on a legislative basis.

CHIEF JUSTICE ROBERTS: Justice Kagan.

JUSTICE SOTOMAYOR: Thank you, counsel.

JUSTICE KAGAN: Mr. Fisher, could you tell me again what you think “so” means?

MR. FISHER: “So” means in the manner so described. That’s the Black’s Law definition. And so translated to this statute, what it means is that you’ve accessed and obtained the information via computer as opposed to some other means.

JUSTICE KAGAN: So could – could you just parse that for me a little bit? In a – in a manner so described asks for some kind of reference back. So what are we referring back to on your theory?

MR. FISHER: You’re referring back to – to “access a computer with authorization.”

So, Justice Kagan, two things that might flesh this out for you. One is we give an example of another federal statute on page 2 of our yellow brief that uses “so” in this manner. It just picks up what was said before, that was earlier.

And maybe the government’s own hypothetical, I think, is the best way this plays out, where the government worries about a federal contractor obtaining salary information from a salary database that he does not have access to. And what “so” does is it prohibits that person from defending himself in a prosecution for hacking into that database by saying, oh, I could have filed a FOIA request or I could have called the employees themselves and asked them what they made, and, therefore, I was entitled to obtain the information.

That defense is off limits because of the word “so.” And, in fact, in that way, “so” helps the government.

JUSTICE KAGAN: Okay. On your parade of horribles, a similar question to Justice Alito’s, but one of your – the – the – the features of your parade is – is an employee checking Instagram at work. How is that obtaining or altering information?

MR. FISHER: It’s – it’s obtaining information because you are literally obtaining the words or pictures out of Instagram, and it would violate the government’s rule. Remember, the prosecutor himself told the jury this at closing argument, it would violate the government’s rule because the employee would be at least theoretically prohibited from using her work computer for personal reasons.

And so checking Instagram through your work computer would be an improper purpose. It would be an improper use. And you would obtain the information from the computer in the form of those pictures or – or words or whatever they might be.

JUSTICE KAGAN: Thank you, Mr. Fisher.

CHIEF JUSTICE ROBERTS: Justice Gorsuch.

JUSTICE GORSUCH: Good morning, Mr. Fisher. Picking up on your parade of horribles, could you explain to us what the constitutional implications are of your parade? Just to give you an opportunity, rather than just make a policy argument, try and link it up to something bigger.

MR. FISHER: Thank you, Justice Gorsuch. I think the – there are two constitutional problems. One are the First Amendment problems with certain applications of – of – of – of the government’s rule that are described in the amicus brief. Secondly, there’s the vagueness problem, and that’s what I’ll focus on.

Under the government’s view, remember, using – obtaining information via computer that you’re not entitled “under the circumstances to obtain” violates the statute. That is an impossible vagueness problem because either one of two things has to be correct.

Either “under the circumstances” means literally every possible circumstance you could imagine, right down to somebody orally telling you not to do that. Imagine a parent telling – telling her teenager, don’t use Instagram tonight until your homework is done or don’t use Face – Facebook to – to talk to your friends.

And so there’s – the opportunities for prosecutorial discretion are probably broader than any statute the Court has ever seen if the government is right in literal terms.

The only alternative is that “under the circumstances” somehow puts some of those circumstances in and some of them out. But that’s a wholly indeterminate problem that I think violates just the most basic fair notice principles of the criminal law.

JUSTICE GORSUCH: And then, on the reverse parade of horribles we’ve heard from the other side, I guess I’m struggling to imagine how – how long that parade would be given the abundance of criminal laws available.

So, if this one didn’t cover that kind of conduct, but there were troublesome forms of it, like your client’s behavior in this case, misusing a police database, I assume there are ample state laws available that criminalize a lot of that conduct. Am I mistaken?

MR. FISHER: No. In fact, this case comes from Georgia, and Georgia itself has a statute about – about hacking or otherwise misusing computer information. The government, as we point out in our – in our reply brief, the government gave a few hypotheticals in its brief, and almost every one of them is already addressed by some other provision of the – even the U.S. Code, let alone state law.

And – and even – remember, my client himself has already lost his job and has other forms of punishment that have already been brought to bear. So, if Congress decides somehow that is not enough and it wants the CFAA to also be available in situations like this, it could amend the statute. But – but I don’t think there’s anything like a comparable problem on the other side in terms of the sort of breadth issue in front of the Court.

CHIEF JUSTICE ROBERTS: Justice Kavanaugh.

JUSTICE KAVANAUGH: Thank you, Mr. Chief Justice.

And good afternoon, Mr. Fisher. Picking up on Justice Gorsuch’s question there at the end and following up on questions from earlier, one of the concerns, I suppose, is government employees or financial company employees or healthcare company employees who have access to very sensitive personal information, then disclose it.

And I’d appreciate if you could give us a sense of the federal statutes that you think would cover such – such disclosures, if any. I – I take your reference to state statutes, but are there any federal statutes that you want to identify that would cover that kind of situation?

MR. FISHER: Sure. I think I’d start with page 19 of our blue brief, Justice Kavanaugh, where we cite a federal statute that prohibits obtaining classified information and using it for an unauthorized purpose. So that’s one very important statute. We cite a couple of others involving Social Security Administration information. There’s also the trade secrets statute that was passed in 1996.

Again, this circles back to Justice Breyer’s question, but, remember, that was passed right alongside amendments to the CFAA. And so, when Congress wanted to criminalize an improper purpose, it knew exactly how to do so when it did so with respect to trade secrets. So I think those are the ones that I would highlight.

The government, of course, in this case also tried to use the wire fraud statute, and that may be available in some situations as well. So I think you have for the most part already fairly comprehensive coverage.

And as I said –

JUSTICE KAVANAUGH: Counsel, can I interrupt –

MR. FISHER: – I’ll just say it one more time –

JUSTICE KAVANAUGH: Sorry to interrupt, Mr. Fisher. The 1984 version of the statute likely would have covered this kind of activity. Why do you think Congress would have narrowed it in 1986 when they were so concerned about this kind of activity?

I get your textual point, but I’m just trying to figure out why Congress would have narrowed it in that sense?

MR. FISHER: Well, for two reasons, I think, Justice Kavanaugh. One is, remember, it actually would not have covered this case in 1984 because that statute dealt only with federal employees and –

JUSTICE KAVANAUGH: Yeah.

MR. FISHER: – certain particular kinds of information.

JUSTICE KAVANAUGH: Yeah, this – this kind of –

MR. FISHER: And I think that’s –

JUSTICE KAVANAUGH: – I take your – I take your point.

MR. FISHER: – getting at the answer, is that when Congress expanded the statute eventually to cover all computers, basically, in the United States, it also did, at the same time, remove that murky ground of liability because it was not, as Congress said in the report, the core of the statutory problem.

JUSTICE KAVANAUGH: Yes. No, that’s – I take your point and I meant to say this kind of activity, right, not this case, but – and in a different context, and I take your point about the kind of computers covered.

Why wouldn’t a mens rea requirement solve your problems if the Court were to read “intentionally” to require knowledge of the law, not just the facts?

MR. FISHER: Well, I – I think the most the mens rea requirement could require would be knowledge that you are violating a use restriction and that the –

JUSTICE KAVANAUGH: Well, what if we read it – let me just challenge the – your premise. What if we read it to avoid the concerns to require knowledge of the law, as we do with statutes that use the term “willfully,” for example?

MR. FISHER: I think even there, Justice Kavanaugh, it would just be such a remarkably broad statute, and – and then – and then you’d – you’d have the problem of people who use Westlaw for personal reasons, they use their work computers for personal reasons, they use any number of other websites, as I was describing, and are told on a daily basis by supervisors and parents and all kinds of other people, don’t use the computer for this.

CHIEF JUSTICE ROBERTS: Thank you, counsel.

MR. FISHER: And I do think –

CHIEF JUSTICE ROBERTS: Justice Barrett.

JUSTICE BARRETT: Good afternoon, Mr. Fisher. We’ve been focusing on the “exceeds authorized access” prong, you know, which is the prong that mattered for Mr. Van Buren. But I want to ask you how that prong relates to the other prong, the “accesses a computer without authorization” prohibition.

Let’s imagine that Van Buren faced a very firm departmental policy that said he could not use the computer itself for any personal purpose, and he gets into the computer and does what he did here and looks up license plates for a personal use.

Has he violated the earlier prong, the “accesses a computer without authorization” prong?

MR. FISHER: I think probably not, Justice Barrett. I think the question you’re asking raises the question described in some of the amicus briefs about whether the – I’m sorry, the “without authorization” prong covers just code-based restrictions or other – other kinds of directives.

And I think the best evidence I can give you that it covers just code-based restrictions is subsection 6 at the top of 3(a) of the government’s appendix. This is the statute –

JUSTICE BARRETT: Well, let me interrupt you for one second, Mr. Fisher, because I’m actually getting, I think, at a different point, perhaps inartfully.

It seems to me that the way that you’re reading this statute uses authorization as an on/off switch, you know, either you’re authorized to use a computer or you’re not; either you’re authorized to get into a particular database or get a piece of information or you’re not.

So, here, Van Buren could get the license plates, and it didn’t matter if he was getting them for a reason that he was not supposed to get them for. So it – it seems to me that you are looking at authorization in a – in a bright gates up or gates down kind of way, whereas the government is looking at scope of authorization as included.

So, for example, my baby-sitter might have a key to my car so she can pick up my kids from school, but then she uses the car to go run some personal errands. She’s exceeded the scope of her authority. And I guess what I’m trying to get at is, why should we understand entitlement or authorization to be just an on/off switch and not to have a scope component?

MR. FISHER: Well, I think for two reasons. One is that the statute itself doesn’t have a scope component or a purpose component or anything like that. It simply asks whether the person – now I’m back to our prong – was entitled to obtain the information. And the answer here is yes, he was, and that –

JUSTICE BARRETT: But doesn’t the idea of entitlement or authorization itself have a scope component? That’s what we would think of in, you know, an agent’s authority that the principal has given him, for example.

MR. FISHER: It can sometimes, Justice Barrett. I don’t disagree with that. And so – but the question is whether it necessarily does. We don’t think as a statutory construction matter it necessarily does.

And when you compare this to other statutes that do carve out improper purpose, we think that’s evidence that Congress didn’t – didn’t think this was one of those kinds of statutes.

And so – so I think that’s the other – the other piece of it, is to compare back again to the prong that you started with, which is the “without authorization” prong.

We know from – from the provision I was starting to read to you that Congress thought of that as sort of a password-type restriction or a – or a technological-based restriction. And that’s what Congress was concerned about, not other kinds of softer scope-based restrictions.

JUSTICE BARRETT: Thank you, Mr. Fisher.

CHIEF JUSTICE ROBERTS: A minute to wrap up, Mr. Fisher.

MR. FISHER: Thank you. I think, Mr. Chief Justice, what I’d leave you with is the dialogue that I was just having with Justice Barrett and Justice Kavanaugh.

Just the core problem here is that once you take – if you think the statute is ambiguous as to whether or not scope restrictions or purpose restrictions come in, the statute gives you no tools to distinguish the kinds of hypotheticals, some of which are troubling and some of which are more everyday, like Justice Barrett was asking me about – you cannot distinguish all those hypotheticals from the ones that – that the government wants to point to the most troubling.

So you have this cascade of contract-based restrictions, employee handbook restrictions, course syllabus restrictions, oral restrictions, all the other things that could – that can directly restrict the scope of use in a way that, even as Justice Kavanaugh imagined, if the reader knew, if the user knew that that violated the statute, and that would be just the vast sweeping criminal law that would bring the over-criminalization concerns this Court has had over the last several years really home to roost in just one single statute. And so we urge you not to go that far in this case.

CHIEF JUSTICE ROBERTS: Thank you, counsel.

Mr. Feigin.

ORAL ARGUMENT OF ERIC J. FEIGIN

ON BEHALF OF THE RESPONDENT

MR. FEIGIN: Thank you, Mr. Chief Justice, and may it please the Court:

I don’t think you heard my friend spend much time on the text, and I want to start right there. In the words of Section 1030, Petitioner used his access, that is, the credentials entrusted to him as a police officer, to obtain database information that he was “not entitled so to obtain” when he looked up a license plate in return for a bribe.

But such serious breaches of trust by insiders are precisely what the statutory language is designed to cover. If a statute prohibited accessing a warehouse with authorization – with – with authorization and using such access to obtain items in the warehouse that the accessor is not entitled so to obtain, everyone would understand that language to cover an employee who’s allowed to take items for work who instead takes them for himself.

Section 1030 used the same language to extend the same property-based protection to the private computer records that contain our most sensitive financial, medical, and other data.

Petitioner’s trying to gut the statute and leave all of that data at the mercy of anyone who ever has any legitimate ground to see it under any circumstance. But, in doing that, he fails to give effect to every word of the statute, as his answer to Justice Kagan showed, and he ignores its clear history and design, as his answer to Justice Breyer showed.

He’s – what he’s – what he’s instead relying on here is a wild caricature of our position that tries to bury his own heartland statutory violation beneath an imaginary avalanche of hypothetical prosecutions that he can’t actually identify in the real world for seemingly innocent conduct.

But those invented cases would implicate textual limits, such as the need for an authorization-based system, and use of the access to reach otherwise inaccessible data that his own conduct clearly satisfies.

CHIEF JUSTICE ROBERTS: Mr. Feigin, is your friend correct that everyone who violates a website’s terms of service or a workplace computer use policy is violating the CFAA?

MR. FEIGIN: Absolutely not, Your Honor. And I think the reasons are different in the two hypotheticals you’ve given.

First of all, on the public website, that is not a system that requires authorization. It’s not one that uses required credentials that reflect some specific individualized consideration.

CHIEF JUSTICE ROBERTS: Okay. Then limit my – my question to any computer system where you have to, you know, log on.

MR. FEIGIN: So, Your Honor, I don’t think all log – all systems that require you to log in would be authorization-based systems because what Congress was driving at here are inside –

CHIEF JUSTICE ROBERTS: All right. Well, then every – every system that has a password.

MR. FEIGIN: No, Your Honor, and let me explain why. What Congress was aiming at here were people who are specifically trusted, people akin to employees, the kind of person you – that had actually been specifically considered and individually authorized.

I don’t think we say that about –

CHIEF JUSTICE ROBERTS: Well – well, you just talked about what Congress was aiming at. I’m – I’m concerned with the text of the statute.

MR. FEIGIN: Sure, Your Honor. I think this – this text – our reading of the text is consistent – reading of the word “authorization” to mean – require individualized consideration makes sense in this context. It’s consistent with the Court’s decision in Washington County and the dictionary definitions cited in pages 37 to 38 of our brief. And I think it makes sense as just a matter of plain English.

I don’t think you’d say that a system – that the Museum of National African American History and Culture required authorization to enter when you had a sign-up sheet and anybody from the public could come in, they just had to register for a particular time.

Services like Facebook and Hotmail that will give accounts to anybody who has a pulse and – and even people who don’t, because they don’t really check, those aren’t authorization-based systems.

And I – I think that narrow meaning makes a great deal of sense in the statute, and it takes care of, like, nearly an entire parade of horribles.

CHIEF JUSTICE ROBERTS: Well, I don’t understand your – your example of the museum. I mean, if the guard says – it would be natural for him to say, are you authorized to enter at this time? I don’t – I don’t know – I don’t understand your focus on authorization as a limiting term.

MR. FEIGIN: Well, Your Honor, I think authorization clearly, as the Court used it in Washington County and as various dictionaries use it, refers to some level of consideration and affirmative thought-out permission.

And the question there is –

CHIEF JUSTICE ROBERTS: Thank you, counsel.

Justice Thomas.

JUSTICE THOMAS: Thank you, Mr. Chief Justice.

Mr. Feigin, I’d like you to respond to Mr. Fisher’s argument about the Rule of Lenity. He seems to think that even if this is a toss-up or it looks like a toss-up, we should rely on that since this is a criminal statute. What’s your response to that?

MR. FEIGIN: I have two, Your Honor. Number one – and I’m happy to get into this – I don’t think there’s – this is a grievously ambiguous statute or even an ambiguous one. I think it clearly supports us, and his reading is textually insupportable.

The second – and I’ll get back to that in a second – but the second thing I’d say is, if the Court does think the Rule of lenity ought to apply here, I think the better place to apply it is on words like “authorization,” as I was just discussing with the Chief Justice, or the word “use,” which I think really has to require that the access is instrumental to obtaining data that the user – that would otherwise be inaccessible.

If you’d like, I can drill down on that textual point.

JUSTICE THOMAS: No, that’s – that’s good enough. I’d like – I’d like to go to something slightly different.

The language in – before the ‘84 amendments seemed to cover this more precisely or expressly. Of course, we have a change in there are fewer words, and it – it flows a bit better, but would you work through – would you explain your – without getting too much in the legislative history, the change in language and why you think it actually expands its coverage as opposed to compressing it, as Mr. Fisher seems to think?

MR. FEIGIN: Your Honor, I don’t know that it expands it so much as it – it really just clarifies it. I mean, it’s much simpler and more concise.

And I think one thing that it does is, if you look at the previous language, I think it was potentially subject to the interpretation that you had to look to the purposes the – behind the authorization, like why is this particular person authorized to use the system, whereas the current language is much more focused on the express limits that are inherent in the authorization itself. And I think it really clarifies that point and doesn’t – doesn’t invite any – any further inquiry.

And, Your Honor, I – I know the question was made without reference to legislative history, but I think the legislative history is quite clear that – on – on this particular point.

JUSTICE THOMAS: Thank you.

CHIEF JUSTICE ROBERTS: Justice Breyer.

JUSTICE BREYER: Well, I take it that if I go to my PC, there are, seems to me, dozens and dozens and dozens of sites where they say you may enter this site and use the information here if you agree to the following terms of access. And then you have a big list in small print that goes on for quite a long ways, pages. I take it that would be covered and the terms of access would be what’s permitted and what isn’t, authorized and not, correct?

MR. FEIGIN: No, Your Honor.

JUSTICE BREYER: No? Why not?

MR. FEIGIN: “Authorization” in this statute has a meaning of being granted specific individualized permission. And so –

JUSTICE BREYER: I’m not granted that when I – they say in this piece of paper – or not on a piece of paper – it says in the thing, you’ve – here are the terms of access, you can – you can use whatever we’re giving on this site for the following purposes but not for the other purposes. Now that isn’t covered?

MR. FEIGIN: No, Your Honor, no more so than, I think, you would think that your – you’ve been specifically authorized to enter if you walk into a building and there’s a sign posted on the outside about some things you’re not supposed to do in a building.

I – the word “authorization” under the dictionary definitions that this Court made clear in Washington County requires some kind of individualized permission. And –

JUSTICE BREYER: So, if your employer tells you, Mr. Jones, you work for me, here is a PC, you will get all kinds of e-mails on this PC, you are never to use this e-mail for a personal purpose, and then he does, uses it for personal purposes –

MR. FEIGIN: So –

JUSTICE BREYER: – that doesn’t violate the statute?

MR. FEIGIN: So, Your Honor, this gets to the second limiting feature of the statute. So let – let’s assume it’s an employee who has satisfied the definition of authorization. He’s been specifically individually authorized to use the computer. I don’t think the word “use” necessarily requires that the user do something the user couldn’t otherwise do.

And I think there’s two reasons for that in this statute. First, the statute refers separately to accessing the computer and using the access, which shows that using the access has a further narrowing function.

And, second, the user has to use the access, not just the computer itself. So if I – you decide to send an e-mail to your friend about when you’re going to have lunch together, and that’s something you could do from your phone, there’s nothing special about using the access.

I point you back to the warehouse example I gave in – in – in my introductory remarks that just substitutes the word “warehouse” for “computer” and “items” for “information.” I don’t think we’d have any trouble really understanding these distinctions. If that’s a statute that’s aimed at insiders who are people trusted to get into the warehouse who do obtain the items in – in ways that they’re not supposed to obtain, then I don’t think we’d – we think it would be covering these – these other kinds of scenarios.

If I were to tell you that – if I were to talk about a statute where somebody steps on a ladder and uses such step to retrieve an item, you’d think it was an item that the person couldn’t get without stepping on the ladder and using the ladder, not an item that was easily reachable from the ground.

CHIEF JUSTICE ROBERTS: Justice Alito.

JUSTICE ALITO: Well, I find this a very difficult case to decide based on the briefs that we’ve received. In response to the concerns about the effect on personal property – personal privacy of adopting Mr. Fisher’s recommended interpretation, he says don’t worry about that because there are other statutes that cover it, but I don’t really know what those statutes are in many of those instances.

And on your side, with respect to the argument that adopting your interpretation would criminalize all sorts of activity that people regard as largely innocuous, you suggest that there are limiting instructions, but – limiting interpretations, but I don’t know exactly what they are.

And it would really be helpful to see them in writing. So what exactly is authorization? What exactly does it mean to obtain or alter information? What is this statute talking about when it speaks of information in the computer?

All information that somebody obtains on the web is in the computer in a sense. I have a feeling that’s not what Congress was thinking about when it adopted this. So I don’t really know what to do with – I don’t really understand the potential scope of this statute without having an idea about exactly what all of those terms mean.

What – what help can you give us on that? Is this something that would be – would be helpful to have specific briefing on the meaning of all these terms?

MR. FEIGIN: Well, Your Honor, I actually think the answer to that is no, and the problem you’re facing is because of the way Petitioner has teed up the case for you. Petitioner is focusing on only one very small bit of the language here, the entitled “so” language, and hinging his entire parade – he’s asking – then he’s trotting out this parade of horribles and telling you the only way to avoid it is to interpret that language, which I think is quite clear, in his manner as a way that would get rid of all the privacy protection that the statute provides.

There are all these other limitations that Your Honor has pointed to. I don’t think this is the case in which we can brief them because he acknowledges that his own conduct satisfies them.

We have identified for the Court the ways in which – some ways in which courts could limit these things. I think the proof is in the pudding, which is that I believe it was Your Honor who asked him where the parade really is, and he could identify two members of the parade; one was the Drew case that didn’t actually result in a sustained conviction, and the other was a Ticketmaster case in which the defendant hired Bulgarian hackers to circumvent some technological limitations.

And I think that shows that everybody’s understood this statute not to cover that kind of conduct and to cover the kind of conduct that’s at issue here today –

CHIEF JUSTICE ROBERTS: Justice Sotomayor.

MR. FEIGIN: – just like the Court –

CHIEF JUSTICE ROBERTS: Justice Sotomayor.

JUSTICE SOTOMAYOR: Counsel – I’m sorry, Mr. Feigin. My problem is that you are giving definitions that narrow the statute that the statute doesn’t have. You’re asking us to write definitions to narrow what could otherwise be viewed as a very broad statute and dangerously vague.

But more importantly to me, you said that there is no ambiguity in this statute, but let me give you an example. Imagine a law that says anyone who drives on Elm Street who is not authorized so to drive shall be punished.

The “so to drive” to me could mean if you’re not authorized to drive on Elm Street. But, under your theory, it could be and might very possibly be read as saying you can’t ride on Elm Street if you’re driving on it with an illegal purpose, you’re speeding, you’re breaking the law on curfew, you’re texting. It could even cover people who drive on Elm Street on their way to commit a different crime, because they weren’t authorized to be on Elm Street for the purpose of committing a crime.

So, to me, if all you’re relying on is that word “so,” I don’t get around the ambiguity, especially when the other side points to so many examples in the criminal code where the “so” refers to the – in the manner that has just been described.

MR. FEIGIN: Well, Your Honor, what I think he – or what I think Petitioner relies both at argument today and on page 3 of his reply brief is that “so” in this statute doesn’t refer back to accessing the computer. It refers back to use such access.

Everyone agrees that “so” means in that manner, and the statute refers to a particular discrete act. So, if on some occasion a user is not entitled to use his access to obtain certain information, I think he’s clearly violated the statute.

He tries to get around that –

JUSTICE SOTOMAYOR: Don’t you think your – Mr. Feigin, doesn’t your reading sort of render superfluous the second part of the statute? I think what you’re arguing is, if I’m not authorized to go on the computer for this purpose, then we don’t need the second half of the statute.

MR. FEIGIN: Are you talking about the “without authorization” prong, Your Honor?

JUSTICE SOTOMAYOR: Exactly.

MR. FEIGIN: Actually, Your Honor, I think it –

JUSTICE SOTOMAYOR: Well, without authorization or exceeding – or – or exceeding authorization access.

MR. FEIGIN: Sure. Your Honor, I actually think it’s their reading that collapses the two prongs because, if all Congress were concerned about were people who get information they’re not supposed to obtain, it would have a simple one-prong statute that criminalizes accessing a computer and obtaining information that the accessor is not entitled to obtain.

Instead, it broke out a piece for without – people who access without authorization, the hackers, and people who exceed authorized access, the insiders. And the main danger that insiders present is the precise danger that this case exemplifies.

JUSTICE SOTOMAYOR: One last question, counsel. Why do we need other parts of the statute, like 3030(a)(4), that speaks about exceeding authorized access for fraudulent purposes? Under your theory of the case, that is a completely superfluous provision.

MR. FEIGIN: No, Your Honor. Something that would come in under (a)(4) but not (a)(2)(C) would be, for example, somebody at Amazon who has access to the ordering database who modifies that database to get an extra item delivered to him or herself.

CHIEF JUSTICE ROBERTS: Justice Kagan.

JUSTICE KAGAN: Mr. Feigin, if – if I understand your brief correctly, you would concede, wouldn’t you, that if the word “so” wasn’t there, you would lose this case?

MR. FEIGIN: I think it would be a much tougher case for us without the word “so,” Your Honor.

JUSTICE KAGAN: Okay. So then the question is what does “so” mean, and picking up on what you were saying to Justice Sotomayor, if I understand Mr. Fisher’s argument, he says “so” means by accessing a computer.

And you just said “so” means by using your access. And why is it that we should pick your choice of the prior reference rather than his choice of the prior reference?

MR. FEIGIN: The anti-surplusage canon, Your – Your Honor. If all “so” is doing in a statute – and this is his reading – if all “so” is doing in the statute is to make sure that the statute covers someone who could get similar information from a non-computerized source, then it’s entirely surplusage.

JUSTICE KAGAN: I think he disputes that and I think he has a point here. He’s saying that what that prevents is using the statutes in – in – as to cases where you could obtain the information in a non-digital manner.

MR. FEIGIN: Well, Your Honor, the information is – the statute’s already limited to information in the computer. That is the computer record, the bits and bytes. And I can – that has to be the case because the statute covers not only obtaining but also altering.

When it refers to altering information in the computer, surely it’s referring to altering the specific record of, say, my birthday, rather than the abstract fact of the day I was born simply because it happens to be contained in a computer or in the computer that was accessed.

And so, if we’re limiting this to people who can’t use their computer access, as opposed to having somebody read them something over the phone, then that limitation’s already quite clearly baked into the statute.

JUSTICE KAGAN: Thank you, Mr. Feigin.

CHIEF JUSTICE ROBERTS: Justice Gorsuch.

JUSTICE GORSUCH: Good morning, Mr. Feigin. I guess I’m – I’m curious about a – a bigger picture question, and that is this case does seem to be the latest, as – as the Petitioner’s pointed out, in a rather long line of cases in recent years in which the government has consistently sought to expand federal criminal jurisdiction in pretty significantly contestable ways that this Court has rejected, whether we’re talking about Marinello or McDonnell or Yates or Bond. You pick your favorite recent example.

And I’m just kind of curious why we’re back here again on a – a – a rather small state crime that – that is prosecutable under state law and perhaps under other federal laws to try and address conduct that – that would be rather – rather – rather remarkable, perhaps making a federal criminal of us all.

MR. FEIGIN: Well, Your Honor, we don’t think the statute does that for – for reasons I – I’ve tried to explain and we get into in our briefs. And we do think the statute is aimed at – at precisely this sort of thing. And I – I can give you several examples of –

JUSTICE GORSUCH: But I’m – I’m – I’m asking a bigger question, and that is there is – there’s – there’s this pattern, and I would have thought that the Solicitor General’s Office isn’t just a rubber stamp for the U.S. Attorney’s Offices and that there would be some careful thought given as to whether this is really an appropriate reading of these statutes in light of this Court’s holdings over now about 10 years, maybe more, in similar laws.

MR. FEIGIN: Your Honor, we do think this is the correct reading of the specific narrow portion of the language that is at issue here.

We do not think that every prosecution that they’re positing or even every prosecution we’ve brought, let’s take the Drew prosecution as an example, is one that would validly be brought under this statute.

But the kind of misconduct we have here, where a police officer tips off a criminal about something, is exactly the kind of misconduct that the statute was aimed at, because the police officer is abusing his trust and has access to state and – and national databases which he is – Petitioner here abused.

JUSTICE GORSUCH: Thank you, Mr. Feigin.

CHIEF JUSTICE ROBERTS: Justice Kavanaugh.

JUSTICE KAVANAUGH: Thank you, Chief Justice.

And good afternoon, Mr. Feigin. Let’s focus on the text a bit. I’d look at the text and think “accesses a computer without authorization” means someone who gets on a computer that they’re not allowed to get on. And “exceeds authorized access and obtains information,” I would think, means you’re allowed onto the computer, but you go into a file that you’re not allowed to access and that those two things are what the statute might speak to and that disclosure of information that you obtain or misuse of information you obtain is something distinct.

But merely browsing around, obtaining the information, that you’re not – in a file you’re not allowed to look at is what that second prong is getting at.

So why is that wrong as a textual matter?

MR. FEIGIN: Well, a couple of points, Your Honor.

First, I – I don’t think that’s all the second – I – I don’t think that’s – if that’s all the second prong covers, then, basically, that’s just like saying, if we do a brick-and-mortar analogy, this is like saying you can’t – it’s a crime to go into the back office – for an employee of a store to go into the back office and take money out of the shoe box where we keep petty cash because he’s not allowed ever to get at the petty cash box.

But he can take as much money as he wants for himself out of the cash register because he’s entitled to go into the cash register to make change.

It’s – so it’s not just limited to files. We do think it – it goes to the limits of the authorization.

The – the second point I would make, just to get back to the text here, Your Honor, is that, as I was trying to explain earlier to the Chief Justice, authorization has a meaning here, and everyone, I think, can fairly agree that the meaning – one meaning of “authorization” is that you have given someone specific permission. That’s the definition that we’ve cited in our briefs, and it’s amply supported. And the question – there might be questions how specific the permission has to be, but, in context, I think the permission needs to be fairly specific.

So there are going to be a number of systems that aren’t necessarily covered by either prong directly –

JUSTICE KAVANAUGH: Again –

MR. FEIGIN: – that would be –

JUSTICE KAVANAUGH: – I’m sorry to interrupt, but I – I want to get one more question in.

MR. FEIGIN: Yes.

JUSTICE KAVANAUGH: I think you acknowledged to Justice Kagan that you would be in trouble here if the word “so” were deleted. And you relied on the surplusage canon, but she pointed out that there is some meaning offered by Petitioner to the word “so.”

But even if it were surplusage, that – that canon can only take you so far, and this would be, as Justice Gorsuch said, a fairly substantial expansion of federal criminal liability based on one word that you’re saying we have to interpret a particular way because of avoiding surplusage.

Can you respond to that quickly?

MR. FEIGIN: Well, let me say a couple of quick things about that.

One is – this may sound a little trite, but just because the word’s two letters doesn’t mean the anti-surplusage canon ought – ought not to apply.

The second thing I’d say is that the word “so” here really does ensure that this is covering the kind of conduct that Congress wanted to cover. He would be – like, it – without our interpretation, this is going to leave open anybody to use any information that they have – or – or look up any information for any – under any circumstances whatsoever so long as there’s some narrow conceivable circumstance under which they’d be allowed to do so. And that doesn’t –

CHIEF JUSTICE ROBERTS: Justice Barrett.

MR. FEIGIN: – really make a lot of sense.

JUSTICE BARRETT: Good afternoon, Mr. Feigin. I want to follow up on Justice Kavanaugh’s question. The interpretation that he offered to you of that language, “accesses a computer without authorization or exceeds authorized access,” is similar to the kind of on/off switch that I was describing to Mr. Fisher since you’re either authorized to be there or you’re not, and it doesn’t really take into account questions of scope.

You say that “so” is what really makes your argument. So are you saying that there isn’t any kind of inherent idea of a scope of authorization simply in the word “authorize” itself?

MR. FEIGIN: There – there is inherent in the word “authorized” the scope of authorization, Your Honor. I – I think that is – the access is the authorized access, and then you’re using the access in – in a manner you’re not – you’re not permitted so – so to use it. So you are exceeding a limit on your authorization. But I think “so” actually refers back to the word “access.”

But I – I – just to clear up the – any confusion here, to – the – the word “authorization” refers to specific individualized permission, and there are going to be systems that don’t really require that at all. And so, if I access a public website, you know, just like I wouldn’t really normally talk about going to a public park with or without authorization, it’s just a thing everyone can do, that wouldn’t be a system – a public website wouldn’t be a system that has authorization –

JUSTICE BARRETT: I mean, it seems to me –

MR. FEIGIN: – in the sense used by the –

JUSTICE BARRETT: – though, you’re attributing an awful lot of specificity to the word “authorization” that it doesn’t, you know, have. You can have very specific authorization from an employer – I mean, even from a professor. What if a professor teaching a class, a small class, very individualized, 12 seminar students, and she says you may use a computer in class to take notes but for no other reason?

MR. FEIGIN: Well, Your Honor, I –

JUSTICE BARRETT: For instance, check personal Gmail.

MR. FEIGIN: Well, Your Honor, I don’t think that – I don’t think that’s the kind of authorization the statute’s referring to. It’s talking about authorization by the owner of the computer data, not just some external constraint that’s placed on anybody.

And I think that would be problematic even under Petitioner’s reading of the statute because, all of a sudden, you’re prohibited from going into any file in your computer, and the person has flatly prohibited that for that period of time.

So he doesn’t really avoid that. The same way his parent/child hypothetical falters on his own reading of the statute because you could – I could instruct my child not to go into a particular file or use a particular program.

I – I – I understand the Court’s reaction that we are pointing to a bunch of limitations and trying to kind of spec them out, but I really think that’s a problem with the way Petitioner’s teed up this case. He’s focused on this very limited, specific portion of the language. He’s then argued that unless you do what he wants, all of this other stuff’s going to be opened up. And we don’t have much case law on the other stuff because nobody has ever really made any sustained effort to try to bring those kinds of cases. They certainly haven’t resulted in any kind of liability.

Our point here isn’t to defend or – any particular case that isn’t this one. And to the extent we start to see cases like that, that’ll give courts, including this Court if necessary, the opportunity to further articulate those limits. I mean, it shouldn’t –

CHIEF JUSTICE ROBERTS: A minute to wrap up, Mr. Feigin.

MR. FEIGIN: Thank you, Your Honor.

I think – just to continue with what I was saying, I think what the Court should not do is to interpret this particular portion of the statute in an atextual manner that’s different from how the Court viewed the plain language in Musacchio in order to avoid a parade of hypotheticals that hasn’t really occurred.

I mean, let me give you some examples of things that, on his reading, wouldn’t be covered by this or any other federal statute so – so far as we know. A police officer tipping off a friend with insider information that he got from a database; he knows the friend is a criminal, but he doesn’t know the purpose to which the friend’s going to put it, so he can’t – we can’t get him for attempt, we can’t get him for conspiracy.

Someone who’s leaving a company and he takes the entire customer database with him, it’s not a trade secret, he just wants to use it for himself. Or an IT technician at a court who reveals predecisional e-mails from the court’s e-mail server.

Thank you, Your Honor.

CHIEF JUSTICE ROBERTS: Thank you, counsel.

Rebuttal, Mr. Fisher?

REBUTTAL ARGUMENT OF JEFFREY L. FISHER

ON BEHALF OF THE PETITIONER

MR. FISHER: Thank you. I’d like to make two textual points and one consequences point.

First, as to the text, I don’t think it matters if Mr. Feigin said whether “so” refers strictly to accessing the computer with authorization or whether it refers to such access. Either way, it’s referring to the manner of getting the information, which is by computer.

And I think that also disposes of his surplusage argument about the words later in the statute “in the computer.” Yes, it picks up “in the computer,” but that same information might be available from some other source. And so that’s what “so” is doing.

The second textual point is about the word “authorization.” The government clearly is putting an enormous amount of weight on that term in this statute. But there’s just very serious problems with that.

For one thing, the statute talks about either with authorization or without authorization. And so, if you’re going to say that none of these public-facing websites are being accessed with authorization, then it might be they’re all being accessed without authorization, which would open up a whole other set of problems.

But even as to the plain meaning of the term that Mr. Feigin proposes, it just escapes me why logging into your work computer does not establish authorization or logging into your Westlaw account or satisfying an age-based restriction on Facebook or being single and therefore being authorized to use a dating website, et cetera, et cetera.

All of these websites and work computers are accessed only with authorization, as even Mr. Feigin defines the term, and so that doesn’t meaningfully narrow the statute.

And then I think what you’re left with is this problem about consequences. And the best thing the government can say is we haven’t brought a whole bunch of these prosecutions yet. Remember, even the government’s 2014 charging policy doesn’t talk about any of these other restrictions Mr. Feigin has been talking about today. Instead, what it says is federal prosecutors “may” decide not to bring these kinds of cases.

But, for all the textual reasons we’ve described, they would be available under the government’s reading. And then you’re – I think you’re left with Justice Gorsuch’s point, which is the Court over and over again has had cases in recent years and even further back, cases like Kozminski, where the government offers a reading of a federal statute that would sweep in everyday conduct, and it’s never been an answer to that kind of an argument to say trust us, we won’t bring those kinds of cases, or even saying construe the statute the way we ask now, and if those problems arise in the future, then you can address them.

What the Court has done in every one of those cases is apply the traditional tools of construction to say any ambiguity in the statute must be construed narrowly because of fair notice and other – federalism and related principles.

So, for those reasons, we’d ask the Court – ask the Court to reverse.

CHIEF JUSTICE ROBERTS: Thank you, counsel. The case is submitted.

(Whereupon, at 12:42 p.m., the case was submitted.)

Official - Subject to Final Review