http://www.larkinhoffman.com/news/article_detail.cfm?ARTICLE_ID=767&ARTICLE_TYPE_ID=2
In February 2010, in United States v. John, a criminal case, the U.S. Court of Appeals for the Fifth Circuit resolved an issue related to the statutory interpretation of “exceeds authorized access.”[ix] The court examined whether information obtained by permitted access to a computer system, but used beyond limits placed on the use of such information, falls within the definition of “exceeds authorized access” under the CFAA.[x] In this case, an employee of a financial institution had access to customer account information and passed it along to others, who then incurred fraudulent charges on those customers’ accounts.[xi] The employee was convicted because she exceeded her “authorized access” to a computer system and obtained information from a financial record of a financial institution.[xii] The court held that “the concept of ‘exceeds authorized access’ may include exceeding the purposes for which access is ‘authorized.’”[xiii] Affirming the conviction,[xiv] the court held that the employee’s access to her computer was limited and that she exceeded her authorization when she accessed information for use in a fraudulent scheme, which she knew or should have known was unauthorized.[xv]
