Book Review: Hatchet Man by Elie Honig

Former Attorney General William Barr’s misconduct in office has been well-documented. But it may take someone who worked as a federal prosecutor to fully appreciate the true nature and extent of the damage Barr did to the Department of Justice. Former federal prosecutor and now CNN senior legal analyst Elie Honig provides that perspective in a new book, “Hatchet Man: How Bill Barr Broke the Prosecutor’s Code and Corrupted the Justice Department.” It’s a sobering look back on Barr’s two-year assault on the very foundations of the Justice Department – an assault from which DOJ likely will need years to recover.

William Barr
Former Attorney General William Barr

The Prosecutor’s Code

Honig structures his book around what he calls the “prosecutor’s code” – core principles that guide the behavior of good prosecutors, such as impartiality, independence, owning up to mistakes, and keeping politics out of prosecutions. Honig believes a key reason Barr failed as Attorney General is that he has never worked as a federal prosecutor and never understood this prosecutor’s code.

An AG without prosecutorial experience could at least compensate by hiring top aides with that background. But as Honig points out, Barr didn’t do that either. His Deputy Attorney General and Assistant Attorney General – the number two and three spots at the department – likewise had no prosecutorial experience. Even the assistant attorney general for the criminal division had no experience as a criminal prosecutor. That’s sort of like a hospital hiring a dermatologist to be the head of open heart surgery.

Barr spent most of his career as a civil attorney. A civil litigator’s job is to win – to get the best possible outcome for the client, within the bounds of law and ethics, regardless of what might objectively appear just or fair. But prosecutors have a higher obligation. As one of Honig’s supervisors told him early in his career, good prosecutors don’t do “wins and losses.” Their duty is to see that justice is done and to protect the justice system. Barr, having never been a prosecutor, never appreciated this.

Another reviewer took issue with this argument, noting that prosecutorial experience does not guarantee respect for the rule of law. She cited as an example former federal prosecutor Sydney Powell, the infamous lawyer in Trump’s “Kraken” lawsuits challenging the election who now faces professional sanctions. But this misses Honig’s point. He’s not claiming that having been a prosecutor will automatically make you a good Attorney General. He’s arguing that it’s awfully difficult to be a good Attorney General without that experience. I think he’s right about that, and I agree it’s part of the reason Barr was such a disaster. It became clear during Barr’s tenure that he simply did not “get” the Department that he led. He was too willing to view DOJ as simply another political institution, and his own power as a means to achieve political ends.

Spinning the Mueller Report

One of Barr’s most egregious actions as attorney general – and one of the biggest favors he did for president Trump — was his dishonest handling of the Mueller report. Honig walks us through the entire shameful episode. It began, of course, before Barr was even hired as attorney general, when as a private citizen he wrote an unsolicited nineteen page memo to DOJ arguing that Mueller’s investigation was “fatally misconceived.” Honig refers to this as Barr’s “audition memo” for the attorney general position. Once Barr got the job, he did not disappoint the man who hired him.

A mere two days after receiving Mueller’s 400-plus page report, Barr held a press conference and released a four page letter to Congress purporting to summarize it. He successfully “spun” the report and misled the public about Mueller’s conclusions. He failed to release the summaries Mueller had prepared that would have given the full picture. By the time the redacted report was made public weeks later, Trump’s claims that Mueller had found “no obstruction, no collusion” had firmly taken hold in the public consciousness – aided by Barr’s misleading conduct.

Many, including Honig, have been critical of Mueller and the way he handled his report. But the irony is that Mueller actually was following that prosecutor’s code to which Honig refers. Mueller played by the rules, kept politics out of his decisions, and followed the facts where they led. His mistake, and perhaps his naivete, was in assuming that his boss, the nation’s top prosecutor, would follow that same code. Instead, Barr seized the opening Mueller gave him and stuck a knife in Mueller’s back.

Roger Stone
Roger Stone

The Flynn and Stone Cases

None of Barr’s actions demonstrated his failure to understand the prosecutor’s code more than his personal interventions in the cases of Trump allies Roger Stone and Michael Flynn. In the Flynn case, Barr’s DOJ took the unprecedented step of trying to drop the charges after Flynn had already pleaded guilty, taking laughable legal positions that contradicted decades of legal precedent. In Stone’s case, after prosecutors, with their supervisor’s approval, filed a memorandum arguing for a sentence within the recommended guideline range, Barr personally intervened to overrule them and argue for a lower sentence

In both cases the front line prosecutors withdrew in protest, an act that, as Honig notes, is almost unheard of. Those prosecutors had put their credibility on the line before the federal judge every time they appeared in those cases. They took legal positions consistent with precedent and prior practice and with the approval of their supervisors. And then they had their legs cut out from under them by the attorney general himself. Withdrawing was their only honorable option. If Barr had ever stood before a federal judge as a prosecutor, perhaps he would have understood that.

Honig also recounts Barr’s attempt to explain away these actions in an outrageous speech he made towards the end of his tenure. Barr argued that allowing decisions of lower level employees to be sacrosanct might be a “good philosophy for a Montesorri school, but it’s no way to run a federal agency.” In addition to infantilizing the thousands of career DOJ employees who worked for him, this argument completely missed the point. Of course the attorney general has the authority to overrule decisions made by line prosecutors. But these prosecutors had not “gone rogue” – their actions were approved by the relevant supervisors. And as Honig notes, the key question remains: out of the tens of thousands of criminal cases prosecuted by DOJ each year, why did Barr personally intervene only in the two cases that involved close allies of president Trump – allies who could potentially implicate the president himself in criminal activity?

The Sovereign District of New York

Honig also analyzes the bizarre incident where Barr tried to replace the U.S. Attorney for the Southern District of New York, Geoffrey Berman, with a Trump loyalist. After Barr initially said Berman was “stepping down,” Berman denied it. Barr was then forced to ask Trump to fire Berman.

Honig claims this episode demonstrates that Trump and Barr feared Honig’s former office, the SDNY, and had to try to bring it under control. He notes the office’s famous nickname, the “Sovereign District of New York,” and recounts how an article in The New Yorker once referred to SDNY prosecutors as the “killer elite.” Honig claims the members of the office relished that characterization, saying he personally “goddamn loved it.” He says the SDNY prides itself on its willingness to flaunt the rules from “Main Justice” in Washington and chart its own course. “What other federal prosecutor’s office,” he argues, “has the guts to take on cases that could harm the president of the United States?”

According to Honig the most important aspect of SDNY independence, and the reason Trump had cause for worry, is that the SDNY “simply does not do partisan politics.” He says he never once heard of political considerations influencing a case. I believe that – but the same is true of any good U.S. Attorney’s office. I experienced the same thing during my own career at the D.C U.S. Attorney’s office, which sees more than its share of politically-charged investigations. The prosecutor’s code that Honig describes requires that all prosecutions be apolitical. It’s odd for Honig to suggest this somehow sets the SDNY apart.

In any event, the facts unfortunately don’t support Honig’s claims about his old office. For example, the SDNY apparently was ready to execute search warrants for Rudy Giuliani’s records some time in 2020. A truly “sovereign” office might have anticipated that Barr’s DOJ would object and simply gone ahead with the warrants – following the old adage, “it’s better to ask forgiveness than to ask permission.” But that didn’t happen. Barr’s DOJ successfully prevented the warrants from being executed. Only after the Biden Justice Department was in charge did the searches take place – after Giuliani had months to prepare for them.

Similarly, when Michael Cohen pleaded guilty to a campaign finance violation for the Stormy Daniels payoff, he famously said the president himself – “Individual #1” – directed him to commit the crime. If Trump acted willfully, that would make him equally as guilty as Cohen. Given the DOJ policy against indicting a sitting president, perhaps the SDNY could not reasonably be expected to charge Trump while he was in office. But a truly “sovereign” office might at least have confirmed Trump was culpable by, for example, naming him as an unindicted co-conspirator. In any event, Trump left office six months ago, losing the shield of that DOJ policy — and still no charges.

It was New York state prosecutors, not the SDNY, who investigated the potential financial crimes by the Trump organization and waged the successful battle to obtain Trump’s tax returns. And it was state prosecutors who charged the Trump Organization and its CFO Alan Weisselberg with tax fraud – even though the largest portion of that alleged fraud involved federal tax offenses that could have been pursued by the SDNY.

Honig is a proud alum of the SDNY and perhaps can be forgiven for the paean to his old office. But the truth is the “sovereign district” did no better than the rest of the Department of Justice at resisting the Trump/Barr onslaught. And it’s a bit jarring that Honig fails to recognize that the sort of macho swagger he describes as the office’s culture does not rest very comfortably with his own “prosecutor’s code,” which includes such traits as humility.

Other Examples of Barr’s Misconduct

Honig walks us through a number of other troubling incidents as well, including Barr’s failure to investigate and attempts to conceal Trump’s actions in connection with Ukraine (the misconduct that ultimately resulted in his first impeachment); Barr’s role in the incident in Lafayette park where protestors were gassed to make room for a Trump photo-op; and Barr’s decision to appoint Connecticut U.S. Attorney John Durham to “investigate the investigators” by probing the basis for the original Russia investigation. Overall, the book is a harrowing review of a tumultuous two years. It’s remarkable how much damage Barr was able to do in such a short period of time.

Honig concludes with proposals for nine reforms to help the Justice Department restore its public standing. Some have already taken place. For example, he calls for new rules governing communications between DOJ and the White House. Last week Attorney General Merrick Garland issued such rules.

The Barr Enigma: Why Did He Do It?

When Barr was first appointed to be attorney general, many Trump critics were cautiously optimistic. Honig, as he admits, was one of them. So was I. Barr was conservative, of course, but he had a reputation as a serious person and had done the job before. He seemed like someone who could be trusted to preserve and uphold the principles that guide the Justice Department. Instead, he did something I would have thought impossible: he left us pining for his predecessor, Jeff Sessions.

So why did Barr do it? Honig offers three possible explanations: a simple lust for power, a desire to implement his own expansive views on executive authority, and a religious desire to combat secularism. But Honig doesn’t really spend much time trying to grapple with Barr’s motivations, and the attempt to link Barr’s actions to his religious views, in particular, seems strained. The book sometimes has an almost knee-jerk, “Barr = bad” feel to it. I think the truth is more complicated.  

Consider, for example, Barr’s actions after the election, when Trump and his allies were claiming the election was stolen. It’s true Barr made some halfhearted remarks about investigating voter fraud. But in the end he refused to endorse Trump’s claims about the election and told Trump the arguments were “bullshit.” Imagine if Barr had been a Rudy Giuliani, backing Trump’s claims with the full power of the Department of Justice? Trump may well have succeeded in overturning the election.

Honig chalks this up to simple self-interest: Barr’s attempt to get off the sinking Trump ship and preserve his own legacy. Maybe that’s correct. But the fact remains that, in the end, Barr did the right thing. To paraphrase Shakespeare, nothing in Barr’s career as attorney general became him like the leaving it. But after being willing to drive DOJ into a ditch for two years, it’s fascinating that Barr decided to turn the wheel at the last minute.

As Honig note, Barr was not a classic Trump MAGA sycophant, doing whatever it takes to please the president. But then what explains Barr’s intervention in the Flynn and Stone cases? That seemed all about feeding Trump’s “witch hunt” persecution fantasy. Why did Barr step in, particularly when he must have known that Trump would almost certainly pardon both men in the end? Rationales such as seeking to maximize executive power don’t really explain it.

Other incidents also raise unexplored complexities. For example, Honig criticizes Barr’s decision to have the Department of Justice defend Trump in the defamation suit brought by E. Jean Carroll, a woman who claims Trump raped her in the 1990’s. But as I wrote here, that was probably the correct decision in terms of protecting all executive branch employees from future private lawsuits. After Honig’s book went to press, attorney general Merrick Garland came to the same conclusion and decided to continue the defense. That doesn’t mean it’s the right decision, of course, but at a minimum it suggests the matter is more nuanced than Honig lets on.

To me, Barr’s behavior is really a puzzle. But we will have to await future authors to perhaps probe more deeply not just what Barr did, but what explains it.

Conclusion

In this cynical age it’s tempting to dismiss the ideals Honig describes as the “prosecutor’s code” as fanciful platitudes. It’s easy to claim the Department of Justice is just about power and politics, like almost everything else in Washington. Good prosecutors like Honig, and like the thousands of others who were appalled by Barr’s actions and registered their protests during his tenure, know this is not true. They recognize the critical role of the prosecutor in our system of justice and the importance of the code that good prosecutors follow. And they recognize the dangers that arise when that code is ignored or subverted.

Barr’s actions poured fuel on the fires of public cynicism about the justice system. It’s now the job of the Garland Justice Department to try to quell those fires and begin the long, slow process of restoring DOJ’s reputation. It remains to be seen whether that is possible or whether the damage done by Barr was too extensive. The DOJ faced similar challenges after the damage done during the Watergate scandal. Honig’s book provides an important review of a history we must remember if we are not to be doomed to repeat the same mistakes yet again.

Like this post? Click here to join the Sidebars mailing list

Supreme Court Narrows Cybercrime Law

Last week the Supreme Court decided an important case concerning the scope of the federal government’s main cybercrime law, the Computer Fraud and Abuse Act. I wrote this post about the case, Van Buren v. United States, late last year when it was argued. As I expected, the Court has ruled in favor of the defendant and rejected the government’s sweeping interpretation of the CFAA. That was a welcome development — but the Supreme Court’s Van Buren decision leaves unresolved at least one important question concerning what kinds of computer-related misconduct might still be subject to prosecution.

Van Buren’s Prosecution

This case involves a particular subsection of the CFAA, 18 U.S.C. §1030(a)(2)(C). Under that subsection, a person commits a crime if he “accesses a computer without authorization or exceeds authorized access, and thereby obtains information” from that computer. The term “exceeds authorized access” is further defined to mean, “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” §1030(e)(6). The key issue in the case was what it means to “exceed authorized access” under this provision.

Nathan Van Buren was a police officer in Cumming, Georgia.  In exchange for a bribe, he searched a police database for a vehicle license plate number. The person who paid the bribe, Andrew Albo, told Van Buren the car belonged to a woman he had met and he wanted to be sure she was not an undercover police officer. Van Buren knew that, pursuant to police department policy, he was allowed to use the database only for legitimate law enforcement purposes. What he didn’t know was that Albo was actually cooperating with the FBI in an undercover investigation.

Van Buren was convicted for violating section 1030(a)(2). There was no question he was authorized to access the police database. But the government argued Van Buren had exceeded his authorized access, and thereby obtained the license plate information, by performing the search for an improper purpose – namely, in exchange for a bribe.

Van Buren argued that the CFAA is primarily a computer hacking statute. He claimed the prohibition against exceeding authorized access criminalizes obtaining information from a computer only when a person has no right at all to access that information. It does not apply to obtaining otherwise accessible information for an improper reason – which is what Van Buren did when he ran the license plate number, in a database where he was authorized to be, in exchange for a bribe.

The government had argued for a broader interpretation. It claimed the prohibition against exceeding authorized access applies whenever a defendant was not entitled to obtain the information under the circumstances in which he did — even if he could have properly obtained that same information under other circumstances. Here, Van Buren was authorized to access the database to obtain license plate information for legitimate police purposes. But, the government argued, he exceeded his authorized access when he searched that same database in exchange for a bribe.

Justice Amy Coney Barrett

The Court’s Decision

Writing for a 6-3 majority, Justice Barrett found that Van Buren had the better of the argument. Much of the opinion is devoted to a detailed parsing of the statutory language. But in the end, it mostly came down to the meaning of one little word: “so.” 

The statutory definition of “exceeds authorized access” prohibits obtaining information that the defendant is not entitled “so to obtain.” The word “so,” Barrett wrote, requires an antecedent; it necessarily refers back to a “word or phrase already employed.” In this statute, she wrote, the antecedent is the act of accessing of a computer. “So to obtain” therefore refers to obtaining information by accessing a computer, as opposed to by some other means. Because Van Buren was authorized to obtain license plate information from this database, he was authorized “so to obtain” the information that he did. Doing so for an improper reason did not exceed his authorized access within the meaning of the statute.  

The government had argued that “so to obtain” prohibits any obtaining of information under circumstances or conditions that were not authorized. The problem with the government’s approach, Barrett wrote, is that  “the relevant circumstance—the one rendering a person’s conduct illegal—is not identified earlier in the statute. Instead, ‘so’ captures any circumstance-based limit appearing anywhere—in the United States Code, a state statute, a private agreement, or anywhere else.”  But, she wrote, the word “so” is not a “free floating term that provides a hook for any limitation stated anywhere.” Van Buren’s approach, which links the word “so” to a specific statutory provision, is the more logical reading of the statute.

Hackers and Gates

The majority agreed with Van Buren that this portion of the CFAA is concerned with “hackers” — a term that the Court uses rather loosely. The prohibition against accessing a computer without authorization applies to “outside hackers,” those who break into a computer system from the outside. The prohibition against exceeding authorized access complements this provision “by targeting so-called inside hackers—those who access a computer with permission, but then ‘exceed’ the parameters of authorized access by entering an area of the computer to which [that] authorization does not extend.” Van Buren was not an “inside hacker,” however, because he did have authorization to be in that database.

The majority also described this approach as a “gates up or gates down” analysis: “one either can or cannot access a computer system, and one either can or cannot access certain areas within the system.” The CFAA is violated when an individual breaches one of these “gates” without authorization. It is not violated when an individual is authorized to open the gate but does so for an improper reason.

The Parade of Horribles

Justice Barrett concluded by noting that the government’s position, if adopted, “would attach criminal penalties to a breathtaking amount of commonplace computer activity.” Much of the oral argument last November had focused on this so-called “parade of horribles.” Van Buren argued that under the government’s interpretation an employee would violate the CFAA by using a work computer for personal emails or online shopping if that was prohibited by company policy. Violating a website’s terms of use policy might also qualify, which could criminalize conduct such as lying in an online dating profile. In short, she concluded, “If the ‘exceeds authorized access’ prohibition criminalizes every violation of a computer use policy, then millions of otherwise law-abiding citizens are criminals.”

“In sum,” Barrett concluded, “an individual ‘exceeds authorized access’ when he accesses a computer with authorization but then obtains information located in particular areas of the computer— such as files, folders, or databases—that are off limits to him.” Because Van Buren did have authority to be in this police database, his use of that database in a way contrary to police department policy did not violate the CFAA.

Justice Thomas
Justice Clarence Thomas

The Dissent

Justice Thomas dissented, joined by Chief Justice Roberts and Justice Alito. He argued that the plain language of the statute resolved the case. “An ordinary reader of the English language,” he wrote, would agree that Van Buren exceeded his authorized access when he used the police database for an improper purpose. Thomas also argued the majority’s interpretation was contrary to traditional common-law property rules that criminalize the behavior of someone authorized to use another’s property who then exceeds the scope of that authorization.

Thomas noted that the majority’s interpretation placed a great deal of misconduct out of reach of the CFAA. Suppose, he argued, a scientist was authorized to obtain blueprints for atomic weapons under some circumstances. According to the majority, that scientist would therefore be “immune” if he obtained those blueprints for the improper purpose of helping an enemy power.

Finally, Thomas rejected the parade of horribles argument, suggesting that such concerns were speculative and far-fetched: “I would not give so much weight to the hypothetical concern that the Government might start charging innocuous conduct and that courts might interpret the statute to cover that conduct.”

Analysis of the Opinion

As I argued in my earlier post, I think the majority got it right here. Its interpretation is most in line with the overall purpose of the CFAA: preventing unauthorized intrusions into computer files owned by others. And it avoided the interpretation that would have made unwitting criminals of the vast majority of computer users – whether or not such cases would ever be prosecuted. Ruling against Van Buren would have turned the CFAA into a draconian personnel regulation.

I was surprised that the rule of lenity did not come into play in the majority’s decision. Frequently invoked in white collar cases, the rule provides that if there is any ambiguity in a criminal statute the court will err on the side that favors the defendant. It’s based on the rule that due process requires criminal prohibitions to be clear so people can know what is and is not permissible. The majority dismissed the rule of lenity as unnecessary, stating its interpretation was so clearly correct reliance on the rule was unnecessary. In a complex statutory case decided 6-3, I think that displays a certain — lack of humility.  Shocking, I know.

Scene from Casablanca

As for Justice Thomas’s arguments about property law, the majority reasonably pointed out that common law property doctrines – many of which have their roots in medieval England – don’t necessarily adapt well to the area of cybercrime. Better to focus on the precise definitions in this particular statute, which deals with a very specialized area.

Thomas’s concern about the nuclear scientist who sells weapons blueprints being “immune” from liability is not well-founded. Such wrongdoers are not immune; other statutes, such as those against espionage, would easily cover that criminal conduct. There is no need to stretch the boundaries of the CFAA to cover it as well. Van Buren engaged in misconduct and deserved to be punished, but a conviction under the CFAA is far from the only way to do that.

When it comes to the parade of horribles, here I am more inclined to agree with the dissent. Many white collar statutes potentially encompass relatively trivial conduct that, in the real world, is never prosecuted. It’s unlikely that if the case had gone the other way we would have seen a wave of prosecutions of employees for unauthorized Facebook use at work. But here Thomas was swimming against the tide of a Supreme Court trend. In a series of recent decisions the government has argued for broad interpretations of criminal statutes by saying essentially, “trust us – even if this interpretation might criminalize some trivial conduct, we won’t bring those cases.” The Court has refused to go along. Van Buren is in accord with this line of cases.

The 6-3 Breakdown

The breakdown of the Justices in the majority and dissent is interesting.  The newest, Trump-appointed Justices – Barrett, Kavanaugh, and Gorsuch – joined with the liberals – Breyer, Sotomayor, and Kagan – to form the majority. The other three conservatives – Thomas, Roberts, and Alito – were the dissenters.

Most of the conservatives on the Court profess to be textualists, whose decisions are driven primarily by the plain words of a statute. Indeed, Justice Barrett began her analysis by stating: “we start where we always do: with the text of the statute.” Both of the opinions seek support from the same book on statutory interpretation, which was co-authored by the late Justice Scalia, the father of modern textualism. The competing opinions are an interesting study in how even committed textualists can disagree over what the statutory language actually requires.

Some might also have expected the Trump appointees to vote to expand prosecutorial power, not to restrain prosecutors and free a criminal defendant. But decisions in criminal cases frequently do not break down along such ideological lines. Scalia, who is revered by today’s conservative Justices, was a strong voice against the expansive reading of criminal statutes and often ruled in a defendant’s favor. The Van Buren majority’s approach to the case is in the finest Scalia tradition.

gate

What Kind of Gate Will Suffice?

The Van Buren decision does leave one major question unanswered. As noted above, the majority adopts a “gates up, gates down” analysis: the question is whether the defendant was authorized to be inside a particular file, database, or folder, or whether that area of the computer was off limits. But it did not answer a key question: what kind of “gate” will satisfy the statute?

Computer crime expert professor Orin Kerr argued in an amicus brief that the CFAA requires a technological gate. The information must be protected by a password or similar electronic barrier that the defendant breached, or “hacked,” without authorization, even if he was otherwise authorized to be inside the computer system that contained that information. But there are other possible kinds of gates as well, such as those imposed by a contract or office policy.

For example, consider an employee at a large company who works in the purchasing department. He is authorized to access the areas of the company’s computer system that relate to his job, but is not authorized to access employee personnel records that are contained within the same system. If those personnel records are contained in a separate folder that requires a unique password, that would be a technological “hard gate.” If the employee steals that password to access the records, he would exceed his authorized access by breaching that gate.

Now suppose the personnel folder does not require a separate password but is potentially accessible to anyone already inside the company’s computer system. But company policy and the employee handbook clearly prohibit any employee not working in human resources from accessing the personnel folder. If our employee in purchasing accesses the personnel records in violation of that policy, he has breached a “soft gate” – in this case, one imposed not by technology but by a written requirement.

In footnote eight of the opinion, the Court (while citing Professor Kerr’s brief) expressly says it is not resolving this question: “For present purposes, we need not address whether this inquiry turns only on technological (or “code-based”) limitations on access, or instead also looks to limits contained in contracts or policies.” But for now it appears either kind of limit would qualify under the majority opinion. The dissent also interprets the majority opinion that way, arguing that under the majority’s approach an employee could be prosecuted for playing a game of solitaire if company policy prohibited him from opening the “games” folder on his work computer.

The majority opinion and the metaphor of a “gate” suggest there does have to be some kind of barrier or partition, even if that only consists of storing the information in a separate file or folder. It envisions a computer system with different compartments or areas of data. Exceeding authorized access would mean the information obtained would not automatically be accessible to the employee based on his level of access, and he would have to take some additional step to reach it – which could mean simply clicking on a different folder. But exactly what kind of barrier would suffice, and whether some more significant steps by the employee would be required, is left unclear.

Portions of the majority opinion, such as the reference to those who exceed authorized access as “inside hackers,” do imply some kind of technological barrier or hard gate. The majority also criticized the dissent’s interpretation of “so” in part because it could make criminality turn on external factors like office policies outside the statute itself. But if a soft gate is sufficient to define the limits of an employee’s access, then the same issue arises; it’s simply been bumped from the definition of “so” to the definition of “authorized.” That might suggest the majority would require a hard gate if confronted with a case squarely raising that question.

But all that being said, it’s hard to find the requirement of a password or other technological gate in the definition of “authorized.” If an employee opens a folder that his contract or office policy forbid him to open, his actions seem pretty clearly “unauthorized,” even if no stolen password is required.

A requirement of a technological gate to define the scope of authorization would be much cleaner and easier to enforce. But we will have to await future court decisions – or a clarifying amendment by Congress – to learn whether that is required by the statute.

Like this post? Click here to join the Sidebars mailing list