- Apr 12, 2001
Earlier this month a federal appeals court decided that an employee "acted without authorization" after he used a former co-worker's password login without their permission, in order to gain access to a collection of their data. Concerning the case The United States of America v. David Nosal, this has led to a decision by the court to rule that password sharing is a federal crime under the Computer Fraud and Abuse Act, meaning that sharing your login among friends and family for accounts like Netflix and HBO Go could now be an illegal act (via TechCrunch).
Judge McKeown, who is close to the case and wrote its opinion, admitted that more innocent forms of password sharing "bears little resemblance" to the circumstances presented in the lawsuit that ignited the ruling. McKeown urged future judges and courts to consider how important "facts and context" are to each case, and craft rulings surrounding password-sharing lawsuits and their legality from there.
While the daily sharing of passwords has yet to be designated as a violation of federal law, some do see the new ruling as a slippery slope to a future where giving a friend your HBO Go login could land you in a heap of trouble. Judge Reinhardt took the dissenting opinion on the case, commenting that while David Nosal may have gotten into "criminal or civil" liabilities while logging into his co-worker's accounts, "he has not violated the CFAA."
An act so widely perpetrated is far less likely to incur major legal repercussions, even if it does become enacted on more of a wider scale, but there is still a possibility for the federal appeals court's decision to let companies decide on their own whether password sharing should be more strictly reprimanded or not. Comments by Netflix earlier this year at CES suggest the company won't be heading in that direction any time soon, as CEO Reed Hastings saw the expansive sharing of their services as "a positive thing."This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act ("CFAA") does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals. Whatever other liability, criminal or civil, Nosal may have incurred in his improper attempt to compete with his former employer, he has not violated the CFAA. -- Judge Stephen Reinhardt, Ninth Circuit Court of Appeals
Article Link: Court Ruling Could Lead to Stricter Password-Sharing Laws in the Future