SAN FRANCISCO – Sharing your streaming password with a friend for a night is unlikely to lead you to jail, but taking information from your ex-employer with a former co-worker probably will.
The July 5 decision of the United States v. David Nosal case in the 9th Circuit Appeals Court has civil liberties proponents asking if the decision will make consumers federal criminals for sharing passwords with friends, but that is unlikely to happen.
The court ruled Nosal violated the Computer Fraud and Abuse Act when he used the password of a current employee of Korn/Ferry International to access the company's computer database. He had the employee's permission, but the company had rescinded his password when he left the company, closing the door on his access to the system. The company had also rescinded the passwords of others who had left the company.
“Someone may give you access to their data, but it doesn't mean they have the ability to give you access to the computers that hold the data,” Senior Counsel James Pooley for Orrick, told the Northern California Record.
Pooley said the ruling is being critiqued by some saying the ruling is infringing on civil liberties, but they are over-reacting with that conclusion because that is not what the opinion is saying.
“If you read it (the ruling) carefully and read between the lines, what the court is saying is if you are going to rely on the authority of the user to allow you access to a system you better be sure the user has the authority to allow you access,” he said.
Although it is wrong to allow someone to use your password for a streaming service, Pooley said, it's unlikely a prosecutor would be interested in pursuing a case like that unless it was happening on a large scale.
The court's decision was not unanimous. Judge Stephen Reinhardt disagreed with the ruling questioning what happens when a friend uses someone else's log-in to access a streaming service. He said in the dissent the court's decision made the answer less clear. Nosal's attorney, Dennis Riordan, said he will appeal the court's ruling, referring to Reinhardt's remarks in the dissent.
Pooley said no one can predict if the Supreme Court will accept a case, but he doesn't think the court will be drawn to this particular case because of the 9th Circuit court's fairly common sense interpretation of the CFAA. It provides companies that own computer systems some comfort in knowing they can control access to them. It also gives some guidance to people who might want to get around the law so they can be aware of the risks they are taking.
“We all need to keep in mind that the law was enacted for a good reason, which was to give the owners of computer systems some control over who has access and who doesn't so that they can manage their systems appropriately,” Pooley said.