The United States Court of Appeals for the Ninth Circuit ruled Tuesday that sharing passwords can now be considered a federal crime under the Computer Fraud and Abuse Act, a vague piece of federal legislation that has been called “the worst law in technology.”
The court’s ruling specifically pertains to the case of David Nosal, a former employee for the executive search and recruitment firm Korn/Ferry. The Ninth Circuit upheld Mr. Nosal’s conviction under the CFAA, focusing on the CFAA’s prohibition on accessing computers “without authorization.” From the National Law Review:
“In United States v. Nosal, the Ninth Circuit focused on the CFAA’s prohibition on accessing a computer ‘without authorization.’ The court described that term as ‘unambiguous’ and ‘non-technical,’ meaning ‘accessing a protected computer without permission.’ Given this plain meaning, the court found that ‘once authorization to access a computer has been affirmatively revoked, the user cannot sidestep the [CFAA] by going through the back door and accessing the computer through a third party.'”
But the CFAA is an incredibly vague piece of legislation whose text effectively makes it a federal crime to violate the terms of service of Internet sites and allows companies to forbid legitimate tasks like research, the latter of which contributed to the federal indictment (and subsequent suicide) of Aaron Swartz in 2013.
The Ninth Circuit’s ruling on Tuesday effectively equates using someone else’s password to hacking, meaning that whenever someone uses your passwords for Netflix, HBO Go, or any of the multitude of streaming services or Internet sites available, they are committing a federal crime and can be subject to federal jurisprudence, up to and including incarceration.
Now the Ninth Circuit’s ruling may never be cited to justify throwing your cousin in prison because they really want to binge Orange is the New Black, but the ruling is distressing. Sharing passwords is a cultural thing now and many figures who run these services are perfectly content with passwords being shared. Netflix CEO Reed Hastings supports people sharing their Netflix passwords, at one time calling the practice a “positive thing, not a negative thing.” HBO CEO Richard Plepler stated in 2014 that the network has no problem with people sharing passwords. “It’s not that we’re unmindful of it, it just has no impact on the business,” he said, adding that they’re “in the business of creating addicts.”
The CFAA is in need of some serious reforms.
Featured image is in the public domain.
h/t The Daily Dot
