The Ninth Circuit Court of Appeals recently upheld a lower court decision which ruled that sharing passwords could be in violation of the Computer Fraud and Abuse Act (CFAA).
The particular case, United States v. Nosal, centered on a former employee using a borrowed password to copy data from the firm’s database. However, Jason Koebler of Motherboard explains that the ruling could have far-reaching effects on a common practice: sharing passwords on accounts for many sites and services such as Netflix, Spotify, and Facebook.
The CFAA makes it a federal crime to access a computer system without authorization, but this raises a question Koebler paraphrases from dissenting judge Stephen Reinhardt: authorization from whom?
As Koebler argues, in the Nosal case an individual user and not the firm gave authorization. Thus, Nosal sets a dangerous precedent that an individual innocently sharing his or her Netflix password could be violating a federal law intended to prevent hacking.
Many following this ruling are concerned that the seemingly broad interpretation of the CFAA potentially criminalizes a routine practice. Further still, the decision has important property rights implications as well as the potential to hamper growth and innovation.