A US appeals court ruling that password sharing is illegal is set to influence how other judges handle complaints about the activity.
The case involved a man who had been convicted of using someone else’s login to access his ex-workplace’s database.
The decision has serious legal implications for the wider sharing of passwords, one dissenting judge said.
The US press has speculated it could even have a bearing on disputes about the sharing of Netflix passwords.
But one of the other judges suggested the precedent that had been set had more limited consequences.
In 2004, David Nosal reportedly used an ex-colleague’s password to gain access to his former recruitment firm Korn/Ferry, in order to use the information in his new firm.
He was charged in 2008 with hacking under the Computer Fraud and Abuse Act (CFAA), and convicted in 2013.
The case found the company issuing the password must give authorisation, rather than the individual who may choose to share it.
While the ruling that password sharing violated federal law is limited to the specific case, it could set a precedent for future cases in the US.
Judge Reinhardt, who disagreed with the majority ruling, said the case was “about password sharing” rather than hacking and that in his view “the CFAA does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals”.
He added: “The majority does not provide, nor do I see, a workable line which separates the consensual password sharing in this case from the consensual password sharing of millions of legitimate account holders, which may also be contrary to the policies of system owners.
“There simply is no limiting principle in the majority’s world of lawful and unlawful password sharing,” he added.
He suggested that people could now be jailed as a consequence of the ruling.
But Judge M Margaret McKeown, who wrote the majority opinion, disagreed and said the specifics of the case bore “little resemblance to asking a spouse to log in to an email account to print a boarding pass”.
A summary of the ruling said that nearly all access of a “protected computer” – effectively all computers with internet access – without authorisation could therefore be criminalised.
Source-BBC
