In the case of the case in question, United States v. Nosal, those violations took the form of corporate headhunter David Nosal convincing a former co-worker to give him access to a company’s database after he had already left. Nosal’s case has bounced all over the U.S. legal system, with both the government, and Nosal’s attorneys, appealing whenever a ruling goes against them. That’s what happened earlier this week, when two judges upheld the government’s claim that Nosal had violated the law by acquiring access to the system, counter to the company’s clear desires to keep him out by establishing security systems like a password.
Circuit Judge Stephen Reinhardt disagreed with his colleagues, though, writing a dissenting opinion on the case in which he addressed the wider concerns inherent to broadening the CFAA’s scope. “This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act (‘CFAA’) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”
To be clear: Netflix probably isn’t going to kick down your door for sharing your password with your family and friends. Like HBO, the company has expressed straightforward approval for people going halvesies, thirdsies, or even sixthsies on an account. (To quote CEO Reed Hastings: “We love people sharing Netflix.”) The danger comes in the widening power of the CFAA—originally designed to combat hacking—and the potential for these new powers to be abused. (Another judge cited exactly those concerns several years ago, when he ruled that the law couldn’t be invoked to prosecute people who violated Myspace’s terms of service in a high-profile and tragic cyberbullying case.)
[via Fusion]