Newest Decisions On Passwords: Can You Be Sued For Sharing?
In using online services, retailers manage their systems by having users create accounts. These accounts can be for anything ranging from social media or streaming services. In the new decision out of the Ninth Circuit in United States v. Nosal, this issue was addressed, in part, raising questions of expansion of the Computer Fraud and Abuse Act (CFAA). So, is it truly illegal to share a password? How expansive is this decision? Can someone inadvertently violate federal laws by allowing a family member to share a Netflix account?
The case was started over alleged misconduct by Nosal, against his former employer, Korn/Ferry International, an executive search firm. After leaving the company as an employee, Nosal stayed on as a contractor to finish assignments, and began a competing business with other Korn/Ferry employees by using the information they had access to through Korn/Ferry. His employer then removed access to the data, while allowing other employees to help Nosal in finishing his final projects. As part of the project, Nosal borrowed his former assistant's password to access the data, and continued to use it for his new business.
This ended up raising issues with the CFAA, regarding the idea of "unauthorized access to a computer." In determining the issue, the court decided that going by the plain meaning of the statute, with the ideas presented, Nosal was not allowed to access the data, and by using his former assistant's password, it would not necessarily confer permission to him. Essentially, Nosal himself was explicitly unauthorized in the circumstances, and even with his former assistant sharing her password, this would not grant access to Nosal.
Following the decision, there are still some concerns regarding the exact illegality of password sharing. The dissenting opinion is concerned with the danger of accidentally making a portion of the people federal criminals. Because the ability to search or sign into a website involves accessing a computer online, the ability to "expand" the CFAA under a textualist approach isn't unthinkable. Yet, in Facebook v. Power Ventures, this was distinguished as while Power Ventures got permission to access Facebook's computers through Facebook users, it was arguable that they would have had permission to access it anyways.
Applying this to other situations, like sharing an HBO Go account, Netflix, or Amazon Prime, the same permission may exist, because websites that are available for access by the general public may "implicitly" grant permission, unlike private computer networks like in Nosal. As such, the nature of "sharing passwords" in violation of the CFAA may be a matter of existence of permission, nature of permission in regards to clickwrap or browsewrap agreements, and if permission was explicitly revoked or denied to an individual.
At our law firm, we guide clients in legal matters involving business, technology, and constitutional rights by using our knowledge and skills to create innovative solutions. You may contact us today to set up an initial consultation.