Sign Up Usename Password Log In Protection Concept

Is It Ever Okay to Share Passwords?

Is It Ever Okay to Share Passwords?

November 4, 2015

Is It Ever Okay to Share Passwords?

By: Ifrah Law

Sign Up Usename Password Log In Protection Concept

If you’ve ever let your kids sign into your Netflix or HBO Go account, or given your marketing department access to your Twitter feed, you may be committing a federal crime, depending on how the Ninth Circuit rules on a case argued before it just last month.

The case, United States v. Nosal, is the latest chapter in a series of cases in which federal prosecutors have used a thirty-year-old anti-hacking statute to turn seemingly routine business disputes into federal felony cases.  The statute, known as the Computer Fraud and Abuse Act (CFAA), contains broad prohibitions on accessing a computer system “without authorization” or in a way that “exceeds authorized access.”  Though intended to prevent malicious hacking and espionage, those prohibitions have repeatedly been applied to disgruntled former employees who logged back into company databases to access proprietary information after their termination and when their authorization to access those files had been revoked.

However, the Nosal case goes a step further, and a ruling in favor of the United States threatens to criminalize password sharing of all kinds.  Nosal was an executive at the recruiting firm Korn Ferry International (KFI).  After he left the firm, he obtained the help of several former colleagues to obtain protected KFI data to start a competing business.  Although several of the charges against Nosal were thrown out in an earlier case, he was still prosecuted for accessing KFI files using his former assistant’s login information, which she had given him willingly.

According to prosecutors, Nosal’s former assistant was not authorized to give him access to KFI’s systems under the company’s computer usage policy, and so his use of that password was “without authorization” by the proper authorities.  Upholding that argument could have a broad reach because so many password-protected services have prohibitions against password sharing in their user agreements, including Netflix, LinkedIn, Facebook, and HBO Go, to name a few.  For that reason, a ruling that the CFAA prohibits password sharing when not authorized by these agreements could turn us all into criminals.

Following argument, this case is difficult to handicap.  Although Judge McKeown seemed particularly concerned with the fact that Nosal clearly had engaged in wrongful conduct when he knew his authorization had been revoked, Chief Judge Thomas and Judge Reinhardt clearly recognized the scope of the issue at stake, and all three panel members were concerned by the government’s apparent lack of a limiting principle.

A ruling can be expected in the next few months.  Until then, all we can do is hold our breath, and hope that the court ensures that the next time we share an account with the others in our household, we won’t end up living an episode ofOrange is the New Black instead of just watching it.

Ifrah Law

Ifrah Law

Ifrah Law is a passionate team of experts that understands the importance of listening to and addressing specific concerns of clients – when facing the heat of a federal investigation or the ire of a business competitor. Experience in complex cases related to online gambling and sports betting, internet marking and advertising, and white collar litigation.

Related Practice(s)
Other Posts
A Tale of Two Courts
White-Collar Crimes |
Feb 16, 2024

A Tale of Two Courts

By: James Trusty
A Scandal’s Fine Print
White-Collar Crimes |
Jan 19, 2024

A Scandal’s Fine Print

By: James Trusty
Human Trafficking Blindspot
White-Collar Crimes |
Nov 27, 2023

Human Trafficking Blindspot

By: James Trusty
Equal Justice as Another Casualty of War
White-Collar Crimes |
Nov 9, 2023

Equal Justice as Another Casualty of War

By: James Trusty

Subscribe to Ifrah Law’s Insights