Appeals Court To Test How the Law Looks at Shared Accounts and Unauthorized Access (washingtonpost.com) 37
schwit1 writes: On Monday, the Ninth Circuit will hear arguments in United States v. Nosal on an interesting legal question: If a person shares access to a computer account with somebody else, under what circumstances can the second person engage in unauthorized access under the Computer Fraud and Abuse Act? The case centers around the difference between having access to something and having permission to use it. In other words, if you give somebody a desktop password to your computer so they can watch Netflix, but they take advantage of that to read your email, how does the law look at it? What happens if they come back later and log in again without your explicit permission, but only watch Netflix? What happens if you give them your Netflix password to watch while at your house, but they go home and use it to watch Netflix at their house? Eugene Volokh has a forthcoming paper articulating the legal interpretations of computer trespass. It's a tricky set of rules, and one another court has already misapplied.
I would compare it to a house (Score:4, Interesting)
If you let somebody in (say a babysitter to watch your kids) that doesn't give them permission to peruse through a diary hidden in a drawer in a night stand.
Re: (Score:2)
It really depends on what you are protecting and how important it is to you, if it's that important don't grant physical access to a relative stranger.
Yes, as a prevention to be a victim, I won't be STUPID, but even if I am stupid this doesn't give them the right to do whatever they want.
what about new email pop ups? (Score:3)
what about new email pop ups? that you can read at least some info from?
Open wifi where you can see, shared files/folders, shared printers, etc.
Files on the desktops
Have permission to use the printer and see other documents on it / next to it.
post it nodes with info on them on the display / desk
Wait by now you are looking at 20 to life need I go on?
Re: (Score:2)
There's quite a difference between plain site and digging. That concept is actually pretty well established in case law as well.
Re: (Score:2)
It means that sometimes swype inputs the wrong word and I didn't properly proofread.
Re: (Score:2)
Default Apache home page. Duh.
Re: (Score:2)
Why would you need to make new law here? Obviously if you let a babysitter in, they can see things in plain sight. If they're looking for a glass and you got illegal stuff hidden in your kitchen cabinet, too bad. It's only if they go snooping in places that they clearly have no business snooping in it might be an issue. Same applies for your computer, clearly some things are just there. Some you might run into. And other things you don't find unless you go snooping.
Re: (Score:2)
Besides that, I would also liken it to expected permission.
The owner of the PC may give them access to the computer to view Netflix. That implies a single instance access to the computer to do one thing - view Netflix. It doesn't give permission to view the guy's email or other things, or even if he logs out permission to log in again.
This permission ca
Re:I would compare it to a house (Score:5, Insightful)
They could call it a "Guest Account". Yeah, someone should invent that.
keys and locks (Score:2)
Re: (Score:2)
But this is actually a bigger issue for corporate use of cloud services. What if your company has an official Twitter feed or Facebook wall which needs to be updated by multiple people?
You lost me at Twitter and Facebook.
Those two "services" are right up there with web advertising.
I don't give a damn, and I have no sympathy for anything that goes wrong with that bit of douchbaggery.
I mean, whatever could go wrong with multiple employees having the same password? If a business is so damn stupid as to do that, they don't have much to bitch about when the inevitable happens.
Re: (Score:2)
If the babysitter peruses through a diary hidden in a drawer in a night stand, it's not a Federal felony. That in and of itself makes it a bad comparison. In some of these examples, you've authorized the babysitter to open a drawer, but not that drawer right next to it. Up to five years, federal prison, with no such thing as parole.
So while you would
That 5th Netflix friend, man (Score:1)
Basically is it a DMCA violation AKA anti-hacking law crime, to use a password you legitimately know to use the computer system for things you weren't supposed to.
This really stretches it too far if you ask me as there are other remedies before applying a hacking law. But they went too far long ago by allowing companies to use DMCA to hide copies of copyrighted things you bought from your own sight, like firmware. "Your car's computer can read your copy you own, but you can't."
Sharing Netflix password (Score:2)
In limited circumstances, I think that sharing a Netflix password is clearly OK. I base that statement on the fact that Netflix has a concept of users different users within one account.
The question is perhaps: what does "limited" mean in this context? Family member who lives with me? Family member who lives elsewhere? Friend?
Re: (Score:2)
"Should" implies a suggestion, "May not or will not" implies a directive. Lawyers drafted this if they meant a prohibition they would have used the later terms.
You can legally have four users on a Netflix account, how are these users supposed to access the account in your absence without the password?
Re: (Score:2)
That ties it to the device. Not the person. I am the Account Owner on a Netflix account. I watch on at least 3 different devices. The three people I share it with watch it on more than one device as well.
Re: (Score:2)
Just because you think you should be able to do that under the EULA does not mean you can do that under the EULA. One clause gives permission to three other people to use the account -- but only if you can fulfill the other clauses. Just because there's no technological way to do that doesn't mean you get to break the EULA, legally speaking.
Re: (Score:2)
If there is something in the EULA that prevents me from using the service on multiple devices, then I reject the EULA and they can keep the service. It's barely worth what I pay for it in the first place.
Re: (Score:2)
When I read your first sentence (slashdot collapsed section only presented that one line) I thought you were going to suggest bludgeoning them until the amnesia makes them forget the password... other stuff, too, but the password is the legally important bit.
Re: (Score:2)
Problem may be solved, but the legal question remains: did the person who abused your password do something illegal? If I leave my house unlocked, someone who comes in and steals stuff is still guilty of a crime. If I share my password, they *can* use my stuff, but there's still a legal bar that says they *should not*, and if they do, there may be criminal charges. This case is critical for determining what happens in various fraud and phishing scams. That's why in needs to go to court.