Friday, August 19, 2016

Computer Abuse by Password Sharing

Computer abuse can occur by the simple act of password sharing to gain access to a computer and its network. Password sharing for use of a computer is seldom realized as a wrongful use.  It is as well not realized by many account holders that sharing their account passwords or access passwords is as well problematic. Accessing digital media accounts of others through the sharing of passwords is construed as an “unauthorized” access to the content. The password bears the meaning of a license for use that has been granted to a specific individual.
The computer use under fraudulent purposes adheres as well to the work environment where a company’s system is accessed with authority essentially equal to a trespasser.  It is important to keep in mind, that that access to particular sections of a company’s data network may not be uniform throughout the company, agency, or entity. A particular person’s position may not allow access to accounting data, employee records, and latest results in IT audits of the company.
The Ninth Circuit, in United States v. Nosal had to determine the confines of sharing passwords with the Computer Fraud & Abuse Act (CFAA), 18 U.S.C. § 1030.  The argument shifts from a hacking concern which is the thrust of the CFAA’s purpose to who is the rightful grantor of authority to use a person’s password.  Amid these two quadrants of analysis lies the conundrum of why did the purpose access the computer system using another’s passwords?  The facts speak that it was about former employees using an employee’s password to access the former employer’s network database. The hinge in the case is more about the intent to intrude into the former employer’s network database than the ramifications of the decision.  The ramifications of the decision clouds over the occurrence of password sharing and accessing digital accounts of friends with their friend’s password.
This case leaves open to determine how to construe “authorized” access to account data and product subscriptions and the permissive grant of such access.  The defendant, in this case, was a former employee who received login credentials from employees in order to access former employer’s system. The lower court did not hold that charges under the CFAA met federal criminal standards.  The United States appealed the lower court’s decision.  Amid concerns of how this action would expand the reach of the CFAA into the criminal sphere by the occurrence of a company computer use policy, the Ninth Circuit in 2012 held that it is not a CFAA violation for accessing a workplace computer in violation of a business computer policy.  Now more recently, the court held that based on the Act’s language “knowingly and with intent to defraud, access a protected computer without authorization or exceed authorized access, and by means of such conduct further the intended fraud and obtain anything of value….” (CFAA Sec 1030 (a)(4), Nosal did acquire access without permission and with an intent that met the criteria of the criminal stigma of the CFAA.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2016, all rights reserved, Lorenzo Law Firm, P.A.

No comments:

Post a Comment