Is Sharing Your Passwords Now Illegal?

It has always been a bad idea to give someone else your password, and it is against West Virginia University policy, yet we all know people who do it. Recent headlines have claimed that this is now a criminal act. In a decision last week, the Ninth Circuit Court of Appeals decided that a person who had been given another person's password could be held liable for hacking under the Computer Fraud and Abuse Act. The court says that this decision only applies to this particular case and set of circumstances, but since our legal system is so often based on precedent, a number of panicked articles have appeared:

• "Password Sharing is a Federal Crime, Appeals Court Rules"
• "Federal Court Rules That Password Sharing Is Illegal Under Insane Ancient Law"
• "Federal court rules that sharing your Netflix password is a federal crime"

For a more even and informed analysis of this decision, you should read this article by Orin Kerr, a professor at George Washington University Law School, in The Washington Post.

• "Shared Passwords and the Computer Fraud and Abuse Act"

This case provides a great opportunity to become more aware of the issues surrounding the Computer Fraud and Abuse Act, but it also provides a great opportunity to review your own computer security practices. Do you give an assistant or colleague your password? Have you thought about whether this could make you liable for actions they make while using your account? Have you thought about whether this could make them a "hacker" in the eyes of the law? Have you considered how easily someone from outside your organization could "social engineer" or talk someone into giving away a credential?
 
For more about good security practices at West Virginia University, please visit the ITS informational website:

• WVU ITS: Defend Your Data