On July 5, 2016, the United States District Court of Appeals for the Ninth Circuit issued a decision in the case entitled United States v. Nosal. The case involved a former employer and others using the password of another employee to hack into his former employer’s database in order to access and take information which belonged to his former employer.

The decision has gained a lot of attention and press because Mr. Nosal’s criminal conviction was based upon his use of another employee’s passwords. There are a large number of articles and blog posts warning that the holding in the case could result in the criminal prosecution of an individual who uses a friend’s Netflix or HBO GO password to access those sites. While that could be one result of the decision, I believe the holding in the Nosal case does not currently go that far. Per the Ninth Circuit, “this appeal is not about password sharing. Nor is it about violating a company’s internal computer use policies.” Rather, the case revolves around accessing a protected computer with the intent to defraud as defined in the Computer Fraud & Abuse Act (CFAA), 18 U.S.C. § 1030.

Continue Reading Does Recent 9th Circuit Court of Appeal Decision Make It a Crime to Share Passwords to Online Accounts?

As the dust settles on the legal battle between Apple and the F.B.I., businesses should take note of the many issues related to the privacy and confidentiality of electronically stored information. Though Apple arguably emerged victorious in refusing to create a backdoor for its security measures, the still unknown point of access utilized by the F.B.I. highlights the risk that electronically stored information is never truly secure. Data breaches at Sony, Home Depot, Target, and even within the federal government highlight this point.

Given their volume and value of data, businesses need to be particularly cognizant of the cyber-threats and nimble in response to cyber-attacks. However, it is not enough to simply recognize the threat posed by a cyber-attack. Businesses need to be prepared to act swiftly and effectively to prevent any further misappropriation or transmission of electronically stored information.

Continue Reading A Cyberlaw Preparedness Primer for Businesses