A new federal appeals court ruling serves as a reminder that the Computer Fraud and Abuse Act (CFAA) is utterly awful and needs to be reformed, and that you have probably violated it as some point.
A new ruling revolves around a case where a former employee of a firm continued to access the client database of the firm as he planned to launch a competitor. The man was eventually charged with conspiracy, theft of trade secrets, and violations of the CFAA and eventually convicted.
One of the violations included sharing his password to others to access this database, so media coverage of the court’s decision has suggested that it is “now” a federal crime to share passwords to things like your Netflix account (see this Fortune headline as an example).
While this media attention is welcome, it’s worth pointing out that this is absolutely not a new thing, and under the wording of the CFAA has always been the case, which is why it’s such a terrible law. The CFAA criminalizes any “unauthorized access” to a computer system of database to commit any sort of fraud. So, for example, letting somebody access your Netflix account or Steam account—or any sort of online service that charges access for movies, games, music, et cetera—in order to watch or play for free could be a violation of the law. That’s a type of fraud.