Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#facebook’

Shocking gossip

Password Sharing Is a Federal Crime, Appeals Court Rules

July 11, 2016

One of the nation’s most powerful appeals courts ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all “hacking” law that has been widely used to prosecute behavior that bears no resemblance to hacking.
In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal’s use of a former coworker’s password to access one of the firm’s databases was an “unauthorized” use of a computer system under the CFAA.
The decision is a nightmare scenario for civil liberties groups, who say that such a broad interpretation of the CFAA means that millions of Americans are unwittingly violating federal law by sharing accounts on things like Netflix, HBO, Spotify, and Facebook. Stephen Reinhardt, the dissenting judge in the case, noted that the decision “threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”
In the majority opinion, Judge Margaret McKeown wrote that “Nosal and various amici spin hypotheticals about the dire consequences of criminalizing password sharing. But these warnings miss the mark in this case. This appeal is not about password sharing.” She then went on to describe a thoroughly run-of-the-mill password sharing scenario—her argument focuses on the idea that Nosal wasn’t authorized by the company to access the database anymore, so he got a password from a friend—that happens millions of times daily in the United States, leaving little doubt about the thrust of the case.
The argument McKeown made is that the employee who shared the password with Nosal “had no authority from Korn/Ferry to provide her password to former employees.”
At issue is language in the CFAA that makes it illegal to access a computer system “without authorization.” McKeown said that “without authorization” is “an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.” The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?
Reinhardt argues that Nosal’s use of the database was unauthorized by the firm, but was authorized by the former employee who shared it with him. For you and me, this case means that unless Netflix specifically authorizes you to share your password with your friend, you’re breaking federal law.
“In the everyday situation that should concern us all, a friend or colleague accessing an account with a shared password would most certainly believe—and with good reason—that his access had been ‘authorized’ by the account holder who shared his password with him,” Reinhardt wrote in a powerful dissent that was primarily concerned with “the government’s boundless interpretation of the CFAA.”
“The majority does not provide, nor do I see, a workable line which separates the consensual password sharing in this case from the consensual password sharing of millions of legitimate account holders, which may also be contrary to the policies of system owners,” he wrote. “There simply is no limiting principle in the majority’s world of lawful and unlawful password sharing.”
Notably, Reinhardt appears to have a commanding knowledge of what constitutes “hacking,” something that comes up over and over again both in the media and in the courts. He said that the decision “loses sight of the anti-hacking purpose of the CFAA.”
“There is no doubt that a typical hacker accesses an account ‘without authorization’: the hacker gains access without permission—either from the system owner or a legitimate account holder,” he wrote. Using someone else’s password with their permission but not the system’s owner isn’t “hacking,” but that’s what the court is treating it as. Reinhardt noted that all 50 states have their own more narrow computer trespassing statutes, and that the case would have been better suited for civil, not criminal, proceedings.
What does this mean for you? In the short term, unless Netflix or HBO seek to get federal prosecutors to go after many of its customers, probably nothing. So far, neither of those services have shown any inclination to do so, and have made it easy to share your accounts with others. But it does set a scary precedent that should give anyone who shares passwords some pause.
The Ninth Circuit covers much of the West Coast, including Silicon Valley—many tech cases are brought there. The decision will be binding in that circuit, and will be looked at to guide decisions elsewhere in the country.
Cases like these do come up with some regularity. A decision is expected soon in a case called Facebook v Power Ventures, in which a company scraped information from Facebook with permission from its users, but not from Facebook. Once again, the question of “authorization” will come into play.

By Jason Koebler
www.motherboard.vice.com

Tags: , , , , , , , ,

151006-max-schrems-0450_180c0c2499e41629332d216d09f930e5.nbcnews-ux-320-320

Europe’s Top Court Backs Law Student in Facebook Privacy Case

October 6, 2015

LUXEMBOURG — The European Union’s highest court ruled Tuesday in favor of an Austrian law student who claims a trans-Atlantic data protection agreement doesn’t adequately protect consumers, a verdict that could have far-reaching implications for tech companies doing business in Europe.

Image: Max Schrems
Max Schrems waits for the verdict of the European Court of Justice in Luxembourg on Tuesday. JULIEN WARNAND / EPA

Max Schrems launched the case following revelations two years ago by former National Security Agency contractor Edward Snowden about the NSA’s surveillance programs.

Schrems complained to the data protection commissioner in Ireland, where Facebook has its European headquarters, that U.S. law doesn’t offer sufficient protection against surveillance of data transferred by the social media company to servers in the United States.

Irish authorities initially rejected his complaint, pointing to a 2000 decision by the EU’s executive Commission that, under the so-called “safe harbor” agreement, the U.S. ensures adequate data protection.

The agreement has allowed for the free transfer of information by companies from the EU to U.S. It has been seen as a boost to trade since, absent such a deal, swift and smooth data exchange over the Internet would be much more difficult.

Without “safe harbor,” personal data transfers are forbidden, or only allowed via costlier and more time-consuming means, under EU laws that prohibit data-sharing with countries deemed to have lower privacy standards, of which the United States is one.

On Tuesday, the European Court of Justice ruled the decision by the Commission invalid. It said that the “safe harbor” deal enables interference by U.S. authorities with fundamental rights and contains no reference either to U.S. rules to limit any such interference or to effective legal protection against it.

The court said the effect of the ruling is that the Irish data commissioner will now be required to examine Schrems’ complaint “with all due diligence.”

Once it has concluded its investigation, the authority must “decide whether … transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data,” the court said in a summary of its ruling.

Image: Facebook and European Union logos
A 3D-printed Facebook logo is seen in front of the logo of the European Union in this picture illustration. DADO RUVIC / Reuters, file

Facebook said it couldn’t immediately comment.

Schrems said he hoped the ruling will be a milestone for online privacy.

“This decision is a major blow for U.S. global surveillance that heavily relies on private partners,” Schrems said in a statement. “The judgement makes it clear that U.S. businesses cannot simply aid U.S. espionage efforts in violation of European fundamental rights.”

However, he noted that the ruling doesn’t bar data transfers from the EU to the U.S., but rather allows national data protection authorities to review individual transfers.

“Despite some alarmist comments I don’t think that we will see mayor disruptions in practice,” Schrems said.

But Richard Cumbley, global head of technology, media and telecommunications at law firm Linklaters, disagreed.

“This is extremely bad news for EU-U.S. trade,” he said. “Without ‘safe harbor,’ [businesses] will be scrambling to put replacement measures in place.” 

Tags: , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more
pr
Coffee with Privacy Pros: Three Constants of Privacy
April 23, 2019

A look behind the career and privacy theology of the law-lovin’ CPO of Uber, Ruby Zefo Jared Cose...

Read more
privacy-coins-and-bitcoin-dominance-guide
We’ve Stopped Talking And Searching About Privacy
April 15, 2019

Kalev Leetaru Contributor AI & Big Data I write about the broad intersection of data and soci...

Read more
private
Rebiton Allows You to Buy Bitcoin and Keep Your Privacy
April 8, 2019

by Kai Sedgwick Purchasing bitcoin ought to be quick and easy, but over the years, encroaching KY...

Read more
20190323_fbd001
Big tech faces competition and privacy concerns in Brussels
March 25, 2019

And the sector may be the better for it Print edition | Briefing Mar 23rd 2019 | PARIS Around 19 ...

Read more