The U.S. Supreme Court on Tuesday sidestepped a growing controversy over who can give permission to access a computer, a debate that goes to the core of what constitutes hacking in this era of widespread use of the Internet and social media.
The justices turned away two cases over whether it is a violation of federal anti-hacking law for account holders to give a third-party access to a computer system they do not own themselves. In doing so, they left in place a lower court ruling that went against a Cayman Islands company in a dispute with Facebook (FB), and another against a California-based executive recruiter.
The San Francisco-based 9th U.S. Circuit Court of Appeals last year ruled in both cases that only computer system owners may grant authorization, and not account holders or employees with legitimate access credentials.
The defendants in these cases, as well as rights groups such as the Electronic Frontier Foundation, said innocuous acts such as sharing a bank website password with a spouse in order to pay a bill could now be held criminally liable because the bank prohibits password sharing.
The 1986 Computer Fraud and Abuse Act made it a crime to intentionally access a computer without authorization, and also allowed victims to sue for damages.
Facebook sued Cayman Islands-based Power Ventures in 2008 after Power began offering its users access to Facebook through its own online portal. Power argued that it had its users’ consent to access data they had stored on Facebook. But Facebook said Power was harvesting data from not only those users, but others as well, making the data insecure.
The appeals court ruled that once Facebook had forbidden Power’s access, it became unauthorized.
The appeals court also upheld a jury verdict finding executive recruiter David Nosal guilty of computer fraud for accessing a confidential database belonging to his former employer, Korn/Ferry International, with the help of two other former company employees who used the login credentials of a third employee who remained at the company, according to court documents.
Power and Nosal urged the Supreme Court to hear their appeals, arguing that anti-hacking law does not define who must give permission to access a computer system. They said either an owner or account holders can do so.
