The US Supreme Court [official website] on Tuesday denied certiorari [order list, PDF] in two cases concerning who can give permission to access a computer—an issue crucial to the determination of the meaning of the term “hacking.”
One of these cases involved a Facebook [corporate website] suit against Cayman Islands-based Power Ventures, Inc. under the 1986 Computer Fraud and Abuse Act [text, PDF], after Power Ventures began offering its users the ability to access Facebook through its own portal. Power Ventures claimed that it had obtained user consent to access the data they stored on Facebook, while Facebook claimed that Power Ventures was harvesting data in a manner that was making it insecure.
The other appeal involved the criminal conviction of David Nosal [Reuters report] for computer fraud after he accessed a confidential database of his former employer with the help of two other former employees. The trio used the login credentials of a fourth employee who was still with the company.
In refusing to review the case, the justices have declined to decide at this time whether account holders can grant computer access to a third party they do not themselves own. That leaves intact the holding [opinion, PDF] of the US Court of Appeals for the Ninth Circuit [official website] last year in both cases, which concluded that only the owners themselves may grant authorization, and not account holders or employees with legitimate access credentials.
Rights group such as the Electronic Frontier Foundation [advocacy website] expressed concern that prohibiting third parties such as Power Ventures from granting access would criminalize innocent acts such as sharing of a bank password with a spouse to pay a bill.