W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2016

The US 9th Circuit Court ruled that using someone else's password with their permission but without the permission of the site owner is a federal crime.

From: Jeffrey Walton <noloader@gmail.com>
Date: Fri, 15 Jul 2016 13:40:11 -0400
Message-ID: <CAH8yC8=H9pNVO4W-zck06F-Q3hZcm9fD3+O5AtzT0gLZrinR7w@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
This showed up in Schneier's newsletter at
https://www.schneier.com/crypto-gram/archives/2016/0715.html:

    In a truly terrible ruling, the US 9th Circuit Court ruled that using
    someone else's password with their permission but without the
    permission of the site owner is a federal crime. This means that
    if you give someone else your Netflix password without Netflix's
    permission, you're a criminal.

There seems to be an intersection with the Web Security model, where
interception is a valid use case. It appears the box performing the
interception cannot proxy the request without the origin's permission.
Otherwise, it seems to be resue of the user's password without
permission or consent.

I'm guessing it will apply to other sensitive information, too.

Jeff
Received on Friday, 15 July 2016 17:40:40 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC