It doesn’t make sense to me, but according to the results of a recent US court case, the act of not logging out gives “tacit authorization” for — as arstechnica.com put it — snooping in that system. Not logging out has always been considered a poor security practice, of course (and not just in theory. For example, one can only draw 100% of the security provided by full laptop disk encryption software like AlertBoot if a laptop is completely shut down, including instances of sleep or hibernation). But this latest case appears to sanction its deleterious ramifications.
It All Started by Accidentally Bumping a Mouse
It’s a messed up story all around. A teacher (a Mr. Rogers) was checking his email at the school computer lab when he bumped the mouse connected to the computer next to him. The screen came to life and he saw that one of his colleagues (a Ms. Marcus) was logged in to her email account and that there was an email thread discussing him with other teachers.
He read the emails and confronted Ms. Marcus. The latter and a number of other teachers filed a complaint and later a lawsuit against Mr. Rogers. So far, so normal. And then:
The judge ruled that Marcus, not Rogers, had accessed her e-mail. So Rogers was on safe ground on the “access” question. However, the judge let the jury decide whether Rogers had exceeded the “authorization” Marcus had accidentally granted to him. The jury ruled that he had not. [arstechnica.com]
Huh? Furthermore, when the decision was appealed, a three-judge panel would not overrule the prior decision. Maybe there’s something in New Jersey’s water. I mean, isn’t common knowledge that, if you find a house with the door open, it doesn’t give you the right to walk in and search the house? I don’t see how it wouldn’t be the same when it comes to an email account.
On the other hand, I can see how the courts wouldn’t want to find fault with Mr. Rogers. After all, it’s not as if he hacked into anything; the stuff was just there. The next thing you’ll know, a person, Mr. A, will be screaming bloody murder because another person, Mr. B, picked up a note from the ground and found out that it was a letter where A was dissing B.
For God’s Sake, Log Out Already
There’s one reason and one reason only why passwords are used in our daily lives: to provide secure access to restricted “stuff.” Access to websites; to laptops; to doors; to bank accounts; etc. It behooves us, then, to ensure that we do our utmost to not only protect that password but to ensure that we don’t leave things “out in the open.”
This is true whether we happen to be in a public space, like a school computer lab, or private space, like one’s home.