According to a federal court, it is criminal to do something that most tech-friendly Americans do on a regular basis – sharing your Netflix password.
In July, the Ninth Circuit Court of Appeals ruled on a case referred to as: United States v. Nosal. To summarize the premise of the case, David Nosal left his job with the recruitment firm Korn/Ferry. He then recruited a few former colleagues to come to the new company. The group used the password of a friend still working with Korn/Ferry to download information. For this, Nosal was charged under the Computer Fraud and Abuse Act (CFAA).
Two of the Ninth Circuit judges ruled that it was unlawful to access data without authorization. In their terms of service agreements; Netflix, HBO Go, and other streaming accounts prohibit anyone other than subscribers from streaming their content. The outcome of the case determined that a person giving their password to someone else does not count as authorization, only the company that administers the password or service can allow that.
Now, some say it is a stretch to assume that the sharing of streaming service passwords would be a criminal act under CFAA, but the vaguely written law has already proven it can happen.
In 2011, Aaron Swartz was charged under the act for downloading academic journals. Facing up to 35 years in prison and a $1 million fine, Swartz took his own life in 2013. That same year a bill, which never made it into law, was filed in congress to amend the CFAA and tailor the language to only apply to serious cybercrimes.
There are precedents for making Netflix password sharing illegal.
Tennessee passed the “Tennessee Login Law” in 2011. The law criminalizes the sharing of login information for music and movie streaming sites. While the law is aimed at hackers who steal and sell login information, that doesn’t stop the law from being applied to the college kid who shares his login information with a number of his dorm mates. If found in violation one can face a year in jail and a $2,500 fine.
Judge Stephen Reinhardt, the lone dissenter, had this to say:
“This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act (CFAA) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”
In his dissent Reinhardt also said the decision, “threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”
This is another instance of criminalizing a practice that many Netflix, HBO Go, or HULU subscribers have done. Whether or not Netflix, or other streaming services, choose to crack down on subscribers engaging in password sharing, this over-criminalization is an example of what comes from lazy lawmaking. Government, instead of using a precise approach to crack down on hacking, opted for a vague law that criminalizes the behavior of millions of Americans.