Home Features Business Sharing Passwords is Now Illegal- What this means to you

Sharing Passwords is Now Illegal- What this means to you

February 10, 2022

4175

No Jail Time for Sharing Your Netflix Password – Just Don’t Sell it

In the future, could you be prosecuted and then convicted of a felony just for sharing your password? All of us do it, at one time or another. We share our passwords with our spouse, our friends or colleagues. Four months ago, the United States Ninth Circuit Court of Appeals broadened federal law. The final opinion upheld the conviction of David Nosal, who was provided a colleague’s authorized credentials to access the databases of research firm Korn Ferry. Its decision with sharing passwords could set a precedent and be considered grounds for prosecution under the Computer Fraud and Abuse Act (CFAA).

After the opinion was made public, several news outlets induced a widespread panic that claimed this new law made it illegal to share one’s Netflix password. “In terms of password sharing, no plans on making any changes there,” Reed Hastings, CEO and founder of Netflix, said during a webcast. Variety points out that Internet video subscription services will lose $500 million due to illicit password sharing. According to many subscription VOD (Video on Demand) providers, sharing passwords with anyone outside your household violates your terms of service, which specify that access to the services are only for personal use and “nontransferable.”

While passed in 1986, the CFAA was intended to be used to prosecute those suspected of hacking into someone else’s computer network. There are seven types of criminal activity enumerated in the CFAA: obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer.

The written language of the Computer Fraud and Abuse Act (CFAA) states it is illegal to access a protected computer system without authorization. Judge Margaret McKeown stated in the majority opinion of United States v. Nosal “without authorization” is “an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.” However Judge Stephen Reinhardt, once considered the liberal “badboy” of the federal judiciary dissented with his opinion:

In the everyday situation that should concern us all, a friend or colleague accessing an account with a shared password would most certainly believe—and with good reason—that his access had been ‘authorized’ by the account holder who shared his password with him,” Reinhardt continued “The majority does not provide, nor do I see, a workable line which separates the consensual password sharing in this case from the consensual password sharing of millions of legitimate account holders, which may also be contrary to the policies of system owners.

This court decision forces lawmakers and businesses to examine the resulting implications of password sharing. As the Computer Fraud and Abuse Act states, whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication shall be punished under the Act.