Does sharing your Netflix password make you a criminal?

According to a recent decision by the US Ninth Circuit Court of Appeals, sharing a Netflix or HBO GO account with your parents or roommates could be illegal.

Kim Hong-Ji/Reuters
Reed Hastings (l.), co-founder and CEO of Netflix, and Ted Sarandos, Netflix chief content officer, pose for photographs during a news conference in Seoul, South Korea, in June.

Does your cousin use your Netflix account to watch "Orange is the New Black"? Did you give your boyfriend your HBO password so that he could catch up on "Game of Thrones"? If so, you might be considered a criminal under Computer Fraud and Abuse Act. But don’t worry – the good news is that Netflix doesn’t mind.

A decision on July 5 by the US Ninth Circuit Court of Appeals in United States v. David Nosal has broad implications that some say could impact unwitting internet users.

“People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it,” wrote Judge Stephen Reinhardt in his dissenting opinion on US v. David Nosal. “In my view, the Computer Fraud and Abuse Act (“CFAA”) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”

Netflix doesn’t think so either. Both Netflix and competitor HBO GO have acknowledged that many of their users share passwords in order to avoid paying for multiple accounts within a family or group of friends.

Yet despite the fact that a study by Parks Associates last year found that subscription video on demand (VOD) services like Netflix stand to lose $500 million per year due to password sharing, VOD executives are enthusiastic about service sharing.

“We love people sharing Netflix whether they’re two people on a couch or 10 people on a couch,” Reed Hastings, Netflix chief executive officer, announced at the Consumer Electronics Show (CES) earlier this year. “That’s a positive thing, not a negative thing.”

In fact, Mr. Hastings doesn’t see password sharing as a way to lose customers, but as a way to gradually gain them. The reasoning, he says, is that young people share their parents’ passwords until they leave home or can afford their own subscription. By allowing password sharing, services like Netflix literally grow their subscriber base.

HBO has been less explicit about its own position on password sharing in recent years but in 2014, CEO Richard Plepler shared views similar to Hastings in a statement, saying password sharing is a “terrific marketing vehicle for the next generation of viewers.”

Besides, most sharing seems to take place at the familial level. An IBM Cloud Video's Clearleap study conducted in April found that just 4 percent of VOD subscribers share their password with non family members, according to the Chicago Tribune.

The fact that most sharing occurs between parents and children, or with others within a family, makes it even more difficult to say that password sharers are engaging in a criminal act.

The case that led Judge Reinhardt to express concerns that the majority’s decision made Netflix and HBO GO password sharers into “unwitting federal criminals” actually has little to do with entertainment.

The defendant, David Nosal, was a contractor (and former full employee) at an international headhunting firm called Korn/Ferry International when he began to formulate plans to create his own firm. Nosal and several others used login information that belonged to Nosal’s former assistant to access a Korn/Ferry database.

Nosal was eventually convicted under the Criminal Fraud and Abuse Act, which is mainly intended to apply to hackers. The court applied one clause of the CFAA in particular, which makes it illegal to “knowingly and with intent to defraud, accesses a protected computer without authorization.”

“We conclude that “without authorization” is an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission,” wrote Justice Margaret McKeown in the opinion. “This definition has a simple corollary: once authorization to access a computer has been affirmatively revoked, the user cannot sidestep the statute by going through the back door and accessing the computer through a third party.”

In his dissent, Reinhardt expressed concern that this decision will begin a slippery slope towards the prosecution of innocuous civilian behaviors such as password sharing.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.