Earlier this month a federal appeals court decided that an employee "acted without authorization" after he used a former co-worker's password login without their permission, in order to gain access to a collection of their data. Concerning the case The United States of America v. David Nosal, this has led to a decision by the court to rule that password sharing is a federal crime under the Computer Fraud and Abuse Act, meaning that sharing your login among friends and family for accounts like Netflix and HBO Go could now be an illegal act (via TechCrunch).
Judge McKeown, who is close to the case and wrote its opinion, admitted that more innocent forms of password sharing "bears little resemblance" to the circumstances presented in the lawsuit that ignited the ruling. McKeown urged future judges and courts to consider how important "facts and context" are to each case, and craft rulings surrounding password-sharing lawsuits and their legality from there.
/article-new/2013/04/netflix2.jpg?lossy)
While the daily sharing of passwords has yet to be designated as a violation of federal law, some do see the new ruling as a slippery slope to a future where giving a friend your HBO Go login could land you in a heap of trouble. Judge Reinhardt took the dissenting opinion on the case, commenting that while David Nosal may have gotten into "criminal or civil" liabilities while logging into his co-worker's accounts, "he has not violated the CFAA."
This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act (“CFAA”) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals. Whatever other liability, criminal or civil, Nosal may have incurred in his improper attempt to compete with his former employer, he has not violated the CFAA. — Judge Stephen Reinhardt, Ninth Circuit Court of Appeals
An act so widely perpetrated is far less likely to incur major legal repercussions, even if it does become enacted on more of a wider scale, but there is still a possibility for the federal appeals court's decision to let companies decide on their own whether password sharing should be more strictly reprimanded or not. Comments by Netflix earlier this year at CES suggest the company won't be heading in that direction any time soon, as CEO Reed Hastings saw the expansive sharing of their services as "a positive thing."
Top Rated Comments
(View all)Ah, it's just there to protect you! Except, when you actively share a password, at worst you're stupid, but at best it's intentional and with someone you trust with whatever the password unlocks.
Thank companies like Netflix for this mess existing.
This has nothing to do with security.
Might as well ban lending your car.
I mean, they could open the trunk with the key!!!! And who knows what you put in there!!!
Glassed Silver:mac
Good. If you share your details for a streaming service or online game then you are committing fraud. Plain and simple.
What fraud? At very worst it's a simple breach of contract.If you and some buddies, who aren't family, sign up for Spotify and split the family plan pricing between you, then it's fraud. Your intent is to avoid paying for a single user subscription by "pretending" you're family and at the same address.
First, what you described would be against Spotify's Family Plan Terms and Conditions. This is a contract of adhesion essentially, and on point it only says "All account holders must reside at the same address to be eligible for the Spotify Family Plan." So it doesn't actually define family, nor require any lineal or blood relationship. In theory, a bunch of guys living in a frat house with a Spotify family account would not be a breach of this contract. Interestingly, Spotify's larger general Terms and Conditions do not address this at all.Either way, if people were to do what you described above, it would be a violation of this contract. Spotify's Terms and Conditions discuss breach in a few sections. So Spotify does contemplate and foresee that some users will breach the contract. Should Spotify want, when they become aware of this breach, they can do a number of things including cancelling the contract and deleting the account. This is, simply, a breach of contract. Nothing more. As a party to a contract, you are allowed to breach it and suffer the consequences.
Second, your example fails as it isn't even an example of sharing login information. With Spotify family, each user uses their own login and password and otherwise keeps a wholly separate account. Being in the family plan just means one of the users is responsible for billing.
Really silly. Says a lot about how in America, it's all about the money at the expense of loss of personal freedom/decision.
Good. If you share your details for a streaming service or online game then you are committing fraud. Plain and simple.
I don't see this as either extreme. The reality is that some services (eg. cable ID based) are intended and priced for a single user/household, and it is not unreasonable for the provider to ask that you not expand usage beyond that audience. Other services (eg. Netflix) are priced for multiple users and can be used in that context. For example, I pay for the 4-stream 'family' plan on Netflix, and have no problem sharing that login within the family. Either way it is both reasonable and fair for the providers to ask that you respect the intent.