Three judges from the Ninth Circuit of the United States Court of Appeals passed down a ruling, two-to-one, that password sharing is a federal crime. This is in response to a former Korn Ferry employee, David Nosal, who was accused of headhunting former colleagues to obtain their user credentials, with the intention of stealing Korn Ferry data. Obviously, this was a frowned-upon practice, and it landed Nosal in hot water. He was charged with hacking under the Computer Fraud and Abuse Act, which is known as a particularly overarching piece of legislation. This act technically allows the Justice Department to go after anyone who violates the Terms of Service agreement that they supposedly read.
In Nosal’s case, he managed to get off scot-free when the judges tossed out some related charges against him in 2011, but he wasn’t so lucky with his 2013 charges. Thanks to a court ruling from a federal jury, he received a prison sentence of one year and one day, as well as a felony that he will carry with him for the rest of his life.
Granted, not everyone is happy with the precedent that this ruling sets. The judge who voted against the ruling, Stephen Reinhardt, shared his thoughts on the subject: “This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act (“CFAA”) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”
Among this generally harmless conduct would include a user watching Netflix, as well as other subscription-based streaming services, like Hulu Plus or HBO Go. For example, Netflix offers its services on a per-household basis, which allows for the streaming of Netflix on six different devices, including two of them at the same time. Netflix could, theoretically, crack down on users sharing their passwords if they don’t expressly ask for permission from the streaming service first.
Yet, the question here is, “What would be in it for Netflix if they did choose to pursue this particular path?” On one hand, it would probably net them some extra revenue, but on the other, it would leave a bad taste in the mouth of its consumers. Either way, this precedence means that, should the CFAA continue to function in this manner, holding onto your password and keeping it secure will become even more important in the future, perhaps on par with banking credentials and personally identifiable information.