Last week, the U.S. Court of Appeals for the Ninth Circuit ruled that sharing passwords is a violation of the Computer Fraud and Abuse Act (CFAA), a so-called “anti-hacking” law.
The case centred on David Nosal, a former employee of Korn/Ferry International research firm, who was convicted of “unauthorized” use of a computer system under the CFAA for using a former co-worker’s password to access one of the firm’s databases.
Judge Stephen Reinhardt wrote the dissenting opinion in the case saying the decision “loses sight of the anti-hacking purpose of the CFAA, and despite our warning, threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”
Civil liberties groups have called the CFAA an overly broad piece of legislation, with the American Civil Liberties Union filing a lawsuit challenging the constitutionality of the CFAA. And technically speaking, the recent ruling could open the door for millions of Americans to be charged for violating federal law by sharing their Netflix, HBO or Facebook accounts.
But are people actually going to go to jail or receive fines for sharing their passwords? Probably not says University of Ottawa professor Michael Geist, a prominent online law expert.
“It’s certainly an infringement of the contract, presumably the terms of service discourage or don’t permit that kind of sharing,” Geist told Global News. “But no one is going to jail over sharing a Netflix password.”
Canada has similar legislation designed to address unauthorized access under section 342.1 of the Criminal Code. which states that “everyone who, fraudulently and without colour of right” obtains “directly or indirectly, any computer service” can be subject to criminal charges.
“This provision has been used in hacking circumstances,” said Geist. “It falls to the Crown to decide whether or not to pursue cases, and with this kind of very low level case the Crown would be really unlikely to use its resources to bring about criminal charges.”
If streaming services like Netflix or HBO did start to crack down on people who share their password, they certainly have the financial motivation.
A report last year from Parks Research analyst Glenn Hower says streaming companies could be losing out on up to US$500 million a year as a result of password sharing.
According to the latest numbers, Netflix has more than 81 million members in over 190 countries. But that number could be even higher, due to the ability to have multiple users on one account.
Most streaming services have terms and conditions that prohibit the sharing of passwords. For example, Netflix says access to its service is “non-transferable” and “the Account Owner should not reveal the password to anyone.”
The heads of major streaming companies have viewed the sharing of passwords among family and friends as a marketing tool to increase viewership. Speaking in January, the head of the streaming-video giant said it viewed password sharing as a “positive.”
“We love people sharing Netflix,” CEO Reed Hastings said at the Consumer Electronics Show in Las Vegas “That’s a positive thing, not a negative thing.”
The company has focused its attention on other concerns, including taking aggressive action against those using virtual private network (VPN) services that allow people to access content from other countries.
When contacted by Global News for this story Netflix declined to comment.
HBO has also said it won’t go after customers who share their passwords for their streaming service, HBO GO.
In a 2014 interview, HBO’s chief executive officer Richard Plepler said he wasn’t concerned about it.
“To be honest, it’s not material to our business,” Plepler said. “It’s not that we aren’t mindful of it, but it has no real affect on the business.
“To us, it’s in many ways a terrific marketing vehicle for the next generation of viewers.”
Geist also said that the one-off sharing of passwords likely isn’t a copyright infringement concern.
“In Canada there are criminal copyright provisions but we don’t see them widely used and I can’t imagine you would see the used in this kind of context,” he said.