Sharing your Netflix password might just be a federal crime

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A ruling made by an appeals court in California last week means the next time you borrow someone else's Netflix password to binge on Narcos, or play Game of Thrones on a friend's HBO Go account, you may be committing a federal crime.

On 5 July, a three-judge panel from the US Ninth Circuit Court of Appeals in San Francisco ruled in a dispute between the headhunting firm Korn Ferry and a former employee who accessed its database after leaving the company. Sharing passwords without the permission of the system’s owner, the panel found, is an offence punishable under the US Computer Fraud and Abuse Act (CFAA).

The sole dissenting judge, Stephen Reinhardt, wrote in his opinion that the ruling could potentially “make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”

The case before the court involved David Nosal, a former employee at Korn Ferry in Los Angeles, who continued to use his former assistant’s password to access the firm’s database while preparing to launch his own rival headhunting practice. As Fortune reported, Mr Nosal was charged with conspiracy, theft of trade secrets and three other counts related to CFAA, earning himself prison time and close to $900,000 in fines.

Video-on-demand services have so far shown little interest in cracking down on password-sharers, even though Netflix terms of use state that “the Account Owner should not reveal the password to anyone." In fact, the Netflix service is explicitly designed for one account to be used by several people in the same household, offering separate watch-lists and viewing recommendations for up to five family members.

According to Variety, a 2015 study by Parks Associates suggested streaming services could lose more than half a billion dollars per year to password sharing, but another survey conducted this year by IBM found that fewer than five per cent of Netflix users share their passwords with people outside their family.

In her majority opinion, Judge Margaret McKeown wrote that she was aware the court’s reading of CFAA “may capture arguably innocuous conduct, such as password sharing among friends and family,” but suggested that courts would apply common sense regarding the “facts and context” of future cases.

“The circumstance here—former employees whose computer access was categorically revoked and who surreptitiously accessed data owned by their former employer—bears little resemblance to asking a spouse to log in to an email account to print a boarding pass,” she wrote.