A US appeals court ruled on Tuesday (July 5) that sharing passwords was punishable under the Computer Fraud and Abuse Act, a law designed to counter cases of hacking.
David Nosal, a former employee of Korn/Ferry, defected from the executive search firm to launch a competitor along with a group of co-workers. After his computer access credentials were revoked, Nolan or other former employees used the login credentials of a current employee to gain access. The US Court of Appeals for the Ninth Circuit concluded that he acted “without authorization” in violation of the CFAA.
The question is over who needs to give the authorization. According to this case, an employee giving their password to someone else is not authorization—the company has to allow it. By that logic, Netflix has to authorize the sharing of passwords between friends, Motherboard points out. Nosal’s defense challenged the court’s decision for potentially criminalizing password sharing.
However, the court disagreed and said the case is not really about the act of password sharing, but how Nosal and the others conspired to access trade secrets in a proprietary database after their accounts were terminated. The panel of judges ruled that Nolan accessed a protected computer “knowingly and with intent to defraud.”
So, what does this mean for the college kids trading Netflix and Hulu accounts? Technically, most companies consider password sharing a violation of their terms of service, but it’s very unlikely that they’re going to come after you. Despite being poised to lose almost $500 million due to illicit password sharing, online streaming services are not cracking down on accounts with multiple users, according to Variety.
In the US, it’s estimated that a third of Netflix users don’t pay. Even so, Netflix and HBO CEOs are cool about you sharing passwords. The appeals court ruling might make people anxious, but the online services we use are likely to remain lenient as long as you mostly share with the people you live with—if you trust them.