A US court has issued a ruling that could make sharing passwords to streaming sites such as Netflix and Spotify a federal crime.
The US court of appeals ruled in favour of a new criminal act designed to counter cases of hacking this week, but the decision may have consequences for people who share their passwords for “innocuous” reasons.
Essentially, using someone else’s Netflix account now constitutes a criminal act in the US under the Computer Fraud and Abuse Act (CFAA).
The ruling came from the ongoing United States v Nosal case.
David Nosal is a former employee of the recruitment firm Korn/Ferry. He left the firm in 2004 to launch a competitor, and allegedly used a former co-worker’s password to access a work computer after his personal access was revoked.
Nosal was charged in 2008 with hacking under the CFAA and the court concluded that he acted “without authorization” in violation of the law.
According to the outcome of the case, no person giving their password to someone else constitutes authorisation, the company that issued it has to allow it.
Judge Stephen Reinhardt noted that the decision “threatens to criminalise all sorts of innocuous conduct engaged in daily by ordinary citizens”, such as those who share passwords for streaming sites.
Despite the outcome, it’s unlikely that companies such as Netflix will come after password-trading customers in the US.
Netflix have previously gone on the record to say that they don’t see password sharing as a major cause for concern, despite the fact that the American entertainment trade magazine Variety reports that the streaming sector has lost upwards of $500 million worldwide due to the practice.