A NEWS CO-OP IN DC SO YOU DON'T HAVE TO BE

Netflix and Jail? Federal Appeals Court Says Password Sharing is Forbidden by CFAA

by

A federal appellate court in San Francisco last week ruled that password sharing can be illegal, in a case that could have a chilling effect on access to content-streaming sites like Netflix, Amazon Prime, HBOGO and others.

The circuit said in a 2-1 ruling that David Nosal violated the Computer Fraud and Abuse Act (CFAA) when he accessed proprietary data owned by his former employer.

While the court concluded that the ruling shouldn’t be read too broadly—because, it held, Nosal was stealing trade secrets—it did not seem to rule out the possibility that casual password-sharing should be criminalized.

“[T]he circumstance here…bears little resemblance to asking a spouse to log in to an email account to print a boarding pass,” Judge Margaret McKeown wrote for the majority.

She did not, however, cite as an example as permissible activity, sharing passwords to gain access to data protected by intellectual property claims.

“Implicit in the definition of authorization is the notion that someone, including an entity, can grant or revoke that permission,” McKeown noted.

The Ninth Circuit has jurisdiction over Arizona, Idaho, Montana, Nevada, and most Pacific Coast states and territories.

Writing in dissent, Judge Stephen Reinhardt said that Nosal may have incurred “other liability, criminal or civil…in his improper attempt to compete with his former employer,” but said that the CFAA shouldn’t apply.

“This case is about password sharing,” Reinhard wrote. “In my view, the [CFAA] does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”

Reinhardt also claimed the ruling flew in the face of a prior circuit decision involving Nosal’s breach.

“We emphatically refused to turn violations of use restrictions imposed by employers or websites into crimes under the CFAA, declining to put so many citizens ‘at the mercy of [their] local prosecutor,’” he said.

McKeown contended that Reinhardt’s dissent “would have us ignore common sense and turn the statute inside out.” That is, in fact, exactly what many critics of the CFAA want: for the judicial branch to rule it unconstitutionally vague.

As New York Magazine noted, the 1986 statute has been described as heavy-handed and outdated. Federal prosecutors who use it have been alleged of abusing their power, in some high proofile cases.

“Threatened with the prospect of years in jail for downloading millions of articles from JSTOR, the nonprofit digital library, cyberactivist Aaron Swartz committed suicide in 2013,” the magazine noted.

It also cited the prosecution of journalist Matthew Keys. In April, Keys was sentenced to two years in jail under the CFAA for giving log-in credentials “to vandals who changed a Los Angeles Times headline for less than an hour.”

Fortunately for those currently accessing Netflix itself through a third party, the company doesn’t seem intent on suing users who share passwords. If the company changes its mind, however, the Ninth Circuit may have given it license to file such litigation in the future.

Share this article:


Follow The District Sentinel on Facebook and Twitter.

Subscribe to our daily podcast District Sentinel Radio on Soundcloud or Apple.

Support The District Sentinel and get bonus content on Patreon.

Since 2010, Sam Knight's work has appeared in Truthout, Washington Monthly, Salon, Mondoweiss, Alternet, In These Times, The Reykjavik Grapevine and The Nation. In 2012, he worked as a producer for The Alyona Show on RT. He has written extensively about political movements that emerged in Iceland after the 2008 financial collapse, and is currently working on a book about the subject.

Latest from COMMUNICATIONS & TECHNOLOGY

Go to Top