Contributed by Jeffrey Sebranek
The July 5, 2016 court case heard by the United States Court of Appeals 9th Circuit, has created a firestorm of controversy over the now potential illegality of friendly and familial password sharing for popular internet services such as HBO GO, Netflix, and Amazon Prime.
The case bringing this issue to the fore involves the 9th Circuit court of Appeals prosecuting a man named David Nosal, a former employee of an executive headhunting firm called Korn Ferry. Nosal, after voluntarily terminating his employment with Korn Ferry, determined to retain possession of his former employer’s login credentials for the purpose of using their database to start his own competing headhunting firm. His actions were prosecuted as a crime by the 9th circuit ruling. Nosal was subsequently sentenced to one year in prison, probation and a $900,000 fine to be paid in restitution.
The Computer Fraud and Abuse Act (CFAA)1 is the primary underlying law being applied to the Nosal case. The law is broadly worded and allows for the prosecution of any individual who among other things “knowingly accessed a computer without authorization…and thereby obtains information from any protected computer.” Nosal was also prosecuted under provisions of the Economic Espionage Act (EEA) prohibiting the unauthorized access of trade secrets.
Dissenting from the majority, Judge Reinhardt states his opinion that the case, is in fact, about password sharing, and that the “CFAA does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”2
Consumer and civil liberty activist groups such as the Electronic Frontier Foundation have had cause for concern that the CFAA could be interpreted to consider the numerous password-sharing computer users into criminals. While this concern remains valid, it is unlikely that Netflix, Amazon, HBO etc. plan on using the law to prosecute password-sharing members of their consumer base.
CEO’s from both HBO and Netflix have declared that password sharing is not something that they consider to be a problem at this point.3 From their point of view, putting their services and video content in front of as many eyes as possible is a positive marketing strategy. By chumming the waters with what is essentially free content, these companies view it as an invaluable method of building a consumer base of video addicts, who they believe will eventually be willing to shell out for their own personal accounts in future.
For all their seeming generosity, if and when these companies do decide that password sharing is no longer a beneficial marketing practice, there are a myriad of methods they may use to curb the practice without resorting to alienating the populace by calling in the federal jackboots. Shutting down or restricting accounts that access too many streams at once, or limiting the service to one or a few devices that must be authenticated by the user are just a few examples.
Of course it may be little consolation that the law was not intended to criminalize or even discourage password sharing; if the law technically allows for the prosecution of the practice, then of course it remains susceptible to abuse. Time will tell on the overall significance of this ruling and what may come with future appeals and new cases but for now it’s likely the parasitic streaming will continue unabated.