Reed Hastings, Netflix co-founder and CEO, delivers the Keynote Address during the 2016 International CES, a trade show of consumer electronics, in Las Vegas, Nevada, January 6, 2016. A new federal court ruling could make sharing your passwords for subscription services a federal crime punishable by prison time, according to a judge who opposed the decision. File photo by Molly Riley/UPI |
License Photo
NEW YORK, July 11 (UPI) -- Subscribers who share their Netflix and services' login information could be breaking federal law, according to a dissenting opinion last week in the U.S. Ninth District of Appeals court.
The three-member panel, in a 2-1 decision, found that certain instances of sharing passwords is a crime punishable by prison time under the Computer Fraud and Abuse Act. And in his dissenting opinion, Stephen Reinhardt wrote Tuesday the decision makes millions of people "unwitting federal criminals" if they share passwords.
The ruling involved David Nosal, a headhunter who left the executive search firm, Korn/Ferry, after being denied a promotion and then used the password of an employee to access the company's database at a competing search firm he started. He was sentenced to one year and one day in prison and nearly $900,000 in restitution and fines for hacking.
Reinhardt agreed with the convictions but said the appeals decision "loses sight of the anti-hacking
purpose of the CFAA, and despite our warning, threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens."
He said no distinction in password sharing in this case and users of subscription services.
"The majority does not provide, nor do I see, a workable line which separates the consensual password sharing in this case from the consensual password sharing of millions of legitimate
account holders, which may also be contrary to the policies of system owners," he argued. "There simply is no limiting principle in the majority's world of lawful and unlawful password sharing.
But judge M. Margaret McKeown disagreed with this logic.
"Nosal and various amici spin hypotheticals about the dire consequences of criminalizing password sharing. But these warnings miss the mark in this case," she wrote. "Nosal is charged with conspiring with former Korn/Ferry employees whose user accounts had been terminated, but who nonetheless accessed trade secrets in a proprietary database through the back door when the front door had been firmly closed."
This access falls squarely within the CFAA's prohibition on access "without authorization," McKeown said in the opinion.
Writing for the New Yorker in 2013, Tim Wu called the CFAA "the most outrageous criminal law you've never heard of. It bans 'unauthorized access' of computers, but no one really knows what those words mean."
