Everybody needs to Netflix and chill out.
A recent appellate court ruling terrified legions of streaming viewers by suggesting sharing your password is going to land you in the real-life version of “Orange is the New Black.” But that’s not exactly what the case was about, and there’s no reason to believe the FBI is going to come knocking at your door to make sure you logged out of your ex’s HBO Go account.
Here’s the short version of the case: David Nosal worked as a regional director at an executive search firm called Korn Ferry International. He left the firm and secretly started his own competing business. He had someone else use the login information of his former assistant who still worked at Korn Ferry to download extremely valuable proprietary information from the company’s database.
The U.S. 9th Circuit Court of Appeals handed down a decision in early July in the case of United States vs. David Nosal affirming that he knowingly stole trade secrets by accessing a protected computer “without authorization” in violation of the Computer Fraud and Abuse Act and in violation of the Economic Espionage Act.
Video streaming sites had nothing to do with the case. The only reason anyone is bringing it up is because Circuit Judge Stephen Reinhardt, in his dissent, argued that the ruling could hypothetically lead to a precedent where anyone who shared a password could be construed to be violating the Computer Fraud and Abuse Act, or CFAA.
I would hold that consensual password sharing is not the kind of ‘hacking’ covered by the CFAA.
The CFAA was passed in 1986 and was intended to be used to prosecute people suspected of hacking into someone else’s computer network and stealing information from it. As technology has evolved, the CFAA is generally perceived to be overly broad and ambiguous by legal experts. The person who stole all those celebrity nude photos was prosecuted under it this year. In 2015, President Obama and the Justice Department proposed a number of changes that would narrow the circumstances under which someone could be prosecuted for violating the CFAA.
In the decision itself, the judges wrote, “This appeal is not about password sharing.” In his dissent, Judge Reinhardt wrote, “This case is about password sharing.” So it’s easy to see how people were a little confused by it.
But to be clear, the dissenting judge was concerned about a speculative future situation. It’s not like some new law was passed that criminalized sharing your password, and no one has been indicted for watching “Mr. Robot” with their mom’s Hulu Plus login. One judge is just saying he’s concerned about setting an overly zealous precedent.
Besides, streaming sites know people share logins, and none of them appear to be cracking down on it. HBO Chairman and Chief Executive Richard Piepler said password sharing wasn’t encouraged but wasn’t a big enough problem to warrant the network’s attention. Netflix CEO Reed Hastings said people sharing an account hasn’t really been a problem for his company either. And according to court documents, the firm where Nosal worked had employees sign a confidentiality agreement stating they would not share login information with anyone else.
If you’re still worried about doing hard time for your old roommate’s binge-watch, you could always change your password.
Tell Jessica your ex-boyfriend’s HBO Go login on Twitter @jessica_roy.