A San Francisco federal appellate court has issued a ruling that could give most Netflix users the willies: anyone who shares a Netflix subscription password could be charged with a federal crime.
The US Ninth Circuit Court of Appeals found, in part, that sharing passwords is a crime under the Computer Fraud and Abuse Act (CFAA), according to the opinion report filed on 5 July.
The decision effectively turned millions of people who share passwords for services like Netflix and HBO Go into "unwitting federal criminals," according to dissenting opinion.
The ruling was made in the case of worker David Nosal, an employee of the executive search firm Korn/Ferry International who left the company but continued, along with others, to access a database using the login of a former assistant of Nosal who still worked at Korn/Ferry.
For his use of the database, Nosal was eventually charged with conspiracy, theft of trade secrets and three counts under CFAA, and was sentenced to prison time, probation, and nearly $900,000 (£690,000) in restitution and fines.
While the law is widely considered an anti-hacking statute, the language making it a crime for anyone who "knowingly and with intent to defraud accesses a protected computer without authorisation" can be used well beyond the population of hackers, as it was in Nosal's conviction.
Dissenting Ninth Circuit Judge Stephen Reinhardt warned that the broad application of the law "loses sight of the anti-hacking purpose of the CFAA, and . . . threatens to criminalise all sorts of innocuous conduct engaged in daily by ordinary citizens" — such as sharing passwords.