Internet

Yes, Sharing Your Netflix Password Is a Federal Crime. No, This Isn't New.

The worst tech law in the country continues to criminalize citizens.

|

'Orange Is the New Black'
'Orange Is the New Black' / Netflix

A new federal appeals court ruling serves as a reminder that the Computer Fraud and Abuse Act (CFAA) is utterly awful and needs to be reformed, and that you have probably violated it as some point.

A new ruling revolves around a case where a former employee of a firm continued to access the client database of the firm as he planned to launch a competitor. The man was eventually charged with conspiracy, theft of trade secrets, and violations of the CFAA and eventually convicted.

One of the violations included sharing his password to others to access this database, so media coverage of the court's decision has suggested that it is "now" a federal crime to share passwords to things like your Netflix account (see this Fortune headline as an example).

While this media attention is welcome, it's worth pointing out that this is absolutely not a new thing, and under the wording of the CFAA has always been the case, which is why it's such a terrible law. The CFAA criminalizes any "unauthorized access" to a computer system of database to commit any sort of fraud. So, for example, letting somebody access your Netflix account or Steam account—or any sort of online service that charges access for movies, games, music, et cetera—in order to watch or play for free could be a violation of the law. That's a type of fraud.

This same sort of interpretation of the law was used to convict Matthew Keys for handing over the password to a person in Anonymous, allowing the second person to access and change the headline of a story at the Los Angeles Times. Keys was punished in part for facilitating this "unauthorized access." That this antihacking law has been pressed into service in situations where no "hacking" actually took place is not a new thing.

One judge, Stephen Reinhardt, objected to applying the CFAA to situations where passwords have been shared. He noted that the ruling "loses sight of the anti-hacking purpose of the CFAA, and despite our warning, threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens." (Read the ruling here)

The ability to interpret the prohibitions of the law extremely broadly has prompted the American Civil Liberties Union (ACLU) to file suit to block part of the law. They argue that the law's bans on unauthorized access or violating a site's terms of agreement make it a felony for researchers and journalists to investigate whether sites engage in discrimination in their use of consumer-driven algorithms by pretending to be somebody that they're not for auditing purposes. Read more about their suit here.

Advertisement

NEXT: Supreme Court Delivers Bitter Pill on Religious Liberty

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Even without the CFAA, it would still be a violation of Netflix’s terms of use to share your account password with people outside of your household.

    1. Netflix can’t throw you in prison.

      1. Yeah, no shit.

        1. So where are you getting “legally wrong” from?

          1. Contract law and common law

            1. TOS have been frequently ruled and are generally consdered not to be contracts.

              1. http://www.forbes.com/sites/ol…..dab420783a

                Read that. You have some, seriously flawed ideas about what a TOS is and what it allows.

                1. Read that. You have some, seriously flawed ideas about what a TOS is and what it allows.

                  Not only does that example not come close to what I’m talking about, it’s an entirely different issue — that of terms of service being communicated out of band with the service agreement. That’s like the finance company sending me new terms in the mail after I’ve already signed the mortgage documents. I don’t have to agree to the new terms.

                  It doesn’t refute, and in fact somewhat obliquely affirms, that terms of service can include legally enforceable provisions related to the use of the service.

              2. Sharing your account password is not like copying text from the page or hotlinking an image or whatever other frilly TOS have been thrown out. Moreover, the contract is what you agree to when you sign up and pay for an account with Netflix, which includes the terms of service. You engage in a business relationship with them, which is a bit stronger than a drive-by visit to a free website.

                1. “Sharing your account password is not like copying text from the page or hotlinking an image or whatever other frilly TOS have been thrown out.”

                  Actually, it’s exactly the same.

                  1. Actually, it’s exactly the same.

                    … sure, and it’s exactly the same for me to pilfer your yard waste and to boost your $30k car. No difference, at all.

                    1. Wait, is that supposed to prove YOUR point?

                    2. It doesn’t “prove” anything, but so far we’re operating at “violating TOS is always and everywhere a trivial and legally unenforceable matter” on your part so the standard of proof is pretty low.

                    3. “violating TOS is always and everywhere a trivial and legally unenforceable matter”

                      So, you’re also one of those assholes who makes up arguments for people, puts them on quotes and then forwards them as, that persons argument.

                      I never said that, and you’re a liar.

                    4. FFS I wasn’t quoting you you moron. This is fucking pointless.

                    5. Ad now you’re one ofcthose assholes who lies after getting called on their shit.

            2. And the most you’d get from violating that is termination of your account, or in other words, what the agreement of exchange was for. Once that is done, it’s over. That’s it. No more than that.

      2. They can do worse, they can cut off your Netflix.

    2. is that a crime we should be putting people in jail for? sharing a netflix password?

      funny how the same progs I talk to rally about how we put too many people in prison call for more laws at the same time. How do you thin…… wait I’ll stop right there. You don’t think.

      1. I’m not justifying the interpretation of the CFAA. I’m saying it would still be legally wrong to share your password without the CFAA.

        1. No see, the difference between a company’s terms of service and federal law is that a violation of the former by itself cannot land you in jail. TOS don’t have the force of law behind them unless a law is specifically written to enforce them, which even the CFAA doesn’t do.

          1. Again, no shit.

            1. So then in what way would it be legally wrong to share your password without the CFAA?

              1. Depending on what exactly is being done, it could be fraud, breach of contract, or even a tort (not likely in this case, unless e.g. you knowingly gave account access for the purpose of denial-of-service or something else nefarious).

                1. So, in that case, all laws that have nothing to do with the TOS, and things that would be crimes anyway.

                  1. would be crimes anyway

                    … except for the part where breach of contract requires a contract to define the terms and thus what constitutes a breach. You know, like the contract that includes terms of service when you sign up for a Netflix account.

                    1. “requires a contract to define the terms”

                      And you think that’s what TOS are, or at least equivalent to.

                      I get it.

                      Courts don’t agree with you. Sorry.

                    2. I get it.

                      No, you really don’t. But it’s becoming obvious you don’t want to, either.

                    3. Fuck you you legally ignorant know nothing.

                    4. Fuck you you legally ignorant know nothing.

                      WTF is wrong with you? Did you spend 5 years in prison for de-obfuscating JavaScript or something?

                    5. “Sharing your account password is not like copying text from the page or hotlinking an image or whatever other frilly TOS have been thrown out.”

                      This stupid motherfucker actually thinks the terms of service from MS were “frilly” and that they, despite being present on an operating system run by 90% of the world are somehow not as important as those of a streaming video service.

                      Yes, we’re laughing at you “TOS ARE LIKE LAWS! ” guy.

                    6. You know what? I can’t read your motherfucking mind. But apparently I’m supposed to, because you keep throwing out new shit that’s got nothing to do with what I’m talking about and I guess I need to have pre-responded to whatever bullshit you’re going to say next otherwise I’m all kinds of stupid. Why don’t you post another article that’s going nothing to do with what I’m saying, because that’ll prove the fucking point. Spoiler alert: I probably haven’t already read it.

                    7. Um, are you ok?

                      Because you wrote that, in a conversation we were having, about ten minutes ago.

                      There nothing new there, Alzheimer’s guy.

                    8. “Why don’t you post another article that’s going nothing to do with what I’m saying,”

                      Hey! Look who didn’t read the article about when TOS are legally binding, during a discussion of when TOS are legally binding.

                      You’re a fucking retard.

                    9. Are you seriously arguing that a EULA with accompanying TOS isn’t legally binding? The entire tech industry is built around them being binding.

                    10. AIA article on courts’ posture on clickwrap (generally enforceable) and browsewrap (generally unenforceable) TOS agreements

                      Unless Netflix’s in-house counsel is incompetent, they have an enforceable clickwrap license with the users.

                    11. *ABA

                      **I improperly implied that EULAs and TOS come packaged together. That’s usually not the case, but the lines are blurred as of late.

        2. It would be a tort. A civil action whereby Netflix claims they’ve been harmed by an action of yours. This isn’t even ‘speeding ticket’ levels of ‘illegal’. Perfectly legal actions can give rise to valid claims of harm.

      2. As long as it keeps my bandwidth popping, we need to put as many of those Netflix-abusing bastards away as possible.

        1. Netflix Abuse.
          If you see something, say something.

          1. I CAN’T 360 NOSCOPE JUMP SHOT N00BS WITH 120MS LAG FUCKO

      3. Theft is theft.

    3. Yes, and then Netflix could sue you or cancel your account, which proportionate to the injury. A prison sentence of several years is not.

    4. My household spans many houses.

      If Netflix don’t like it, they can suspend my account. No need to get all lawsuit-y about it.

      1. If Netflix don’t like it, they can suspend my account. No need to get all lawsuit-y about it.

        Presuming you are sharing your account password with other people in a way that breaches the TOS, then it might not be worth it for them to sue you, but it would be their prerogative to do so.

        If you are knowingly breaching their TOS, then you can suspend your own account or just set up multiple accounts. The onus for remediation does not typically fall on the aggrieved party.

        1. I’ve seen you before, you’re that guy on Slashdot who mistakenly thinks TOS have the force of ironclad law.

          They don’t. They frequently fail in court.

          They’re voluntary agreements, and courts have often found the terms onerous.

          1. Reading them is onerous. Hell, having to speed-scroll to the bottom to click agree is onerous. In fact, clicking agree is onerous.

            1. I like Steam’s changes where games I’ve already bought years ago suddenly start having a TOS that I must ‘agree’ to abide by to play *now*.

              But AFPT – obviously you and kbolino don’t agree here, but could you reign in the *pointless insults*? Either debate the guy or ignore him. Screaming that he’s an asshole because he isn’t bowing down to your superior wisdom is not advancing the argument.

          2. you’re that guy on Slashdot

            I haven’t commented on Slashdot in a long fucking time, so I somewhat doubt you’ve seen me (although it’s not impossible, I remember PapayaSF from before commenting here). Same handle.

            thinks TOS have the force of ironclad law

            No. Terms regarding the nature of the service generally do have the “force of law” insofar as your failure to follow them can constitute grounds for legal action. Terms through in for frill and legal effect are a different matter.

      2. They will – as I found out.

        Apparently your household can’t span multiple cities or they get suspicious.

        1. Sure it can span multiple cities. They SELL the idea that you can use Netflix on mobile devices.

  2. Talk about reform all you want. There is zero incentive to lawmakers, lawyers, or law enforcement to have less of any laws. Their benefit lies in keeping all the existing laws and making more. So that’s exactly what we see happening.

    1. You cant rule innocent men.

    2. In all fairness, if legislators are not enacting new laws or modifying existing laws, the citizens clamor that they are a “do nothing Congress” (which a good thing in my minds eye). We elect and pay those SOB’s to pass laws, and by god, they are going to do it. Personally I believe it is more a fault of POTUS. POTUS should be vetoing 99% of new laws and forcing Congress to override. That’s when we get the “checks and balances” between the branches that we were promised. That and an educated populace that understands that no law prevents an event from occurring, only prescribes a punishment for said event.

  3. Words have no meaning anymore. Sharing a password isn’t “hacking” you morons

    1. No, its social engineering.

  4. Can anyone find a story where someone got arrested for sharing their password and nothing else?

    1. How about this one, you know, from the article…

      1. You clearly didn’t read what I italicized. Did the slantyness of the letters throw you off?

      2. If you’ll peruse the comments of the linked article, you will see that a slightly altered headline that was changed back almost instantly is in fact the end of the fucking world.

    2. If “something else” is required to make it bad enough to send people to jail over, then the law should say what that “something else” is instead of leaving it some random prosecutor to decide.

    3. Why is that important?

      An unjust law is still unjust regardless of whether or not prosecutors enforce it with consistency.

      1. It’s important to me because I’m tired of “John Doe got arrested for doing other illegal things and sharing his password, we’re going to focus on sharing his password”. Yeah, yeah, it’s not my website and I don’t have to read the stories, I get it. And yeah, you think all of the other things shouldn’t be illegal either. I understand that software is the only arena where socialism isn’t just accepted but openly fought for.

        1. He got convicted of the other stuff, and the appeal doesn’t center on those issues. The fact that they were able to make a case against him without the CFAA charges just further reinforces that the CFAA isn’t necessary where the person actually did bad stuff.

          1. Exactly why I’d like to see a report about a person who got arrested solely for sharing his password. Something with a Buzzfeed worthy title like “This Man Shared His Password, You Won’t Believe What Happened Next!”

            1. I’m sure there isn’t one because this is the first appeals court to address the issue of whether password sharing is even covered under the CFAA.

  5. http://www.washingtonpost.com/news/wo…..w#comments

    Leaked German document says 2000 men assaulted 1200 women in Cologne New Years Eve. Those of you who claimed it was a hoax or was exaggerated or somehow didn’t involve Muslim refugees, can you please admit how wrong you were now?

    Read the comments to watch various feminists defend this and say that it is no big deal. Drunken sex at a frat party is the “rape culture” and must be stopped. Thousands of men systematically assaulting and raping 1200 women is just a small cultural disagreement that only the intolerant have a problem with.

    1. This is typical of the feminists comments on this

      Katy Cordeth
      12:23 PM EST [Edited]
      Sorry, kids, I’m-a have to love you and leave you. Liberals and smart, non-bigoted conservatives (I know there are some of you out there), keep it real. The rest of you… well, I don’t know what to tell you. Try not to be quite so intolerant of those different from you; recognise that the refugees you despise are fleeing a brutal dictator and an even more brutal, twisted form of Islam; and remember that these people’s refugee status is a direct result of an unjust war begun by an unscrupulous and feeble-minded president.

      This traitorous Islamist rape apologist (all things I have been called today) may return to this thread at a later time.

      1. I wouldn’t call her a “traitorous Islamist rape apologist.” A blind morally stunted idiotic rape apologist, sure, but not necessarily traitorous or Islamist.

        1. How about cunt, and leave it at that?

      2. Well calling her a traitorous Islamist rape apologist is over the top.

        Doubtful she’s a traitor, after all, and there’s some ambiguity around Islamist as well. Was she being called an Islamist, or was Islamist being used to modify rape?

        Because she’s definitely a rape apologist.

        1. She is a Muslim rape apologist. Had the perps been American college students, she would not be apologizing for them.

          1. “Hack” is suitable. She’s a hack. When you’re towing the ideological lion and cannot find your way through the brambles of your twisted narrative far enough to see the thorny hell you’ve cultivated for yourself, and decide to die there rather than start tearing it up root and branch, you’re a hack.

          2. Gotta agree with John here. You see, it’s their culture that makes them rapey and we have to accept their culture.

            1. Progs only support freedom of religion if it is politically useful.

          3. Yes, but had they been powerful white left-wing politicans, she would be, so…

      3. Try not to be quite so intolerant of those different from you; recognise that the refugees you despise are fleeing a brutal dictator and an even more brutal, twisted form of Islam; and remember that these people’s refugee status is a direct result of an unjust war begun by an unscrupulous and feeble-minded president.

        So preaching tolerance towards rapists is feminism, while advising women to practice self-control with alcohol to avoid rape is anti-feminist.

        It’s almost a cliche around here at this point, but modern feminists appear to LIKE rape.

  6. Isn’t fraud lying for financial gain? Is using someones password for Netflix a financial gain?

    1. Kind of. You’re getting to use Netflix without paying for it.

      1. Which is clearly NOT a financial gain.

        1. If it was not a financial gain to use Netflix without paying for it, then why don’t you just sign up? By your logic there is clearly no financial loss in doing so.

          1. I have NO financial gain by using Netflix at home on someone else’s account.

            Unless you are afflicted with prog-think where not giving is taking.

  7. He noted that the ruling “loses sight of the anti-hacking purpose of the CFAA, and despite our warning, threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”

    “Loses sight”? You mean “brazenly and deliberately oversteps.” Prosecutors “lose sight” of the spirit of laws in the same way a prom-night mom “loses sight” of her bathroom delivery newborn in the dumpster.

    1. Dang, commoditus. You are killing it today.

  8. You know, there are other things on Netflix besides Orange Is the New Black.

    1. OitNB is a Netflix show set in a prison, and the CFAA can send you to prison if you share your Netflix password. See what Shackford did there?

      1. NO I DO NOT. I don’t watch the show so I don’t know what it’s about and, quite frankly, my television doesn’t even get the Netflix channel.

        1. Try adjusting your antenna and toggling your RF switch.

    2. There was no lesbian sex in Fuller House though.

      1. No transgressive cameo from the Olsen twins?

        1. I wouldn’t be interested in seeing anything naughty from them, they are looking rough these days.

          1. Not into Dark Crystal porn, eh?

          2. Maybe they need a cameo on Bojack instead.

          3. You don’t have sexual fantasies about hollow-eyed scarecrows??

    3. Thankfully.

  9. Has anyone watched the show Mr. Robot? it’s got killer reviews and looks pretty slick in the adverts but after reading the synopsis it sounds like the mental masturbation of a Occupy Wall St./Anonymous sympathizer. Anyone know if it’s worth a viewing?

    1. I liked it. And it isn’t as simplistic as that. But a lot of the political intent hinges on where they go in season two.

      1. I don’t hold out high hopes there. They have the opportunity through Angela to show that the hacker mob’s (and the left in general’s) knee-jerk anti-corporatism will end up screwing over a lot of decent and hard-working people, but instead it looks like they’re going to use her to show that corporate America simply corrupts whatever good those associated with it have inside them.

    2. I can’t remember what I was watching, but they did a segment on Mr Robot. What I saw there was enough to make me actively avoid it.

    3. I’ve been avoiding it simply because of the stupid fucking title. Makes it sound like a new version of Small Wonder.

      1. AntennaTV shows Small Wonder sometimes; I don’t remember its original run, but lord, that is a tire fire of a TV show. My Mother The Car isn’t as bad.

    4. I don’t get the hype. I think it’s decent, though up its own ass in numerous ways. I’d say it’s overrated just because people have gone crazy for it.

      1. That said, watch it. It may work really well for you.

      2. I think this sums it up. Solid show and totally worth your time, but it’s not anything groundbreaking. But hey, there’s a lot of gay stuff, and that automatically makes a TV program avant garde.

        I also found some of the high level details regarding E Corp’s backup strategy to be rather unbelievable, but I don’t think that’s any reason to avoid it.

  10. I left my office-job and now I am getting paid 100 usd hourly. How? I work over internet! My old work was making me miserable, so I was forced to try something different, 2 years after…I can say my life is changed-completely for the better! Check it out what i do..


    ????? http://www.CareerPlus90.com

    1. Only if you promise to share your password.

  11. Look, I was extremely careless with my Netflix password, but there was no criminal intent there. And no reasonable prosecutor would think so.

    1. +1 password1

    2. It wasn’t marked classified at the time!

  12. One judge, Stephen Reinhardt, objected to applying the CFAA to situations where passwords have been shared. He noted that the ruling “loses sight of the anti-hacking purpose of the CFAA, and despite our warning, threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”

    Feature, not bug. /statist asshat

    It’s too bad his last name isn’t Reinhold.

  13. . . . threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”

    Yep. Because legislation (and those who make it) no longer care what solutions people have already worked out and no longer seek to incorporate what everyone is already doing into their codifications of existing practices.

    ‘Top Men’ have looked at the issue and these ‘Top Men’ have made their pronouncements describing what is obligatory and what is prohibited. Now you will change your behavior to accommodate the vision of the perfect society these ‘Top Men’ are working to bring about or you will be broken.

  14. Unless something has changed, with the standard streaming Netflix account you get two “seats”. You can pay extra for more, but you can have two shows running to different platforms at once. That’s it. So if you do share your password, you can only share so much access time (2 seats for 24 hours a day). If you give the password out to 100 people, only two people can be on it at a time anyway, and I can’t imagine trying to keep a schedule of fifty different users for one account with only two seats. So perhaps there’s some financial loss to Netflix if there’s one extra user or so, but there’s going to be a quick limit imposed by the seating. But anyway, it is disheartening if people can’t pony about $100 a year for thousands of hours of fairly clear content. I suppose a lot of people feel like they’re putting one over on “the Man”, but it really isn’t that much money for your own account. As for it being a crime, it’s about on the level of shoplifting. Can’t imagine anyone doing a long stretch over a couple of slim jims, I can’t see anyone locked up for years for giving out their Netflix password.

  15. Netflix is nuts… You’ll be able to share this login (http://vidgostreamingtv.com/) info with 5 or more people at the same time. Seems like a better option, in my opinion. Don’t have to face jail time either 🙂

  16. I wouldn’t want complaints about this legisl’n to hang on the details of cases like this, wherein someone really did defraud someone by making use of their confidential info. The complaint seems to be tacking on separately the actual accessing of data in an unauthorized manner as a violation. It may be that the penalties are disproportionate, but I can’t get too upset until I see cases where such a separate violation was prosecuted where the accessing was innocent or resulted in a trivial harm, or maybe some intermediate case like the one where somebody put up a spoof headline on a story. That one was bothersome because of the nature of the trespass, so bringing up cases like this can only lead me to think, well, maybe it’s not such bad legislation after all.

  17. Whatever became of JURY NULLIFICATION???

Please to post comments

Comments are closed.