No, you won’t face Federal charges for sharing your Netflix password

I really wish that people would read an appellate decision along with the applied statutes before making asinine statements. In this instance the decision by the Ninth Circuit Court of Appeals in US v. Nosal is the one being misrepresented to mean that sharing your Netflix password is a Federal crime.

The problem is the case in question dealt with corporate espionage, in which a former employee “borrowed” the login credentials of a current employee with the intent of mining confidential customer data. David Nosal, the appellant in this instance (meaning not the one appealing a lower court decision), also mined customer data while still employed with the intent of using it to compete against his employer in complete violation of standing agreements.

And because “password sharing” was somewhat involved here — despite the fact the case involved accessing internal company resources to which Nosal had lost authorized access — everyone is blowing out of proportion the implications. And I do mean blowing out of proportion. Way out of proportion.

To the point where they’re making it sound like sharing your Netflix password with a family member or friend is somehow worth 5000 USD.

The relevant statute that was applied is 18 USC § 1030(a)(4) — emphasis mine:

[Whoever] knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.

And there’s a reason the bar is set that high.

When the law was passed in 1986, password sharing was likely common. But there comes a point where sharing a password can be problematic. For example, I worked in health care for over 10 years. I’ve had access to patient information, as well as confidential information that was gathered and organized with regard to competitors. If I shared my passwords with anyone, you’d bet I’d fall under the jurisdiction of the above-quoted statute. And the same with where I currently work, which is in Electronic Discovery.

The question is the potential loss to the company owning the system being accessed in an unauthorized manner. Federal power is not something to be exercised willy-nilly, and the Federal government — whether via statute, regulation, or policy (such as the “Petite” policy) — ensures that prosecutorial power is not exercised unless there is a very clear reason. Mining confidential company information, whether about customers or trade secrets, can easily exceed the 5000 USD minimum statutory limit.

Sharing your Netflix password, thereby depriving Netflix of 10 USD up to 25 USD per month through a lost household subscription? Not even close.

To get to that point, you’d have to share your password with a significant number of people. And Netflix (or Hulu, Amazon Prime or what have you) would probably not even allow that many people to access the account anyway, and would probably even terminate it long before it got to that point.

And what about the other provisions of 18 USC § 1030? Do any of them apply to Netflix, or other similar media service, and sharing your password? No. Read the statute if you don’t believe me.

So don’t start thinking that the Ninth Circuit just declared it illegal to share your Netflix password. They didn’t do any such thing.