Become a MacRumors Supporter for $25/year with no ads, private forums, and more!
  • Did you order new AirTags? We've opened a dedicated AirTags forum.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,402
14,096



Earlier this month a federal appeals court decided that an employee "acted without authorization" after he used a former co-worker's password login without their permission, in order to gain access to a collection of their data. Concerning the case The United States of America v. David Nosal, this has led to a decision by the court to rule that password sharing is a federal crime under the Computer Fraud and Abuse Act, meaning that sharing your login among friends and family for accounts like Netflix and HBO Go could now be an illegal act (via TechCrunch).

Judge McKeown, who is close to the case and wrote its opinion, admitted that more innocent forms of password sharing "bears little resemblance" to the circumstances presented in the lawsuit that ignited the ruling. McKeown urged future judges and courts to consider how important "facts and context" are to each case, and craft rulings surrounding password-sharing lawsuits and their legality from there.

netflix2.jpg

While the daily sharing of passwords has yet to be designated as a violation of federal law, some do see the new ruling as a slippery slope to a future where giving a friend your HBO Go login could land you in a heap of trouble. Judge Reinhardt took the dissenting opinion on the case, commenting that while David Nosal may have gotten into "criminal or civil" liabilities while logging into his co-worker's accounts, "he has not violated the CFAA."
This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act ("CFAA") does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals. Whatever other liability, criminal or civil, Nosal may have incurred in his improper attempt to compete with his former employer, he has not violated the CFAA. -- Judge Stephen Reinhardt, Ninth Circuit Court of Appeals
An act so widely perpetrated is far less likely to incur major legal repercussions, even if it does become enacted on more of a wider scale, but there is still a possibility for the federal appeals court's decision to let companies decide on their own whether password sharing should be more strictly reprimanded or not. Comments by Netflix earlier this year at CES suggest the company won't be heading in that direction any time soon, as CEO Reed Hastings saw the expansive sharing of their services as "a positive thing."

Article Link: Court Ruling Could Lead to Stricter Password-Sharing Laws in the Future
 

Glassed Silver

macrumors 68020
Mar 10, 2007
2,096
2,561
Kassel, Germany
That law shows very well how lobbying works under the radar.
Ah, it's just there to protect you! Except, when you actively share a password, at worst you're stupid, but at best it's intentional and with someone you trust with whatever the password unlocks.

Thank companies like Netflix for this mess existing.
This has nothing to do with security.
Might as well ban lending your car.
I mean, they could open the trunk with the key!!!! And who knows what you put in there!!!

Glassed Silver:mac
 
Last edited:
Comment

tann

macrumors 68000
Apr 15, 2010
1,807
501
UK
"I didn't give them my login, I logged in myself!"

Could this save someone? Or have I misunderstood.
 
Comment

maflynn

Moderator
Staff member
May 3, 2009
67,813
35,261
Boston
My company has a strict no sharing of passwords, yet in my job, in supporting the users, its quite evident that they still do. I think its a mindset that will be very hard to break.
 
  • Like
Reactions: oneMadRssn
Comment

rdlink

macrumors 68040
Nov 10, 2007
3,226
2,434
Out of the Reach of the FBI
My company has a strict no sharing of passwords, yet in my job, in supporting the users, its quite evident that they still do. I think its a mindset that will be very hard to break.

We have had a long standing policy whereby if an IT person becomes aware that someone has shared their password, including with us we are to change it immediately, and set their account so that they are forced to change it again when they next log in. We can be terminated if we fail to do it.
 
  • Like
Reactions: jettredmont
Comment

TurboPGT!

Suspended
Sep 25, 2015
1,595
2,620
I find it interesting how the article has absolutely NOTHING to do with Netflix, yet there it is as the center piece image, and gets a mention in the article.

Do people really share Netflix login information that much?? I know I've done this in the past, but I cut people off when Netflix started getting heavy handed about it, and I couldn't watch something when I wanted to.

Just find it interesting that its still so common. Seriously people, if you use the service, PAY for it. It's a drop in the bucket every month compared to the value it brings.
 
  • Like
Reactions: mijail and milo
Comment

KoolAid-Drink

macrumors 68000
Sep 18, 2013
1,524
498
USA
Really silly. Says a lot about how in America, it's all about the money at the expense of loss of personal freedom/decision.
 
Comment

JRobinsonJr

macrumors 6502a
Aug 20, 2015
660
1,167
Arlington, Texas
Really silly. Says a lot about how in America, it's all about the money at the expense of loss of personal freedom/decision.

Good. If you share your details for a streaming service or online game then you are committing fraud. Plain and simple.

I don't see this as either extreme. The reality is that some services (eg. cable ID based) are intended and priced for a single user/household, and it is not unreasonable for the provider to ask that you not expand usage beyond that audience. Other services (eg. Netflix) are priced for multiple users and can be used in that context. For example, I pay for the 4-stream 'family' plan on Netflix, and have no problem sharing that login within the family. Either way it is both reasonable and fair for the providers to ask that you respect the intent.
 
Comment

MikhailT

macrumors 601
Nov 12, 2007
4,518
1,185
Really silly. Says a lot about how in America, it's all about the money at the expense of loss of personal freedom/decision.

No, it isn't silly. What's silly is you turning this into some kind of freedom issue when it has nothing to do with it, especially since it doesn't impact the owner or the user. In addition, this case doesn't apply to everyone either, nor does it apply to Netflix. No federal laws has been established to rule password sharing is explicitly illegal _in all cases_. Netflix can say that you're allowed to share credentials but at the same time, they can also say it is not allowed and they can stop offering you the service if they find that you're breaching the contract. You, as a user, agreed to a contract that says you're the only one authorized to use the service.

In fact, Netflix and other services lose money each time a person watch a stream, so the fact that sharing credentials means that more users would be watching the same content at the same time means they lose money. Therefore, this isn't silly at all to limit the service to the authorized users. You do not own the content on Netflix.

If you want to share stuff, put it on your private network and share it with your friends and family members. You do not have the right to do the same thing on someone's else network that they have to pay for.

Also, in this specific case, the employee does not have any rights to the content nor do they own the computers. At work, you are not entitled to anything, everything you do is under the authorization of the company. The court said that the persons exceeded their authority and thus, they didn't have the right to download these company-owned docs to their personal computers.
 
Comment

EricTheHalfBee

Suspended
Mar 10, 2013
467
739
What fraud? At very worst it's a simple breach of contract.

If you and some buddies, who aren't family, sign up for Spotify and split the family plan pricing between you, then it's fraud. Your intent is to avoid paying for a single user subscription by "pretending" you're family and at the same address.
 
Comment

oneMadRssn

macrumors 603
Sep 8, 2011
5,492
12,739
Europe
If you and some buddies, who aren't family, sign up for Spotify and split the family plan pricing between you, then it's fraud. Your intent is to avoid paying for a single user subscription by "pretending" you're family and at the same address.

First, what you described would be against Spotify's Family Plan Terms and Conditions. This is a contract of adhesion essentially, and on point it only says "All account holders must reside at the same address to be eligible for the Spotify Family Plan." So it doesn't actually define family, nor require any lineal or blood relationship. In theory, a bunch of guys living in a frat house with a Spotify family account would not be a breach of this contract. Interestingly, Spotify's larger general Terms and Conditions do not address this at all.

Either way, if people were to do what you described above, it would be a violation of this contract. Spotify's Terms and Conditions discuss breach in a few sections. So Spotify does contemplate and foresee that some users will breach the contract. Should Spotify want, when they become aware of this breach, they can do a number of things including cancelling the contract and deleting the account. This is, simply, a breach of contract. Nothing more. As a party to a contract, you are allowed to breach it and suffer the consequences.

Second, your example fails as it isn't even an example of sharing login information. With Spotify family, each user uses their own login and password and otherwise keeps a wholly separate account. Being in the family plan just means one of the users is responsible for billing.
 
Comment

EricTheHalfBee

Suspended
Mar 10, 2013
467
739
First, what you described would be against Spotify's Family Plan Terms and Conditions. This is a contract of adhesion essentially, and on point it only says "All account holders must reside at the same address to be eligible for the Spotify Family Plan." So it doesn't actually define family, nor require any lineal or blood relationship. In theory, a bunch of guys living in a frat house with a Spotify family account would not be a breach of this contract. Interestingly, Spotify's larger general Terms and Conditions do not address this at all.

Either way, if people were to do what you described above, it would be a violation of this contract. Spotify's Terms and Conditions discuss breach in a few sections. So Spotify does contemplate and foresee that some users will breach the contract. Should Spotify want, when they become aware of this breach, they can do a number of things including cancelling the contract and deleting the account. This is, simply, a breach of contract. Nothing more. As a party to a contract, you are allowed to breach it and suffer the consequences.

Second, your example fails as it isn't even an example of sharing login information. With Spotify family, each user uses their own login and password and otherwise keeps a wholly separate account. Being in the family plan just means one of the users is responsible for billing.

The intent is the same. To share a single account by several people in order to avoid paying full price.
 
Comment

oneMadRssn

macrumors 603
Sep 8, 2011
5,492
12,739
Europe
The intent is the same. To share a single account by several people in order to avoid paying full price.

No, it's not sharing a single account. It's 6 distinct accounts. Spotify allows 6 people to each have a premium accounts for one monthly payment. It's allowed, it's advertised. It's not 2 or more people that are pretending to be one 1 person. It's 6 people being 6 people, exactly as contemplated by Spotify.
 
  • Like
Reactions: Wondercow
Comment

rolsskk

macrumors 6502
Sep 1, 2008
297
297
Gotta love the MR Clickbait Sensationalist conclusion. This has absolutely no bearing on Netflix/HBO, etc. This dealing with security at a company, not with any of those streaming services. Heck, you guys even have this in your article:
Judge McKeown, who is close to the case and wrote its opinion, admitted that more innocent forms of password sharing "bears little resemblance" to the circumstances presented in the lawsuit that ignited the ruling. McKeown urged future judges and courts to consider how important "facts and context" are to each case, and craft rulings surrounding password-sharing lawsuits and their legality from there.
 
  • Like
Reactions: milo and lederermc
Comment

EricTheHalfBee

Suspended
Mar 10, 2013
467
739
No, it's not sharing a single account. It's 6 distinct accounts. Spotify allows 6 people to each have a premium accounts for one monthly payment. It's allowed, it's advertised. It's not 2 or more people that are pretending to be one 1 person. It's 6 people being 6 people, exactly as contemplated by Spotify.

Stop being pedantic. Sharing multiple accounts under a family plan or using a single account and sharing logins are both fraud, with the intent to get more people using a service without paying the full price individually.
 
Comment

Analog Kid

macrumors 603
Mar 4, 2003
5,769
4,568
Stop being pedantic. Sharing multiple accounts under a family plan or using a single account and sharing logins are both fraud, with the intent to get more people using a service without paying the full price individually.
Law is nothing if not pedantic...
 
Comment

rolsskk

macrumors 6502
Sep 1, 2008
297
297
The fact that Netflix allows multiple Queues/profiles is a clue that sharing a Netflix password is sanctioned. The media is negligent in spewing this garbage.
Don't be silly, it's clear that profiles are meant for people under one roof. Not for Jimmy in Montana and Susan in Arkansas to use, while Bob in Arizona is the one who's paying the bill.

Additionally, it's MR spewing the garbage, I've not seen anyone else repeating this sky is falling nonsense.
 
  • Like
Reactions: milo
Comment

vooke

macrumors 6502
Jul 14, 2014
268
238
The law makes perfect sense. 'Intent to defraud' ofttimes lead to fraud and loss of income.
 
Last edited:
Comment

sudo1996

Suspended
Aug 21, 2015
1,496
1,182
Berkeley, CA, USA
LOL. I remember when I put the password to my own Facebook account (which had a fake name) on its wall after I found out that Facebook wouldn't let me close my account unless I got banned.
 
Comment

sudo1996

Suspended
Aug 21, 2015
1,496
1,182
Berkeley, CA, USA
Gotta love the MR Clickbait Sensationalist conclusion. This has absolutely no bearing on Netflix/HBO, etc. This dealing with security at a company, not with any of those streaming services. Heck, you guys even have this in your article:
Yeah... I'm moving on. Gotta find something else to read while I wait for disk I/O benchmarks to run.
 
  • Like
Reactions: DJsteveSD
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.