Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Can I Go to Jail for Sharing My Netflix Password?

Article Placeholder Image
By Christopher Coble, Esq. on July 15, 2016 9:49 AM

When the U.S. Ninth Circuit Court of Appeals handed down a decision this week saying that logging onto a computer network with someone else's credentials constituted criminal hacking under federal law, a wave of panic rippled through the Netflix and chill community. After all, some of us -- and we're not naming names -- are treating a friend's username and password like a free all you can eat buffet, and we don't want the feds kicking in the door in the middle of season three of "Orange Is the New Black."

So is the end of shared streaming access? Are you going to get locked up for logging into HBOGo on mom's account? Probably not, but there are reasons to be careful.

Access and Authorization

So what did the court actually say? The Ninth Circuit was interpreting the Computer Fraud and Abuse Act, which prohibits accessing a computer without authorization or exceeding authorized access. Having been written in 1986 -- back when Matthew Broderick movies were directing cybersecurity laws -- the CFAA doesn't precisely define every possible permutation of "unauthorized access." So it's been up to courts to sketch the boundaries of the law, and whether using your ex's username and password to stream "House of Cards" should be a federal crime.

And the court said yes, with some caveats. In the case before the court, a former employee used a current employee's login credentials to access his former employer's database. The Ninth Circuit ruled that this access, even though it was with the current employee's consent, was unauthorized:

[O]nce authorization to access a computer has been affirmatively revoked, the user cannot sidestep the statute by going through the back door and accessing the computer through a third party ... Unequivocal revocation of computer access closes both the front door and the back door.

Don't Cross the Streams

This certainly looks bad for login sharers, even voluntarily ones. After all, those of us watching Netflix without a Netflix account are essentially coming in through the back door. But there are a couple reasons why law enforcement won't be kicking in your door for watching "Game of Thrones" on someone else's dime.

First, the case itself has more to do with economic espionage than "Arrested Development." It only registered on internet advocates' radars because of Judge Stephen Reinhardt's dissent, which argued that now anyone who shared a password could be construed as violating the CFAA.

Second, media companies like HBO, Netflix, and Hulu know that users regularly share account info. (Or they think users can watch "Steel Magnolias" in California and Colorado at the same time.) And, thus far, they haven't shown any impetus to drag these "hackers" into court. Perhaps this is the ruling they need to bring the cops into everyone's living room, but we're not betting on it.

*Crosses fingers; calls dad for the Comcast password again.*

Related Resources:

Find a Lawyer

More Options