Is It Really Illegal to Share Your Netflix Password?

Read Original Article
Media Outlet: Future Tense

Josephine Wolff wrote for Future Tense about the effect of the Computer Fraud and Abuse Act: 

What is illegal to do on a computer? When I teach technical computer science majors about cybersecurity policy, that is one of the first questions I tackle. But the answer changes from semester to semester as courts issue new rulings on what constitutes illegal hacking under the Computer Fraud and Abuse Act. Just last week, on July 5, the Ninth Circuit Court of Appeals issued a decision about shared passwords that highlighted, yet again, how much ambiguity and uncertainty there still is around the CFAA even though it was passed 30 years ago.
The ruling was widely reported as meaning it is illegal for people to share their account passwords with anyone else (sample headlines: “Federal court rules that sharing your Netflix password is a federal crime,” and “Federal Court Rules That Password Sharing Is Illegal Under Insane Ancient Law”). It’s true that the case hinged on the illegality of sharing a password (though not a Netflix password), and it’s true that—by a 2–1 majority—the court decided this particular instance of password sharing was a violation of the CFAA. But as is often the case when dealing with CFAA rulings, the implications of the decision are probably not as clear-cut (or as dramatic) as “all password sharing is illegal all the time.”


Josephine Wolff was a Class of 2016 & 2017 Cybersecurity Initiative Fellow at New America, where she will write a book about cybersecurity incidents from the last decade, tracing their economic and legal aftermath and their impact on the current state of technical, social, and political lines of defense.