Earlier this month a federal appeals court decided that an employee "acted without authorization" after he used a former co-worker's password login without their permission, in order to gain access to a collection of their data. Concerning the case The United States of America v. David Nosal, this has led to a decision by the court to rule that password sharing is a federal crime under the Computer Fraud and Abuse Act, meaning that sharing your login among friends and family for accounts like Netflix and HBO Go could now be an illegal act (via TechCrunch).
Judge McKeown, who is close to the case and wrote its opinion, admitted that more innocent forms of password sharing "bears little resemblance" to the circumstances presented in the lawsuit that ignited the ruling. McKeown urged future judges and courts to consider how important "facts and context" are to each case, and craft rulings surrounding password-sharing lawsuits and their legality from there.
While the daily sharing of passwords has yet to be designated as a violation of federal law, some do see the new ruling as a slippery slope to a future where giving a friend your HBO Go login could land you in a heap of trouble. Judge Reinhardt took the dissenting opinion on the case, commenting that while David Nosal may have gotten into "criminal or civil" liabilities while logging into his co-worker's accounts, "he has not violated the CFAA."
This case is about password sharing. People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act (“CFAA”) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals. Whatever other liability, criminal or civil, Nosal may have incurred in his improper attempt to compete with his former employer, he has not violated the CFAA. — Judge Stephen Reinhardt, Ninth Circuit Court of Appeals
An act so widely perpetrated is far less likely to incur major legal repercussions, even if it does become enacted on more of a wider scale, but there is still a possibility for the federal appeals court's decision to let companies decide on their own whether password sharing should be more strictly reprimanded or not. Comments by Netflix earlier this year at CES suggest the company won't be heading in that direction any time soon, as CEO Reed Hastings saw the expansive sharing of their services as "a positive thing."
Top Rated Comments
Ah, it's just there to protect you! Except, when you actively share a password, at worst you're stupid, but at best it's intentional and with someone you trust with whatever the password unlocks.
Thank companies like Netflix for this mess existing.
This has nothing to do with security.
Might as well ban lending your car.
I mean, they could open the trunk with the key!!!! And who knows what you put in there!!!
Glassed Silver:mac
Either way, if people were to do what you described above, it would be a violation of this contract. Spotify's Terms and Conditions discuss breach in a few sections. So Spotify does contemplate and foresee that some users will breach the contract. Should Spotify want, when they become aware of this breach, they can do a number of things including cancelling the contract and deleting the account. This is, simply, a breach of contract. Nothing more. As a party to a contract, you are allowed to breach it and suffer the consequences.
Second, your example fails as it isn't even an example of sharing login information. With Spotify family, each user uses their own login and password and otherwise keeps a wholly separate account. Being in the family plan just means one of the users is responsible for billing.