Federal Judges Grant Government New Power Over Netflix Use
Recently, two federal judges ruled that the Computer Fraud and Abuse Act (CFAA) covers the sharing of passwords for accounts requiring such a code. In the modern “sharing” economy, with many still lacking requisite income, plenty of Americans engage in some sort of arrangement, whether with internet, housing or other activities. In fact, it was estimated last year that as many as two-thirds of Netflix users share their credentials.
As in turns out, the case had little to do with such seemingly benevolent sharing. United States v. Nosal actually concerned a man (Nosal) convincing his former co-worker to grant him access to a company’s data though Nosal no longer worked for the company. A three-judge panel decided in a two-to-one opinion that the conduct violates the CFAA, as the company had indicated its desires to keep Nosal out by requiring a password.
Despite that seemingly logical conclusion, dissenting Judge Stephen Reinhardt criticized how broadly the decision could be interpreted in its expansion of the CFAA. Reinhardt noted that as “[p]eople frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act (‘CFAA’) does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.”
As noted by AV Club, the danger is not that Netflix will kick down individuals’ doors for engaging in unauthorized use of their services (in fact, Netflix CEO Reed Hastings has indicated that he believes Netflix sharing is a good thing); rather, the problem is in the gradual expansion of the CFAA to encompass activities not conceivably within its reach when it was written. The CFAA was created specifically to target hackers, but now can be enforced against nearly any American.
This is a common theme in writing laws that can be misconstrued by courts in later applications. The CFAA itself was written only because of the connection of the covered activities to “interstate commerce.” The Commerce Clause has been interpreted by courts to be pertinent to nearly every action in which Americans may act or even refrain from doing. This is evidenced by the fact that only two cases since 1937 (United States v. Morrison, relating to the Violence Against Women Act and United States v. Lopez, relating to the Gun-Free School Zones Act) have deemed legislation to be not covered by the Commerce Clause. This is in direct contrast to the pre-1937 era, when courts regularly struck down laws as being too intrusive upon the liberty of citizens.
Not only does this create proverbial red flags when taking judicial interpretation into account, it also presents problems with enforcement. It means that every time a well-intentioned legislator writes a law, he or she may be unknowingly creating the opportunity for enforcement that is arbitrary and lacking in any type of uniformity.
While listings of absurd and silly laws may seem comical, it means that even should these go “unenforced,” it grants to officers (and government more generally) the authority to pick those against whom the law will be used as a weapon. One need only recall the use of IRS auditing to target Tea Party groups to see this in action. More frighteningly, so many laws are now on the books that it is estimated that the average American now commits three felonies per day.
With this newest judicial ruling, the reality is that the only thing stopping the government from prosecuting the many Americans sharing Netflix passwords is whether the government decides whether to follow through on such an endeavor. Until Congress explicitly narrows the scope of the CFAA or another court counters the existing ruling, password-sharing Americans have no choice but to rely exclusively on the good faith of government.