80 likes | 163 Views
Many subscribers of streaming video on demand (SVOD) and other forms of over the top content like to share passwords and accounts with others. This lets SVOD and OTT services providers increase their customer base and retention. However, Computer Fraud and Abuse Act ruled that sharing password without authorization is a federal crime.
E N D
What the recent password-sharing ruling means for SVOD providers © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential. 1
What the recent password-sharing ruling means for SVOD providers It's no secret that many subscribers of streaming video on demand and other forms of over-the-top content like to share passwords and accounts with their friends and family. This lets two people in different rooms – or even different states – enjoy the program of their choice at the same time. However, one recent court ruling has consumers afraid they won't be able to enjoy this perk much longer. Sharing passwords now a crime? Many news organizations reported on a July 5 ruling by the U.S. Ninth Circuit Court of Appeals. The decision essentially found that sharing passwords without authorization is a federal crime under the Computer Fraud and Abuse Act. This law, enacted in 1986, was designed to prevent hacking attempts by officially making unauthorized access to computers and networks a federal crime. The July 5 case involved a former employee at Korn/Ferry International, an executive- search firm. The New York Daily News claimed that this ruling would put millions of subscribers under federal scrutiny and end with them facing heavy fines or jail time. The idea seems dystopian, but the CFAA is a vague piece of legislation that could theoretically be used for such a purpose. 2 © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential.
A recent court ruling left consumers afraid they can't share their credentials to the services they subscribe to. 3 © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential.
Criticisms of the CFAA "Clever prosecutors have used the CFAA to bring unusual cases against defendants." Because of the way the CFAA was originally written, clever prosecutors have used it to bring unusual cases against defendants, Wired noted. One notable case occurred in 2008, when 49-year-old Lori Drew was charged for using a fake MySpace account to cyberbully a teenage girl who ultimately committed suicide. There were no laws against cyberbullying at the time, so federal prosecutors claimed Drew acquired unauthorized access to MySpace's computers to create the fake profile in violation of the social network's terms of service. As Wired mentioned, this interpretation of the law turned a simple breach of contract into a criminal matter. There have been attempts to reform the CFAA in recent years. In 2013, internet activist and standards developer Aaron Swartz was charged with violating the CFAA for downloading MIT files. Anxiety over the case led Swartz to commit suicide, prompting two members of Congress to propose an amendment to the CFAA. They wanted a more succinct definition of unauthorized access and for the law to exclude breaches of user agreements and terms of service. As Forbes noted, the proposal – dubbed Aaron's Law – never gained support. "This reform only captured the attention of a small group of people," Orin Kerr, a law professor at the George Washington University Law School, told Forbes. "It's not an issue that resonates with the public- at least yet." 4 © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential.
Will the CFAA affect businesses on a subscription business model? With such an intense history, it's no wonder why consumers are afraid of facing criminal charges under the CFAA for sharing their Netflix, Hulu, Spotify and other subscription passwords. This might cause the law to finally receive the public attention Kerr alluded to. But are subscribers really under the threat of federal prosecution? To answer this question, one needs a comprehensive understanding of the recent case. According to Fortune, defendant David Nosal left Korn/Ferry in 2004. He stayed as a contractor for a year after, during which time he plotted to create a rival firm. Nosal's computer access with Korn/Ferry was revoked, so he and several co- conspirators used the login credentials of Nosal's former assistant – who still worked with the company – to access the firm's candidate database. This aspect of the case is key to understanding the ruling and explaining to customers why they shouldn't worry. Nosal's access to the Korn/Ferry database was revoked, so he had no authorization to access the information no matter whose credentials he used. The concept of authorization is critical and highlights why Nosal's actions are different than a pair of friends sharing a Hulu password. Major SVOD providers encourage their customers to share credentials. "The concept of authorization highlights why Nosal's actions are different than friends sharing a Hulu password ." 5 © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential.
"We love people sharing Netflix," the company's CEO Reed Hastings said at the 2016 Consumer Electronic Show, according to CNet. "That's a positive thing, not a negative thing.“ The CEO of HBO made a similar statement, TechCrunch reported. In fact, password sharing actually reduces churn while encouraging customer acquisition. Children who use their parents' SVOD accounts while living at home often purchase their own upon entering adulthood. Plus, many businesses view allowing their subscribers to share passwords as a consumer-friendly move. This is just the opinion of a few providers, however. Ultimately, it's up to individual businesses to decide whether sharing passwords violates their terms of service and subjects subscribers to federal prosecution. The potential is there, but companies on a subscription billing platform should keep in mind the fact that customers enjoy sharing passwords and that adding such a clause to their TOS could negatively impact their subscriber base. 6 © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential.
About the Author: Bryta Schulz Bryta joined Vindicia in 2013 and serves as Senior Vice President of Marketing. She is responsible for building brand awareness, creating go-to-market strategy and promotion, and driving growth. With over a decade of executive level marketing, product management and PR experience, Bryta has led marketing teams in enterprise technology and SaaS companies. Her experience includes heading product marketing at GoGrid, PGP, RSA and Symantec and business development and product management positions at Xcert, Thales, and Persistence Software. Bryta holds a MA in Translation from the Johannes Gutenberg University Mainz and an MBA from the University of Reutlingen. Visit our Blog for more information. 7 © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential.
Thank You Like us on Facebook facebook.com/vindicia Follow us on Twitter @Vindicia Connect with us on Linkedin linkedin.com/company/vindicia © 2015 Vindicia, Inc. All rights reserved. Vindicia Confidential. 8