Category: Intellectual Property

We are at the beginning of a new era of media consumption.  Traditional content delivery systems such as satellite and cable television are hemorrhaging customers to a wave of “cord cutting” that has been facilitated by the availability of streaming services such as Hulu Plus, Netflix and HBO Go.^[1]  Now that smart televisions are becoming more common place, cord cutting is no longer limited to the technologically hip youth, as accessing a Netflix account is as easy as changing the channel.

​But with the proliferation of streaming services, users have elected to share the benefits of the accounts―i.e. their passwords―with others.  A staggering 46% of accountholders admit to sharing their streaming account password with people outside of their household.^[2]  This raises some interesting questions of federal and state criminal, tort and contract laws.  What sort of liability might someone have for sharing their account with friends or family?  For using a shared account of a friend?

But in order to figure out if sharing of passwords violates the law, we first have to see if it violates the streaming service’s terms of service.

Netflix

Netflix is arguably the pioneer in password sharing.  For years Netflix has allowed multiple user profiles to better enable its suggestion algorithm to tailor its offerings to a targeted user.  By tactical use of user profiles, parents can limit the likelihood that Netflix will suggest the latest episode of Barney and Friends based on their child’s viewing of Teletubbies the week before.^[3]  Netflix has also long offered the ability to stream its services on a limited number of devices simultaneously. ^[4]  Netflix’s commitment to account sharing was recently echoed by its CEO Reed Hastings who stated:  “As kids move on in their life, they like to have control of their life, and as they have an income, we see them separately subscribe. It really hasn’t been a problem.”^[5]  But Netflix’s position on non-family members sharing the passwords has been a little more vague.

Hulu Plus

Hulu has not taken the vocal stance on account sharing that Netflix has.  Though it is apparent that Hulu has at least contemplated password sharing to some degree.  In section 5 of its terms of use, Hulu acknowledges that people within the same household are likely to use the account, and holds the primary account holder accountable  for their activities:  “You are responsible for all use of your account, including use of your account by other members of your household. By allowing others to access your account, you agree to be responsible for ensuring that they comply with these Terms and you agree to be responsible for their activity using the Services.”^[6]  However unlike Netflix, Hulu Plus accounts are limited to streaming on one device at a time, which minimizes the advantage of sharing.

HBO Go

Like Netflix, HBO Go specifically contemplates the idea of multiple users within the same household.  HBO has two tiers of accounts.  The first is a “Registered Account” which consists of account holders who meet certain eligibility criteria, namely, they subscribe to HBO and HBO On Demand or Cinemax and Cinemax on Demand.^[7]  These Registered Account holders can create “Household Member Accounts” for members of their household.  The Register Account serves as the master account for the Household Member Accounts and can control what content the junior accounts have access to.  However, despite the ability to create Household Member Accounts, HBO Go appears to take an antagonistic view of sharing the master account password itself.  HBO Go’s terms of service specifically state that “You are responsible for all activity occurring under your Registered Account and any Subaccount authorized by you, including maintaining the confidentiality of each Username and Password, and you agree that any household member account users authorized by you will not permit the disclosure of any Username and Password to any person.”   Contrast the above statements to Hulu’s request to “Please keep your password confidential,” and it is apparent that one is an order, and the other a request.

But statements by HBO’s CEO bely the strict terms of their agreement. In an interview with Buzzfeed, HBO’s CEO stated:  “It’s not that we’re ignoring it, and we’re looking at different ways to affect password sharing. I’m simply telling you: it’s not a fundamental problem, and the externality of it is that it presents the brand to more and more people, and gives them an opportunity hopefully to become addicted to it. What we’re in the business of doing is building addicts, of building video addicts. The way we do that is by exposing our product, our brand, our shows, to more and more people.”^[8]

So HBO intends on building a legion of addicts, and with shows like Game of Thrones, they are well on their way to being the Pablo Escobar of digital content.  But like any drug dealer, the first sample is free, but the second is going to cost you.  No one knows for sure when HBO will start demanding money for that next “hit.”

It is apparent that these three streaming services all authorize sharing of an account among members of a household. A reasonable argument could be made that this extends to college age children who are away from the home during the school year, but whose primary residence is still their family home.

But what about sharing the account with third parties?  What liability might an individual incur if they use a friend’s account with the friend’s permission?  Arguably such activity goes beyond the terms of service of a user’s account, and presents some interesting questions of both state and federal law.

Trouble in Tennessee

In 2011, Tennessee, the home of Nashville and the birthplace of country music, became one of the first states to formally criminalize user account sharing.  HB1783, effective July 1, 2011, modifies Tennessee Code Annotated Section 39-11-106 subdivision 35 by adding “entertainment subscription service” to the list of services protected by its theft of services offence.^[9]   Section 39-14-104 defines theft of services as any person who: “(1) intentionally obtains services by deception, fraud, coercion, false pretense or any other means to avoid payment for the service; (2) having control over the disposition of services to others, knowingly diverts those services to the person’s own benefit or to the benefit of another not entitled thereto.”  The punishment for violation of this provision ranges from a misdemeanor to a felony depending on the value of the services rendered.

The first provision of 39-14-104 targets the friend who is using the primary account holder’s password without permission from the streaming service.  The person has “obtain[ed] services by . . . any other means to avoid payment for the service.”  The second provision targets the account holder who has shared his password with a friend.  That person has control of a subscription service and diverts it to his friend, who is not entitled to the service.

California is Not the Golden State For Sharing

It is unsurprising that California would not take kindly to people sharing the fruits of its most visible industry.  California Penal Code Section 502 is an “anti-hacking” statute that covers a broad variety of activities.  To the extent that sharing a primary accountholder’s password with people outside of the household is beyond the scope of the terms of use of the streaming service, there are several provisions of Section 502 that would criminalize such activity (along with giving a private cause of action), including subsections: (1) “knowingly accesses and without permission  . . . otherwise uses any data in order to . . . wrongfully control or obtain . . . data;” (3) “knowingly and without permission uses or causes to be used computer services;” (6) “knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section;”  and (7) “knowingly and without permission accesses or causes to be accessed any computer, computer system or computer network.”  Violation of these sections can range from a misdemeanor to a felony.

Like the Tennessee law, sections 1, 3 and 7 apply to the friend who is using the account without permission of the streaming service.  Section 6 applies to the account holder who is sharing the account with a friend without the permission of the streaming service.

It Might Be A Federal Offense

The Computer Fraud and Abuse Act offers broad protection against unauthorized access to computers.  It has been amended a half dozen times in its nearly 20 year history, and likely covers password sharing that is beyond the scope of the terms of service of a streaming account.

18 U.S.C. § 1030(a)(2) makes it a crime to “intentionally access a computer without authorization or exceeds authorized access, and thereby obtains . . . (c) information from any protected computer.”  A “protected computer” is defined by 18 U.S.C. § 1030(e)(2) as any computer “which is used in or affecting interstate or foreign commerce or communication.”  A streaming service’s streaming servers undoubtedly qualify as a protected computer under the Act as they stream their stored media all across the country.

Using a third party’s password to access a streaming service clearly “exceeds authorized access” as it is beyond the scope of the access defined in Netflix, Hulu Plus, or HBO Go’s terms of use.  The user of the password is “obtaining information”―the streamed media―from the protected computer.

An interesting wrinkle is that the Act arguably has a jurisdictional requirement of $5,000 in damages over the course of one year.  18 U.S.C. § 1030(c)(4).   This would probably be hard for a streaming site to demonstrate, especially against an individual who is making use of a friend’s password.  However, it would be easier to meet the limit for the primary account holder who decided to share the account with a group of friends.  All it takes is sharing a $20 dollar a month account with 21 people to meet the $5,000 threshold.

So what does all of this mean?  Sharing an account with members of a household is just fine under Netflix, Hulu Plus, and HBO Go’s terms of use.  Arguably this extends to children of the account holder who are away at school but whose primary residence is still the family home.

But sharing the password with people outside of the household or using someone else’s account opens up the potential for liability.  Not only does sharing a password expose the primary account holder to the possibility of a claim of breach of contract, it also gives rise to various causes of action under both state and federal law for everyone involved.

At the moment none of the sharing services seem to care all that much, and it would be easy for them to mitigate their exposure to shared accounts by simply limiting the number of devices that the account can be used on simultaneously.  Some seem to view account sharing as a marketing tool.  But all that may change without notice.  Sharer beware.

© 2016 Proskauer Rose LLP.

_{[1] Todd Spangler, Cord-Cutting Gets Ugly: U.S. Pay-TV Sector Drops 566,000 Customers in Q2, Variety (August 8, 2015).}

_{[2] Is it Okay to Share Log-Ins for Amazon Prime, HBO Go, Hulu Plus, or Netflix?, Consumerreports.org (Jan. 28, 2015).}

_{[3] Netflix User Profiles, Netflix (Jan 14, 2016) https://help.netflix.com/en/node/10421.}

_{[4] Terms of Use, Netflix (Jan 14, 2016) https://help.netflix.com/legal/termsofuse.}

_{[5] Sarah Perez, Netflix CEO Says Account Sharing is OK, TechCrunch (Jan 11, 2016),}

_{[6] Terms of Use, Hulu (Jan 14, 2016), http://www.hulu.com/terms}

_{[7] Terms of Use, HBO Go (Jan. 14, 2016), http://www.hbogo.com/#terms/}

_{[8] Greg Kumparak, HBO Doesnt Care if You Share Your HBO Go Acccount . . . For Now, TechCrunch (Jan 20, 2014),}

_{[9] http://www.capitol.tn.gov/Bills/107/Bill/HB1783.pdf}