Credit: Netflix

Bad news for those who use their friends’ streaming service passwords: It’s illegal to spread those around.

Sharing passwords to computers or online accounts “without authorization” by the system owner is a violation of federal law, the United States Court of Appeals in the Ninth Circuit ruled last Tuesday.

The case that brought on the ruling was the U.S. against David Nosal, a former employee at executive search firm Korn Ferry. After leaving Korn Ferry, Nosal leveraged the login information of a current employee to find information to help establish an eventual competitor. His acts violated the U.S. Computer Fraud and Abuse Act, the court found.

Judge McKeown wrote the employee who shared her password with Nosal “had no authority from Korn/Ferry to provide her password to former employees whose computer access had been revoked.” McKeown added the ruling was “not about password sharing,” rather about circumventing revoked access.

Judge Stephen Reinhardt, however, claimed the case was about password sharing in his dissenting opinion. “Today, addressing only slightly different conduct, the majority repudiates important parts of Nosal I, jeopardizing most password sharing,” he wrote. “It loses sight of the anti-hacking purpose of the CFAA, and despite our warning, threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”

Such “innocuous conduct engaged in daily by ordinary citizen” certainly includes sharing login information for any number of websites, including Netflix and HBO Go. Reinhardt argues that in the case of a streaming service — or any other site, like Facebook, as he notes — the account holder giving permission to access should be enough permission.

“The majority does not provide, nor do I see, a workable line which separates the consensual password sharing in this case from the consensual password sharing of millions of legitimate account holders, which may also be contrary to the policies of system owners,” Reinhardt added. “There simply is no limiting principle in the majority’s world of lawful and unlawful password sharing.”

Read the full ruling here.