Besides Elon Musk and Twitter, one of the tech stories that got the most media coverage in 2022 was efforts by Netflix to limit password sharing among users. Password sharing is a scourge for any digital content provider, but it’s tough to prevent and Netflix showed little appetite for doing so before their subscriber base began shrinking.
Perhaps not coincidentally, it was around this same time that questions about the issue first began percolating in the cleared community. There are a couple parts to analyzing the situation: first, how would the government even find out about something like this; and second, is it really a security issue?
The government finds out about password sharing on any digital streaming service by an applicant’s self-reporting during a polygraph examination, affirmative responses on intelligence agency-specific supplemental questionnaires, or in response to Question 27.1 on the SF-86. “Smart TV’s” process information given by users, are internet-connected, and are storage-aware; thus, they are technically considered “computers” or “information technology systems”, and accessing content on them illegally or without proper authorization is reportable.
Most people probably don’t think of their Smart TV when they read the words “information technology system” – a fact which is undoubtedly resulting in deer-in-headlights looks from some readers. But before you start breaking out in cold sweats, here are a couple things to consider. First, it’s highly debatable as to whether using someone else’s Netflix account constitutes unauthorized use when a subscription allows different user profiles and there were previously no obvious limitations on who those users could be. I think most of us probably assumed that Netflix intended different users only in the same household; but you know what they say about assumptions.
Second, even if we say for the sake of argument that sharing a password with someone you don’t live with was unauthorized use pre-crackdown, societal norms around this have been such that I don’t see most agencies really caring about it*. One exception may be the NSA, which takes a uniquely hardline approach to any IT-related issues in security clearance background investigations. I guess you can thank Snowden for that.
With all that being said, the nature of the game is changing. What was once a laissez faire attitude and unclear policy by Netflix and some other streaming providers has hardened into a clearer line this past year. The extent of media attention surrounding the issue will make it harder for clearance applicants to claim ignorance and good faith on the issue going forward. I can foresee these types of situations taking on increased security significance as integrity issues as policies catch up to technology.
In the meantime, I wouldn’t lose sleep over prior Netflix password sharing – but I’d also stop doing it. If it ever does become a background investigation issue, the single best means of mitigating personal conduct concerns is showing that the conduct has stopped, you’ve deleted any ill-begotten content, and you’re now paying for your own subscription.
*This shouldn’t be conflated with pirating copyright-protected content, which is a potentially disqualifying issue across the board.
This article is intended as general information only and should not be construed as legal advice. Although the information is believed to be accurate as of the publication date, no guarantee or warranty is offered or implied. Laws and government policies are subject to change, and the information provided herein may not provide a complete or current analysis of the topic or other pertinent considerations. Consult an attorney regarding your specific situation.