In Which NY Times Reporter Jenna Wortham Accidentally Reveals How She Violated Both The CFAA & The DMCA
from the all-in-one dept
Over the past few months and weeks there's been much greater attention paid to both the CFAA and the anti-circumvention provisions of the DMCA, and how both are in need of serious reform. The attention to anti-circumvention was galvanized around the fact that unlocking your mobile phone became illegal again, after the Library of Congress allowed an exemption to expire, making many people realize that the anti-circumvention clause of the DMCA, also known as section 1201, meant that they often don't really own the products they thought they owned. The attention to CFAA reform came in response to Aaron's Swartz's untimely death, and the light it shed on the parts of the CFAA that he was charged under. Of course, many of us have been fighting back against both laws for years, but the public attention on both has been key over the past few months.One of the key issues that critics of both laws have pointed out, repeatedly, is how they criminalize things that most people don't really think are bad or illegal. That is, they often criminalize someone (or at least make them open to huge civil awards) for the types of things plenty of people do everyday without thinking twice about it.
Given all that, it's interesting to see a NY Times reporter, Jenna Wortham, more or less admit publicly to willfully breaking both laws in an article she wrote about the rising number of people, including herself, who use other people's logins for various streaming content services. In Wortham's case, she logs in to the HBO Go internet service via a login obtained from some guy she met at a restaurant.
LAST Sunday afternoon, some friends and I were hanging out in a local bar, talking about what we’d be doing that evening. It turned out that we all had the same plan: to watch the season premiere of “Game of Thrones.” But only one person in our group had a cable television subscription to HBO, where it is shown. The rest of us had a crafty workaround.That's a violation of the anti-circumvention clause of the DMCA, as she is circumventing a technical protection measure that is designed to keep her from watching the show without paying. It's a violation of the CFAA because it means that she is knowingly accessing a protected computer without authorization (or, at least, exceeding authorized access). There may be some questions about whether or not the data she obtained exceeds $5,000 in value, but it wouldn't be that hard for a inspired US Attorney to come up with some way to count it as such. After all, they made that claim with Aaron Swartz and all he was downloading was academic papers that have little or no actual commercial value. Wortham is admitting to streaming some of the most popular (and expensive to produce) content out there.
We were each going to use HBO Go, the network’s video Web site, to stream the show online — but not our own accounts. To gain access, one friend planned to use the login of the father of a childhood friend. Another would use his mother’s account. I had the information of a guy in New Jersey that I had once met in a Mexican restaurant.
No, no one thinks that anyone is likely to actually go after Wortham, but this story highlights why both of those laws are highly problematic and are in serious need of immediate reform. Just the fact that Wortham could find herself on the receiving end of lawsuits (both criminal and civil) over both of those laws (and considering her public admission to the key facts, she might have a difficult time pleading innocence) shows why those laws desperately need to be fixed. A quick look through Wortham's writings this year suggest that she has not written about either of these issues. While it may not directly be considered her "beat," the fact that this latest article leads to inadvertent admissions to breaking two laws -- one of which can result in $150,000 in statutory damages and the other a felony charge and potential jail time -- suggest that perhaps it should be something worth covering.
All that said, her article is actually pretty interesting, and worth reading. While it starts out talking about how people are sharing their accounts, it also notes that many of these services are really falling down on enabling easier community and sharing features among friends or the wider community of people who like the same content. I agree with all of that, though I don't think people should face penalties for breaking these two incredibly obsolete laws to explore the topic.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anti-circumvention, cfaa, dmca, exceeds authorized access, hbo go, jenna wortham, shared accounts, streaming
Reader Comments
Subscribe: RSS
View by: Time | Thread
Using Hollywood accounting and "Carmen's handy book of charges and penalties" HBO lost over a billion dollars due to her broadcasting over a very long cord of a paid service and should face 43 felony charges and up to life imprisonment + 75 years. In case Disney has its way it could be perpetual.
Ahem.
[ link to this | view in chronology ]
Hit her with the book, or get the fuck out.
[ link to this | view in chronology ]
Re:
The US Attorneys office is completely corrupt.
They have no intention of enforcing the law, unless that enforcement achieves a political goal.
[ link to this | view in chronology ]
It's also not going to be surprising if this lands her in legal hot water because it's pretty much an easy win for an over-zealous "Watch my career grow" prosecutor.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
That said, abuse of streaming services like the sort that Wortham touts in her article is exactly why we have problems like the DMCA. In my opinion, this issue would be better solved with something like not allowing the same account to simultaneously stream to 30 different end user locations, but maybe thats just because I'm not a politician.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Netflix already prevents you from streaming to more than one device at a time: https://support.netflix.com/en/node/29
It's surprising how little this impacts most people.
What's (unfortunately) less surprising is how outdated other laws are as well. If she had said she was inviting everyone to her house to watch the show then it might have been considered a "public performance." Something that she would need a license for.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
Where's that quote I mentioned just the other day.. Oh yes! Here it is taped to my monitor:
“Ubiquitous, seldom-prosecuted crimes invite arbitrary and discriminatory enforcement.” - Ninth Circuit
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Possible, but I doubt it. She has the entire financial 'weight' of her employer behind her, and suing a high profile person isn't the kind of publicity they want. They are like grade school bullies, they only go after those they are certain can't or won't fight back.
[ link to this | view in chronology ]
Re:
Much like patent trolls.
Welcome to the new justice.
[ link to this | view in chronology ]
Granted, it shouldn't be a felony and shouldn't be $150000 in civil damages... but I don't think that her actions should be considered OK.
[ link to this | view in chronology ]
Re:
Then they should fix their system so this problem doesn't occur.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
This is taken from a non-US news group provider:
A XXX account will be assigned to one user, account sharing is possible! But your XXX account can't be used simultaneous with full connections, however simultaneous sharing is possible. For example: You have a account/package with 12 connections; Client 1: can use 6 connections and Client 2: 6 connections. This way you are able to download simultaneous from 1 XXX Usenet Account
Funny how they don't want to lock up their own paid for service and are actively promoting sharing the service.
It's worth noting that the above comes with 50 connections which means you could theoretically share the one subscription with 50 people.
[ link to this | view in chronology ]
Re:
Why not? Can you not lend a DVD? Can you not record a series off cable or another stream onto media of choice and offer that to a friend?
[ link to this | view in chronology ]
Re:
As for what she's doing being wrong, I'm not seeing it. If the guy gave her his credentials freely, then what's wrong with her using it? If he doesn't want her to access it, he could change the password and be done.
[ link to this | view in chronology ]
Re: Re:
The guy doesn't care - it's the company selling the service that cares. They likely lose customers. Sure, not everyone would pay... but if people are going so far as to remember someone else's login credentials, there's a pretty good chance that they like it enough to consider paying.
In the extreme, imagine if only one person bought the service and posted their credentials for everyone to use.
I agree that selective enforcement is bad. If you're not going to even try to apply a law equally, don't have that law at all.
[ link to this | view in chronology ]
Re: Re: Re:
As her authorised access is none, she is exceeding her authorised access. Further she is misrepresenting who she is while on the Internet. That is at least two counts under the CFAA.
[ link to this | view in chronology ]
Re: Re: Re: Re:
> is while on the Internet.
LOL! So are you... unless your parents actually named you 'Anonymous Coward'.
[ link to this | view in chronology ]
Re: Re:
I'm still trying to figure out at what point we decided it was OK to sell things and yet still keep ownership of them. If someone sold me a chair 15 years ago, and then told me if I stood on it instead of sitting they'd take it back and fine me hundreds of dollars, I'd have laughed at them.
Now I'd have to laugh nervously and call my lawyer. It's ridiculous and why the copyright maximalists have lost any semblence of moral high ground.
I'm not asking for free chairs. I'm not demanding free chairs. I just want the person who sells me a chair to go away and leave me alone after I've bought it, whether I intend to use it as a chair, a stool, or to use it as a model to make my own chair.
We've criminilized the entire country and it needs to stop.
[ link to this | view in chronology ]
Which begs the question...
How about if your friend (with the subscription) comes to your house, fires it up there, and you both watch it?
Tooooooo many "what ifs".
[ link to this | view in chronology ]
Re: Which begs the question...
[ link to this | view in chronology ]
Re: Re: Which begs the question...
[ link to this | view in chronology ]
Maybe you should tell her
[ link to this | view in chronology ]
Aren't there many laws criminalizing "normal" activity?
This is a serious problem today. There are many, many ways to become a criminal. Many of those ways are for very minor things or things that the majority of people disagree with. The more good people we turn into criminals and ruin, the more social dependence we will have. We should be building people up, not knocking them down.
Where is the government that is Of the people, By the people and for the people?
[ link to this | view in chronology ]
Um. Wow. Could you be any more of a FUD-packer? I doubt it.
Using somebody else's password is not a DMCA violation: Egilman v. Keller & Heckman, LLP., 401 F. Supp. 2d 105, 113-14 (D.D.C. 2005).
Have you ever considered doing one minute of research before spouting your ridiculous FUD? I doubt it. It took me literally 10 seconds to find that quote.
It's a violation of the CFAA because it means that she is knowingly accessing a protected computer without authorization (or, at least, exceeding authorized access).
Which section(s) of the CFAA specifically do you think she violated? Let's look at the elements and the case law there. Something tells me this is pure FUD too, but I need you to be more specific.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
This is exactly how every single keycode generator works,
Of course hacking a valid key and using it is circumventing the lock. The lock isn't there to make sure people are able to hack keycodes, it's there to prevent unauthorized access. Gaining access without authorization is circumventing the lock. Anyone who says differently is wrong.
The part you mention isn't very funny, it's still criminal anyway regarless if it's actually violating the DMCA so that part is just a technicality if it's wrong.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
It's not that Wortham did something morally wrong, it's that the LAW is wrong.
This sentence might help unclog your cognitive dissonance:
Just the fact that Wortham could find herself on the receiving end of lawsuits (both criminal and civil) over both of those laws (and considering her public admission to the key facts, she might have a difficult time pleading innocence) shows why those laws desperately need to be fixed
Too bad your hatred of anyone that doesn't worship IP is interfering with your comprehension.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
http://www.youtube.com/watch?v=PFkAAvDkj9k
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
It's your neighbor's house and neighbor's key. You have explicit permission to enter. How in the world is that breaking and entering? You don't make any sense.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
"Which section(s) of the CFAA specifically do you think she violated? Let's look at the elements and the case law there. Something tells me this is pure FUD too, but I need you to be more specific."
I assume it has to be this section:
"knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period"
"knowingly"
Check.
"and with intent to defraud"
Her intent here is to not pay the subscription fee.
"accesses a protected computer"
There's a password involved, so it's protected.
"without authorization, or exceeds authorized access"
She is not an authorized user. I doubt the exception you cite above would apply here. In fact, the court uses the words "the username/password combination used by defendants to enter Egilman's website without authorization".
"and by means of such conduct furthers the intended fraud and obtains anything of value"
She obtained the Game of Thrones content, which has value.
"unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period"
I'm pretty sure the content is considered to be more than "use of the computer", and therefore the $5000 threshold does not apply. I could be wrong on that part.
[ link to this | view in chronology ]
Re: Re:
"(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—
(A) such trafficking affects interstate or foreign commerce"
And from section 1029:
"the term “traffic” means transfer, or otherwise dispose of, to another, or obtain control of with intent to transfer or dispose of; "
[ link to this | view in chronology ]
Re: Re:
>>There's a password involved, so it's protected.
Gah. I forgot that when reading the law, they get to define terms however they like. Protected doesn't have anything to do with a password.
"(2) the term “protected computer” means a computer—
(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;"
The term didn't mean what I thought it meant, but it still applies, since the computer is in fact used for interstate commerce or communication.
[ link to this | view in chronology ]
Re:
Have you ever considered not being a complete asshole, but instead contributing to the discussion in a mature and adult manner? I doubt it.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Have you read the charges against Aaron Swartz? He used a built-in function of JSTOR and a script to access free information and was being threatened with potentially years in prison. He even had legal access to the content.
Yet you find the idea that someone with unauthorized access to commercial content is an unsupportable claim?
Under our current laws she absolutely violated at a minimum the CFAA, and would probably lose against DMCA charges as well considering she is accessing copyrighted material based on unauthorized access to that material. The man who gave her the password had "permission" from the creator (HBO). She did not. Hence copyright infringement, regardless of the technical means to access the data.
If anything I would argue Mike is being too conservative with the law. Laws should not be based on whether or not some judge thinks they make sense in a specific context. They should be clear, and it should be clear when they are violated. The CFAA and DMCA are anything but clear and should be removed or replaced with something that is.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Who cares what you think?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Pray tell how? Simply by asking who cares what you think?
Clearly, its you who thinks people care a wit about anything you say.
[ link to this | view in chronology ]
I'd change it:
In Which Techdirt Nonjournalist Slacker Malcontent Mike Masnick Accidentally Reveals That He Doesn't Do Any Research Before Accusing Others Of Violating The DMCA
That's better.
[ link to this | view in chronology ]
Steal your next copy of the New York Times
(I wonder if Jenna Wortham has ever taken two minutes to consider how copyright basically ensures her paycheck?)
[ link to this | view in chronology ]
Re: Steal your next copy of the New York Times
[ link to this | view in chronology ]
This'll be fun. YOU make the argument that she's violating copyright law, and I'LL make the argument that she's not! C'mon! You really, really believe that she is, right? Or else there's no way you would have said it, right? I mean, you wouldn't say something that you think is not true, right? You wouldn't mislead your readers to make copyright look bad, would you? You're ALL about fact-based reality and not spreading FUD, right? Of course you are! You never misrepresent anything! Back it up! Let's do this! I've already quoted some case law. Your turn!
ROFLMAO!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Thanks for the fun times, Mikey!!!! You're the best.
[ link to this | view in chronology ]
When did people get antisocial?
Jesus, maybe I'm getting old, but openly admitting you're breaking the law (which I admit wouldn't have to be broken if content providers catered to our needs better), seems like a dumb idea especially when you're also openly admitting to being lazy and antisocial.
Kids these days.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
A government by the people for the people
-Frank Herbert - Children of Dune
[ link to this | view in chronology ]
[ link to this | view in chronology ]
What if
[ link to this | view in chronology ]
LMAO at Mike! Total douchebag FUD-Packer.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]