In Which NY Times Reporter Jenna Wortham Accidentally Reveals How She Violated Both The CFAA & The DMCA
from the all-in-one dept
Over the past few months and weeks there’s been much greater attention paid to both the CFAA and the anti-circumvention provisions of the DMCA, and how both are in need of serious reform. The attention to anti-circumvention was galvanized around the fact that unlocking your mobile phone became illegal again, after the Library of Congress allowed an exemption to expire, making many people realize that the anti-circumvention clause of the DMCA, also known as section 1201, meant that they often don’t really own the products they thought they owned. The attention to CFAA reform came in response to Aaron’s Swartz’s untimely death, and the light it shed on the parts of the CFAA that he was charged under. Of course, many of us have been fighting back against both laws for years, but the public attention on both has been key over the past few months.
One of the key issues that critics of both laws have pointed out, repeatedly, is how they criminalize things that most people don’t really think are bad or illegal. That is, they often criminalize someone (or at least make them open to huge civil awards) for the types of things plenty of people do everyday without thinking twice about it.
Given all that, it’s interesting to see a NY Times reporter, Jenna Wortham, more or less admit publicly to willfully breaking both laws in an article she wrote about the rising number of people, including herself, who use other people’s logins for various streaming content services. In Wortham’s case, she logs in to the HBO Go internet service via a login obtained from some guy she met at a restaurant.
LAST Sunday afternoon, some friends and I were hanging out in a local bar, talking about what we’d be doing that evening. It turned out that we all had the same plan: to watch the season premiere of “Game of Thrones.” But only one person in our group had a cable television subscription to HBO, where it is shown. The rest of us had a crafty workaround.
We were each going to use HBO Go, the network’s video Web site, to stream the show online — but not our own accounts. To gain access, one friend planned to use the login of the father of a childhood friend. Another would use his mother’s account. I had the information of a guy in New Jersey that I had once met in a Mexican restaurant.
That’s a violation of the anti-circumvention clause of the DMCA, as she is circumventing a technical protection measure that is designed to keep her from watching the show without paying. It’s a violation of the CFAA because it means that she is knowingly accessing a protected computer without authorization (or, at least, exceeding authorized access). There may be some questions about whether or not the data she obtained exceeds $5,000 in value, but it wouldn’t be that hard for a inspired US Attorney to come up with some way to count it as such. After all, they made that claim with Aaron Swartz and all he was downloading was academic papers that have little or no actual commercial value. Wortham is admitting to streaming some of the most popular (and expensive to produce) content out there.
No, no one thinks that anyone is likely to actually go after Wortham, but this story highlights why both of those laws are highly problematic and are in serious need of immediate reform. Just the fact that Wortham could find herself on the receiving end of lawsuits (both criminal and civil) over both of those laws (and considering her public admission to the key facts, she might have a difficult time pleading innocence) shows why those laws desperately need to be fixed. A quick look through Wortham’s writings this year suggest that she has not written about either of these issues. While it may not directly be considered her “beat,” the fact that this latest article leads to inadvertent admissions to breaking two laws — one of which can result in $150,000 in statutory damages and the other a felony charge and potential jail time — suggest that perhaps it should be something worth covering.
All that said, her article is actually pretty interesting, and worth reading. While it starts out talking about how people are sharing their accounts, it also notes that many of these services are really falling down on enabling easier community and sharing features among friends or the wider community of people who like the same content. I agree with all of that, though I don’t think people should face penalties for breaking these two incredibly obsolete laws to explore the topic.
Filed Under: anti-circumvention, cfaa, dmca, exceeds authorized access, hbo go, jenna wortham, shared accounts, streaming
Comments on “In Which NY Times Reporter Jenna Wortham Accidentally Reveals How She Violated Both The CFAA & The DMCA”
Actually it’s worse than Swartz. He downloaded things that were freely available in big quantities. She’s (ab)using a PAID subscription.
Using Hollywood accounting and “Carmen’s handy book of charges and penalties” HBO lost over a billion dollars due to her broadcasting over a very long cord of a paid service and should face 43 felony charges and up to life imprisonment + 75 years. In case Disney has its way it could be perpetual.
Ahem.
Well, why has she not been arrested and told to serve 35-50 years yet? She has a written confession saying that she’s violated these laws.
Hit her with the book, or get the fuck out.
Re: Re:
Simple.
The US Attorneys office is completely corrupt.
They have no intention of enforcing the law, unless that enforcement achieves a political goal.
Let’s hope HBO doesn’t read this article, because if they do, you can bet they’re going to find a way to ensure there’s only 1 account per user and the IP address will be restricted to that account with *no* exceptions.
It’s also not going to be surprising if this lands her in legal hot water because it’s pretty much an easy win for an over-zealous “Watch my career grow” prosecutor.
Re: Re:
Fortunately, or unfortunately domestic connections do not use a fixed IP address, it is liable to changes whenever you restart your connection.
Re: Re: Re:
That’s not a problem for HBO. They just pop up a helpful message stating that you need to create a new account because your IP address has been pirated. Something along the lines of, “Someone has pirated your IP address. You need to create a new account. See how it feels to have your property pirated from you?”
Re: Re: Re: Re:
And of course pay a nominal fee for transferring your old account to the new one.
Re: Re:
HBO Go is meant to be watched “on the go”, so limiting it to just 1 IP address per account would be rather stupid.
In my opinion it’s worse that they *do not* charge her.. The fact that they selectively enforce these rules and laws just makes things worse. It keeps everyone from understanding what would be obvious if they were strictly enforced (that the majority of people would consider them just plain wrong) and allows them to still allows them to bully particular people for effect or for whatever other reasons they want.
That said, abuse of streaming services like the sort that Wortham touts in her article is exactly why we have problems like the DMCA. In my opinion, this issue would be better solved with something like not allowing the same account to simultaneously stream to 30 different end user locations, but maybe thats just because I’m not a politician.
Re: Re:
It just further proves that laws are only for the people who cannot afford them.
Re: Re:
Most services already prevent you from streaming to too many locations.
Netflix already prevents you from streaming to more than one device at a time: https://support.netflix.com/en/node/29
It’s surprising how little this impacts most people.
What’s (unfortunately) less surprising is how outdated other laws are as well. If she had said she was inviting everyone to her house to watch the show then it might have been considered a “public performance.” Something that she would need a license for.
Re: Re: Re:
There are de minimus rules in this regard, making it unlikely that she would face consequences for that. Unfortunately de minimus in western countries are qualitative as in “a measure of the relative damage the type of infringement cause”. I think that is the scandal in copyright law: If everyone knew that 10 people were the maximum for a private showing within the rules, safety copies of 2 cds constituted the maximum allowed and traversing borders with 20 DVDs were the limits people could respect the laws.
Re: Re: Re: Re:
Sure, they would respect them until they had 11 people at their place, needed 3 safety copies or bought 21 dvds abroad.
Re: Re:
The fact that they selectively enforce these rules and laws just makes things worse.
Where’s that quote I mentioned just the other day.. Oh yes! Here it is taped to my monitor:
?Ubiquitous, seldom-prosecuted crimes invite arbitrary and discriminatory enforcement.? – Ninth Circuit
Criminal charges against Jenna Wortham for conspiracy to commit copyright infringement being filed in 3… 2… 1…
“It’s also not going to be surprising if this lands her in legal hot water because it’s pretty much an easy win for an over-zealous “Watch my career grow” prosecutor.”
Possible, but I doubt it. She has the entire financial ‘weight’ of her employer behind her, and suing a high profile person isn’t the kind of publicity they want. They are like grade school bullies, they only go after those they are certain can’t or won’t fight back.
Re: Re:
They are like grade school bullies, they only go after those they are certain can’t or won’t fight back.
Much like patent trolls.
Welcome to the new justice.
Just curious, but why should she NOT be in trouble over this?
Granted, it shouldn’t be a felony and shouldn’t be $150000 in civil damages… but I don’t think that her actions should be considered OK.
Re: Re:
The user that is sharing his account counter to his agreement with the streaming service should get in trouble. From the service provider (assuming they have made it clear that this behavior is not allowed). They should warn him / ban him / whatever.
Then they should fix their system so this problem doesn’t occur.
Re: Re:
I’m not using my subscription at the moment, nobody else is logged. What’s the problem of letting a friend take a peek?
Re: Re: Re:
It’s the same sort of problem as getting one “All you can eat” and sharing it with the whole restaurant. It’s not a scarce resource like food, the problem there isn’t that you are using too much food, the same problem applies with any “unlimited” service, bus passes, whatever. The problem is that isn’t what you paid for is unlimited access to the service for yourself not for unlimited access to the service for everyone.
Re: Re: Re: Re:
“The problem is that isn’t what you[. What you] paid for is unlimited access…”
Re: Re: Re:2 Re:
lol, need edit button!
Re: Re: Re: Re:
And it’s just another way that non-authorised services offer a better service than the authorised services.
This is taken from a non-US news group provider:
A XXX account will be assigned to one user, account sharing is possible! But your XXX account can’t be used simultaneous with full connections, however simultaneous sharing is possible. For example: You have a account/package with 12 connections; Client 1: can use 6 connections and Client 2: 6 connections. This way you are able to download simultaneous from 1 XXX Usenet Account
Funny how they don’t want to lock up their own paid for service and are actively promoting sharing the service.
It’s worth noting that the above comes with 50 connections which means you could theoretically share the one subscription with 50 people.
Re: Re:
but I don’t think that her actions should be considered OK.
Why not? Can you not lend a DVD? Can you not record a series off cable or another stream onto media of choice and offer that to a friend?
Re: Re:
I agree on the question, but disagree with your reason. The question “Why should she NOT be in trouble over this?” is a valid question. She has clearly broken the law. If it’s stupid to enforce the law over this, then the law is stupid and should be removed, not just unenforced. Selectively enforced laws are what despots, dictators, kings and tyrants do. Your essentially free at the whim of the government. That is wrong.
As for what she’s doing being wrong, I’m not seeing it. If the guy gave her his credentials freely, then what’s wrong with her using it? If he doesn’t want her to access it, he could change the password and be done.
Re: Re: Re:
“As for what she’s doing being wrong, I’m not seeing it. If the guy gave her his credentials freely, then what’s wrong with her using it? If he doesn’t want her to access it, he could change the password and be done.”
The guy doesn’t care – it’s the company selling the service that cares. They likely lose customers. Sure, not everyone would pay… but if people are going so far as to remember someone else’s login credentials, there’s a pretty good chance that they like it enough to consider paying.
In the extreme, imagine if only one person bought the service and posted their credentials for everyone to use.
I agree that selective enforcement is bad. If you’re not going to even try to apply a law equally, don’t have that law at all.
Re: Re: Re: Re:
As her authorised access is none, she is exceeding her authorised access. Further she is misrepresenting who she is while on the Internet. That is at least two counts under the CFAA.
Re: Re: Re:2 Re:
Re: Re: Re:
Chosen, it’s illegal because passwords could be considered a “technological measure” to prevent access to copyrighted works. Thus even if someone freely gives you their password, by using it you have violated the DMCA since it’s intended to prevent you from doing so.
I’m still trying to figure out at what point we decided it was OK to sell things and yet still keep ownership of them. If someone sold me a chair 15 years ago, and then told me if I stood on it instead of sitting they’d take it back and fine me hundreds of dollars, I’d have laughed at them.
Now I’d have to laugh nervously and call my lawyer. It’s ridiculous and why the copyright maximalists have lost any semblence of moral high ground.
I’m not asking for free chairs. I’m not demanding free chairs. I just want the person who sells me a chair to go away and leave me alone after I’ve bought it, whether I intend to use it as a chair, a stool, or to use it as a model to make my own chair.
We’ve criminilized the entire country and it needs to stop.
Which begs the question...
…what if you’re visiting someone who does have the paid subscription, you both sit down to watch the show, and then that person leaves as soon as it starts? Is it illegal for YOU to keep watching it?
How about if your friend (with the subscription) comes to your house, fires it up there, and you both watch it?
Tooooooo many “what ifs”.
Re: Which begs the question...
If you pay and go to your friend’s house, who has also paid, does one of you get a refund?
Re: Re: Which begs the question...
No No, you get to pay extra for the public performance:/
Maybe you should tell her
If you notify her about the issue and discuss it with her, perhaps she’ll be willing to write something along the topic to give it an additional avenue of coverage.
Aren't there many laws criminalizing "normal" activity?
One of the key issues that critics of both laws have pointed out, repeatedly, is how they criminalize things that most people don’t really think are bad or illegal.
This is a serious problem today. There are many, many ways to become a criminal. Many of those ways are for very minor things or things that the majority of people disagree with. The more good people we turn into criminals and ruin, the more social dependence we will have. We should be building people up, not knocking them down.
Where is the government that is Of the people, By the people and for the people?
That’s a violation of the anti-circumvention clause of the DMCA, as she is circumventing a technical protection measure that is designed to keep her from watching the show without paying.
Um. Wow. Could you be any more of a FUD-packer? I doubt it.
Using somebody else’s password is not a DMCA violation:
Egilman v. Keller & Heckman, LLP., 401 F. Supp. 2d 105, 113-14 (D.D.C. 2005).
Have you ever considered doing one minute of research before spouting your ridiculous FUD? I doubt it. It took me literally 10 seconds to find that quote.
It’s a violation of the CFAA because it means that she is knowingly accessing a protected computer without authorization (or, at least, exceeding authorized access).
Which section(s) of the CFAA specifically do you think she violated? Let’s look at the elements and the case law there. Something tells me this is pure FUD too, but I need you to be more specific.
Re: Re:
Lol, I wonder if that court realizes that most ways to circumvent DCMA include somehow finding a valid keycode or user/password combo and using it.
Re: Re: Re:
I’ve found three courts so far that say it’s not a violation of the DMCA, and none that say it is–but I’ve only been researching it for five minutes. The funny part is that Mike, who goes out of his way to say that something doesn’t violate copyright law, is jumping the gun and saying that this does. It’s hilarious–he’ll say whatever it takes to pump out the FUD.
Re: Re: Re: Re:
It’s a CFAA violation to share password, not DMCA. RTFA
Re: Re: Re: Re:
for me the funny part is how screwed up these laws are that the courts have to try and twist the words like this to try to make some sort of sense out of them.
This is exactly how every single keycode generator works,
Of course hacking a valid key and using it is circumventing the lock. The lock isn’t there to make sure people are able to hack keycodes, it’s there to prevent unauthorized access. Gaining access without authorization is circumventing the lock. Anyone who says differently is wrong.
The part you mention isn’t very funny, it’s still criminal anyway regarless if it’s actually violating the DMCA so that part is just a technicality if it’s wrong.
Re: Re: Re:
The best part is, if she actually gets sued for a DMCA violation, Mike would do a 180 and defend her to the end of time. It’s hilarious that Mike writes an article claiming that someone has violated copyright law when there’s a good, perhaps winning, argument that she has not. The cognitive dissonance here is so stupid that it hurts. Great job, Pirate Mike. I guess you’re not “doing journalism” with this one, right? LOL!
Re: Re: Re: Re:
Apparently you missed the entire point of the article.
It’s not that Wortham did something morally wrong, it’s that the LAW is wrong.
This sentence might help unclog your cognitive dissonance:
Just the fact that Wortham could find herself on the receiving end of lawsuits (both criminal and civil) over both of those laws (and considering her public admission to the key facts, she might have a difficult time pleading innocence) shows why those laws desperately need to be fixed
Too bad your hatred of anyone that doesn’t worship IP is interfering with your comprehension.
Re: Re: Re:2 Re:
Mike said she violated the DMCA. He is accusing someone of violating copyright law, when, as far as I can tell, she is not. The irony is so thick that it’s palpable. Mike was trying to use her as an example of someone who thinks it’s OK to break the law because he wants everyone to think the law is dumb and OK to break (all the while pretending like he’s really, really on the fence about copyright, and he just can’t decide whether he really, really thinks it’s worth having or not–like there is ANY possibility whatsoever that Mike has not 100%, absolutely, positively already made up his mind about the propriety of copyright). The irony is that he’s accusing someone of violating copyright law when she probably isn’t, and 99% of the time he’s arguing that someone who obviously is violating copyright law is not. Get it? Of course, he won’t come into the comments and address any of this, as per usual. He’ll just keep pumping out idiotic, copyright-bashing, stupid post after post. The only thing he cares about is destroying copyright. He only wants to disparage it and make it look bad. Yet, he PRETENDS, like, gee, he can’t decide how he really feels about it. LOL! Right. I can’t believe that someone can lie so much. I truly can’t believe it. It’s incredible to me. Seriously. Mike, we all fucking know that you HATE copyright more than anything else on earth. Stop fucking lying! You are a liar, and you know it!
Re: Re: Re:3 Re:
I can think of no better response to this wall of text than the following clip from Star Wars:
http://www.youtube.com/watch?v=PFkAAvDkj9k
Re: Re:
My neighbor gave me the key to his house so I can water his plants while he’s on vacation. Apparently the minute I entered his house, I committed breaking and entering, because the lock was designed to keep me out. Is that the logic we’re employing here?
Re: Re: Re:
My neighbor gave me the key to his house so I can water his plants while he’s on vacation. Apparently the minute I entered his house, I committed breaking and entering, because the lock was designed to keep me out. Is that the logic we’re employing here?
It’s your neighbor’s house and neighbor’s key. You have explicit permission to enter. How in the world is that breaking and entering? You don’t make any sense.
Re: Re: Re: Re:
My point, exactly. It’s my neighbor’s HBOtoGo, it’s his password, and I have explicit permission to use it. So how is that a crime?
Re: Re:
Good job finding that.
“Which section(s) of the CFAA specifically do you think she violated? Let’s look at the elements and the case law there. Something tells me this is pure FUD too, but I need you to be more specific.”
I assume it has to be this section:
“knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period”
“knowingly”
Check.
“and with intent to defraud”
Her intent here is to not pay the subscription fee.
“accesses a protected computer”
There’s a password involved, so it’s protected.
“without authorization, or exceeds authorized access”
She is not an authorized user. I doubt the exception you cite above would apply here. In fact, the court uses the words “the username/password combination used by defendants to enter Egilman’s website without authorization“.
“and by means of such conduct furthers the intended fraud and obtains anything of value”
She obtained the Game of Thrones content, which has value.
“unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period”
I’m pretty sure the content is considered to be more than “use of the computer”, and therefore the $5000 threshold does not apply. I could be wrong on that part.
Re: Re: Re:
Of course, there’s also THIS section:
“(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if?
(A) such trafficking affects interstate or foreign commerce”
And from section 1029:
“the term ?traffic? means transfer, or otherwise dispose of, to another, or obtain control of with intent to transfer or dispose of; “
Re: Re: Re:
Re: Re:
“Have you ever considered doing one minute of research before spouting your ridiculous FUD? I doubt it.”
Have you ever considered not being a complete asshole, but instead contributing to the discussion in a mature and adult manner? I doubt it.
Re: Re: Re:
I’m totally being an asshole, because he deserves it. He’s even accusing someone of violating copyright law, and none of you guys can even admit the irony. And really? His dumb argument that she’s acquired something valued more than $5,000 by watching GoT with somebody else’s HBO Go password? Wow. It’s so dumb it hurts. And you guys lap it up. Sorry, but I call 100% bullshit. Beautiful, ironic, idiotic bullshit. Yet you guys are incapable of being critical. It’s delicious. Mike’s too scared to even respond. I love it.
Re: Re: Re: Re:
If Mike is scared at all, it’s because of your obsessive fetish for him. Frankly I wouldn’t blame him, you belong in a mental ward.
Re: Re: Re: Re:
Mike accused this woman of violating the DMCA and the CFAA. Both claims are unsupportable. If she were actually charged with either, he would be defending her with every argument he could find or think up. But because with these “the law is so dumb” posts he has to say that someone violated the law, he takes his defensive hat off and pretends that using a password in this way is illegal. His argument changes depending on the circumstances of the point he’s making, not based on an actual application of the actual law. It’s FUD, pure and simple. Mike’s specialty. I prefer reality myself.
Re: Re: Re:2 Re:
Mike accused this woman of violating the DMCA and the CFAA. Both claims are unsupportable.
Have you read the charges against Aaron Swartz? He used a built-in function of JSTOR and a script to access free information and was being threatened with potentially years in prison. He even had legal access to the content.
Yet you find the idea that someone with unauthorized access to commercial content is an unsupportable claim?
Under our current laws she absolutely violated at a minimum the CFAA, and would probably lose against DMCA charges as well considering she is accessing copyrighted material based on unauthorized access to that material. The man who gave her the password had “permission” from the creator (HBO). She did not. Hence copyright infringement, regardless of the technical means to access the data.
If anything I would argue Mike is being too conservative with the law. Laws should not be based on whether or not some judge thinks they make sense in a specific context. They should be clear, and it should be clear when they are violated. The CFAA and DMCA are anything but clear and should be removed or replaced with something that is.
Re: Re: Re:3 Re:
I have read the charges against Swartz, and what he did was actually a violation of the CFAA. Nothing like this woman here who merely used someone else’s password. The two aren’t even comparable.
“I doubt it.”
Who cares what you think?
Re: Re:
Apparently you do.
Re: Re: Re:
I do?
Pray tell how? Simply by asking who cares what you think?
Clearly, its you who thinks people care a wit about anything you say.
In Which NY Times Reporter Jenna Wortham Accidentally Reveals How She Violated Both The CFAA & The DMCA
I’d change it:
In Which Techdirt Nonjournalist Slacker Malcontent Mike Masnick Accidentally Reveals That He Doesn’t Do Any Research Before Accusing Others Of Violating The DMCA
That’s better.
Steal your next copy of the New York Times
When you steal your next copy of the New York Times, just make sure that you share it with a couple of your friends, or even a stranger, because that makes your theft of it okay. Do I have that right, Jenna? Because that seems to be the basis of your defense.
(I wonder if Jenna Wortham has ever taken two minutes to consider how copyright basically ensures her paycheck?)
Re: Steal your next copy of the New York Times
Actually, just share your subscription password to the NYT paywall site with all of your friends and see what they think about that.
Mike–
This’ll be fun. YOU make the argument that she’s violating copyright law, and I’LL make the argument that she’s not! C’mon! You really, really believe that she is, right? Or else there’s no way you would have said it, right? I mean, you wouldn’t say something that you think is not true, right? You wouldn’t mislead your readers to make copyright look bad, would you? You’re ALL about fact-based reality and not spreading FUD, right? Of course you are! You never misrepresent anything! Back it up! Let’s do this! I’ve already quoted some case law. Your turn!
ROFLMAO!
Re: Re:
Nice try AJ.
Re: Re:
How high was your blood pressure when you wrote this?
Re: Re: Re:
I come here for shits and giggles. Mike Masnick’s idiocy and desperation please me no end.
Thanks for the fun times, Mikey!!!! You’re the best.
When did people get antisocial?
It used to be that people used to get together to “watch the big game” on someone’s television. They’d make a thing of it; get their families together. Why not for Game of Thrones? One person had a subscription. Why couldn’t everyone come over and make a thing of it. Maybe have a Game of Thrones marathon leading up to it.
Jesus, maybe I’m getting old, but openly admitting you’re breaking the law (which I admit wouldn’t have to be broken if content providers catered to our needs better), seems like a dumb idea especially when you’re also openly admitting to being lazy and antisocial.
Kids these days.
Sharing a password to HBO Go is not going to violate CPAA.
I just locked my phone so I could unlock it again, I feel a little bit better now. Shit I’ve done that for years so I could use it on whatever service provider I fucking choose and whatever content I decide I would like.
A government by the people for the people
?Governments, if they endure, always tend increasingly toward aristocratic forms. No government in history has been known to evade this pattern. And as the aristocracy develops, government tends more and more to act exclusively in the interests of the ruling class — whether that class be hereditary royalty, oligarchs of financial empires, or entrenched bureaucracy.?
-Frank Herbert – Children of Dune
To raise a point that I think AC 2:35 was making, I don’t get why Mike thinks this reporter would be subject to 150k in statutory damages. Those are available for copyright infringement, not DMCA violations. The post above doesn’t really explore the copyright infringement angle.
What if
So… What if I go to a friends house, who has HBO, and watch it there? Am I stealing content?
Why isn’t Mike here arguing that she violated the DMCA and the CFAA? Hmmm… I wonder.
LMAO at Mike! Total douchebag FUD-Packer.
Re: Re:
Do you ever get tired of wallowing in your own excrement?