This weekend, New York Times tech journalist Jenna Wortham made a confession that could be used to send her to prison for a year or more. What was the startling criminal admission? She uses someone else’s password to sign into HBO Go to watch “Game of Thrones.”
In the piece headlined, “No TV? No Subscription? No Problem,” Wortham wrote:
[Some friends and I] all had the same plan: to watch the season premiere of “Game of Thrones.” But only one person in our group had a cable television subscription to HBO, where it is shown. The rest of us had a crafty workaround.
She says “crafty.” A federal prosecutor might substitute “illegal” there….
We were each going to use HBO Go, the network’s video Web site, to stream the show online — but not our own accounts. Our behavior — sharing password information to HBO Go, Netflix, Hulu and other streaming sites and services — appears increasingly prevalent among Web-savvy people who don’t own televisions or subscribe to cable.
While Wortham was aware that the companies she contacted for comment about this might not be happy about her accessing their services for free, she seems wholly unaware that the activity was potentially illegal, violating a law that the whole tech world has been hating on for months due to its role in the death of Internet activist Aaron Swartz. Amazingly, the New York Times doesn’t seem to have heard of it.
After the Times got a flood of complaints about Wortham committing piracy by jumping over entertainment providers’ pay walls, its public editor Margaret Sullivan addressed the issue in a column. Strangely, Sullivan only addressed the ethics of password-sharing not the legality of the practice, concluding by saying that Wortham might write another column “exploring the ethical issues” and might now instead watch “Game of Thrones” at a bar.
It was left then to Mike Masnick at TechDirt to point out that Wortham had admitted to violating federal laws, including the Computer Fraud and Abuse Act (or CFAA) which has been the target of heated debate given its use in the controversial prosecutions of AT&T iPad hacker Andrew “weev” Auernheimer and public document hacker Aaron Swartz. It’s the same law that prosecutors used to go after Lori Drew in the now infamous MySpace case. The CFAA makes it a crime “to obtain without authorization information from a protected computer.” It’s a misdemeanor with a maximum one-year prison sentence. What Wortham describes is unauthorized access, as many prosecutors have been defining it, in that it violates the companies’ terms of service.
“[I]f someone is violating Netflix or HBO Go’s TOS to stream they are guilty of a misdemeanor CFAA right off the bat,” says Hanni Fakhoury of the EFF. And if the worth of the stolen information or damage caused in its procurement reaches $5,000 (that’s a lot of HBO episodes!), it could be a felony with multiple potential years of prison time.