Improperly Sharing Website Login Info Could Be Federal Crime

Sharing or borrowing login credentials to a paid website or online account in a way that is prohibited by the site’s Terms of Service could get you into trouble for violating the Computer Fraud and Abuse Act.

This is what is alleged in the case KWG Partners, LLC v. Jeremy Sigel, JNS Reality, John Does 1-13 that was filed on June 16, 2011. KWG Partners operated a paid website that provided a niche service to management of city buildings. Customers who paid the fee to use the service were assigned usernames and passwords to access the site. The site’s Terms of Service that had to be accepted to use the site prohibited the customers for using the service for anything other than their own business. That is, the TOS prohibited sharing the login credentials.

KWG Partners discovered that Jeremy Sigel’s was being accessed with his username and password from 13 unique IP addresses located in many different places. This indicated that he was sharing his login credentials with others. KWG Partners sued Sigel and several others for, among other things, violation of the Computer Fraud and Abuse Act.

The court hash denied a request for pre-answer, ex parte discovery (ORDER) because there were no exigent circumstances to justify the request. It has not, however, ruled on the substantive merits of the Computer Fraud and Abuse Act claim though this seems to be a pretty clear violation of the CFAA.

LESSON: When it comes to paid websites with Terms of Service that prohibit sharing of login credentials, do not share yours with others and do not borrow others from them.

Using a fake login to access a website may violate the Computer Fraud and Abuse Act

BEWARE: if you create a fake login to access and obtain information from a website you could be violating the Computer Fraud and Abuse Act.

This is what was alleged in a lawsuit against AtHomeNet, Inc. in the lawsuit Associateionvoice, Inc. v. AtHomeNet, Inc. Ultimately the parties reached a settlement that led to the entry of a Final Judgment against AtHomeNet, Inc. and included a relatively broad permanent injunction prohibiting it from using any information gained through the improper access to the website. The court filings do not indicate whether there was a financial component to the settlement. To read more about the lawsuit go HERE where you can view a copy of the  Final Judgment.

The lesson here is that you, your company, and your employees should not access websites in violation of their Terms of Service and/or through the use of fake login information. That is a no-no that can get you in trouble under the Computer Fraud and Abuse Act.

An Adequate Disclaimer for Computer Fraud and Abuse Act?

The DISCLAIMER to an article on InvestorsInsight.com really got my attention when I saw it because it specifically puts users on notice of the need to review the privacy policies on websites linked to that page and that any attempts to monkey around with the website are prohibited by and will be prosecuted under the Computer Fraud and Abuse Act (“CFAA”):

Please review the privacy policies on those Websites to understand their personal information handling practices. We make no representations concerning the privacy policies of these third party Websites.

Unauthorized attempts to upload information and/or change information on any portion of this site are strictly prohibited and are subject to prosecution under the Computer Fraud and Abuse Act of 1986 and the National Information and Infrastructure Protection Act of 1996 (see Title 18 U.S.C. §§ 1001 and 1030).

Please note: Changes to this legal statement or to the privacy policy will be documented here. Check back periodically for the latest updates.

This is one of the first disclaimers I have seen that specifically reference the CFAA and it got my attention. What do you think, does this give adequate notice that the website owner really means what it says in its Terms of Service?

The article is Review of Tiffany (Dividend Growth Portfolio) and was posted by Steve Cook — thanks Steve, for the article and especially the Disclaimer! As a lawyer and student of the Computer Fraud and Abuse Act, I appreciate it!