A federal court recently ruled that using user names and passwords that do not belong to you is not an illegal act according the Digital Millennium Copyright Act (“DMCA”).
Plaintiff Egilman maintained a website that was only available to visitors who entered a correct username and password. He had employed such measures so that only certain people (e.g., his students) would have access. Egilman alleged that, without authorization, the defendants obtained the correct username and password combination, and subsequently gained “improper and illegal” access to the site.
The federal court has made the following statement:
the DMCA and the anti-circumvention provision at issue do not target the unauthorized use of a password intentionally issued by plaintiff to another entity
It was irrelevant who provided the username/password combination to the defendant.
So the bottom line is: If someone is using the correct user name and password on a technical device, they are not breaking the law, even if they got the password illegally.