Was The Democratic Party Violating the Law by Using Research Sites Without Properly Paying?

Yesterday, Guccifer 2.0 released another set of hacked information -- this time taken from the Democratic Congressional Campaign Committee.

Although there few political revelations in the release, there was something of interest: the DCCC may have been using research journals such as Lexis-Nexis and NewsBank without properly paying for licenses for all users.

Not only would this be against the Terms of Service -- it can, in fact, be a criminal offence.

Guccifer 2.0 released several password documents yesterday, but one in particular caught our eye. The "Coordinated Shared Passwords" listed several dozen passwords for online journals that the DCCC was using.

The DCCC intended to share these user accounts and passwords among staffers, but this is often a violation of Terms of Service, and it may in fact be criminal.

According to the anti-circumvention provision Digital Millennium Copyright Act (the same law that is used to threaten music/movie sharers), anyone who does the following may be committing a criminal offense:

No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

...

A) to "circumvent a technological measure" means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and (B) a technological measure "effectively controls access to a work" if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

If the DCCC was improperly sharing accounts, it appears that they knew what they were doing.

The header at the top of the leaked password document hinted that they may have been doing something improper. It said, "NOTE: Please check with your colleagues before using their password to limit conflicts."

So did the DCCC access these accounts without authorization?

Software license terms are often extremely complex, and there can be terms tailored to specific organizations. It's possible that the DCCC had special licenses to the online journals that allowed users to share accounts; however, this is uncommon.

Generally all authorized users are granted an account, and special permissions are set to allow or deny access to content when someone else is accessing it. So without knowing whether the DCCC had special agreements, we can't be sure.

What we can be sure of, however, is that they would have violated the standard terms and conditions by sharing accounts:

The standard Lexis-Nexis Terms and Conditions say:

1. GRANT OF RIGHTS; RESTRICTIONS ON USE 1.1 You and your Authorized Users (defined below in Section 2.1) are granted a nonexclusive, nontransferable, limited right to access and use for research purposes the Online Services and Materials made available to you.

...

(f) For the avoidance of doubt, downloading and storing Materials in an archival database is prohibited. The Online Services and the Materials are protected by copyright, intellectual property laws, and other laws that prevent unauthorized access and use. If you are not an Authorized User, you are not permitted to access or use the Online Services for any purpose whatsoever.

These terms clearly prohibit sharing of accounts.

Similarly, NewsBank has these terms:

If you are a subscriber of our services, once you have logged to Our Web Sites, you may be granted a nonexclusive, nontransferable, limited license to access for research purposes the information or materials available on Our Web Sites subject to the specific agreements, policies, instructions, statements, laws, and regulations relating to such services and such materials.

Only individuals authorized by us may log on and access and use the services, materials, information or products available on Our Web Sites. You may not use an identification number to log on to or access Our Web Sites from outside the country for which the identification number was issued. Your identification numbers(s) may be restricted from accessing certain services, materials, or products available on Our Web Sites. Materials, products, or features may be added to or withdrawn from Our Web Sites or may otherwise be changed without notice.

These terms also are very clear about not allowing transfer of accounts. And many of the other journals have these terms as well.

So the what's the verdict? If the DCCC had standard license agreements with these organizations, they were in clear violation. If they had special arrangements with the organizations, they may not have been.

We will have to wait to see what happens with this story. In the meantime, we will keep you updated on any new revelations.

Wanna read more on this? Check these out: Shocking: Did Middle Eastern Government Sell Election Access to Hackers? (more); Top 10 Donald Trump Live Tweets From the Democratic Debate (more).