Have you ever “borrowed” a friend’s password to access an online service or application — perhaps to watch a popular television show that you don’t have access to? Or maybe you only needed to edit a few photos, so you didn’t want to shell out for the full version of a photo editing application?
While sharing passwords and subscriptions, whether to the local newspaper or an expensive computer application, might seem like it isn’t a very big deal, it’s actually breaking the law. That’s right: In some cases, if you are caught sharing a subscription, you could be charged with a crime and face fines or even jail time. That’s because, in a sense, what you are doing is (technically) a form of software piracy.
Subscription Sharing and Software Piracy
According to a recent survey by the Business Software Alliance, more than 40 percent of the 15,000 people surveyed admitted to sharing their login credentials for paid cloud services with other people in their organizations — and 56 percent of the respondents in that same survey admitted that the practice “isn’t right.” However, many people claim that they share credentials as a cost-saving measure; after all, it’s less expensive to purchase one license for several people to share than it is to purchase access for everyone. Users argue that since most applications allow simultaneous logins from multiple devices, it shouldn’t matter to developers who the actual user logging in is.
In a sense, the BSA agrees. The president of the BSA, upon the release of the survey results, noted that sharing login credentials to paid services doesn’t technically constitute piracy per se, but it does potentially represent a violation of the terms of service governing the use of the application and lead to license abuse. However, others have criticized the BSA’s stance, noting that login credential sharing is in fact a clear violation of service agreements, even if the application allows for multiple simultaneous logins. It’s also a violation of the law.
The Computer Fraud and Abuse Act (CFAA) considers unauthorized access of protected information from a computer to be a crime, and that particular clause has been used in the prosecution of several high-profile hackers. According to CFAA, even if someone is using another person’s login credentials with permission, because such an act violates most terms of service contracts, that access is unauthorized and therefore illegal.
Even so, it doesn’t seem to be stopping most people, and many major companies that offer content and services via the cloud aren’t overly concerned about login sharing in general. In fact, some argue that using the cloud will actually reduce software piracy, since it’s virtually impossible to make and sell illegal copies of software that runs in the cloud. Still, the BSA has raised some concern about “gray clouds,” in which an individual or organization establishes a private cloud to run certain applications and sells access illegally, constituting a form of piracy. However, gray clouds are exceedingly rare, given the relative scarcity of private clouds.
Preventing License Abuse and Login Piracy
Because there is some legitimate concern about the issue of login sharing and piracy, some developers have begun taking steps toward curbing the problem. The most obvious solution would appear to be limiting simultaneous logins; if only one person can log in at a time, the chances of excessive credential sharing go down significantly. Many companies are reluctant to do this, though, since customers expect to be able to access cloud-based applications from multiple devices, and restricting access could lead to lost market share.
Instead, developers are turning to other forms of technology to curb subscription sharing. Some have turned to encryption solutions, which only allow the software to run on devices where the encryption key (either hardware or software based) is present. Two-factor authentication is also becoming a popular solution for restricting multiple users. Continuous monitoring of usage patterns, log in attempts, and IP addresses also help developers identify license abuse and take steps toward ensuring they receive compensation for their products.
With more applications moving away from physical products and into the cloud, the issue of subscription sharing — particularly the legal and ethical implications of sharing credentials — will most likely move to the forefront in the battle against software piracy. In the meantime, businesses are advised to review the terms of service of any cloud-based services, and respond appropriately to any credential-sharing violations.
About Carson Derrow
