From [link|http://www.theregister.co.uk/content/55/35942.html|El Reg]:
In a little-observed civil lawsuit involving tracking of magazine subscriptions, a federal court in Manhattan issued a ruling last week that could theoretically result in prosecutors going after people who use another person's password and userid with their permission, but without the permission of the issuer.
The case, decided last Monday, arose out of a dispute between two competing companies, Inquiry Management Systems (IMS), and Berkshire Information Systems, both of which tracked magazine advertisements for their clients. Employees of Berkshire obtained a userid and password from a client of IMS, and used them to access IMS's website and tracking service. This act violated the customer's agreement with IMS.
[...]
But the court took a more expansive reading of the federal Computer Fraud and Abuse Act, which punishes anyone who:
intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damages; or intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damages; and by [this] conduct ... cause[s] ... loss to 1 or more persons during any 1-year period ... aggregating at least $ 5,000 in value ...
The statute defines "damage" as "any impairment to the integrity or availability of data, a system, or information" and allows a civil lawsuit to be filed by "[a]ny person who suffers damage or loss by reason of a violation."Ambiguous Language
According to Judge Buchwald in the Southern District of New York, Berkshire violated this law. The court reasoned that using the userid and password in violation of a contractual provision was an unauthorized access.
We be baaaad