By putting themselves out in front as the victims, the Recording Industry Association of America (RIAA) helped reshape the governing norms of the times, and as a result, people viewed the act of file-sharing differently. By forcing people to see music downloading as a form of theft, the RIAA was quite successful in deterring it. In the process, they also proposed a radical view of theft that changes our basic economic understandings of the action[...] This paper argues that the RIAA's model for deterring music theft could be successfully used to deter many other forms of computer theft, and, specifically, stealing passwords. By focusing on the victim, content-providers can alter people's views of their own actions, thereby properly bringing what was once an innocuous activity into the realm of the criminal where it belongs. To accomplish this task, however, we have to comport our traditional views of theft to the realities of the Internet. First, economic notions of rivalry and non-rivalry are undermined in a digital world where data is infinitely copyable, and these notions need to be updated appropriately. Secondly, finding real space analogues to password theft is important when locating an existing legal framework in which to work. This Note attempts to do both. Part I of this Note gives a brief background and explication of rivalrous and non-rivalrous theft, and the problems that the Internet poses, specifically in the music downloading area. In so doing, I propose a new way of conceiving of rivalry that fits into the realities of digital networks. Part II is an analysis of password theft, in particular the distinction between first-party and second-party password theft. First-party password theft concerns actions--stealing personal identification numbers and the like--that are probably familiar to most readers. Second-party password theft, however, is a far more radical notion that is crucial for understanding why password theft in general is criminal, and why it can be so damaging. I analogize first and second-party password theft to larceny and embezzlement, respectively; the purpose of this is to provide a legal framework for analyzing password theft as a criminal activity. Additionally, I show how the updated views of rivalry proposed in Part I allow us to evaluate properly the harm that password theft causes. Finally, Part III argues that by following the model of the RIAA, the government, content-providers, and law enforcement can effectively deter password theft in a variety of ways.
Daniel S. Shamah,
Password Theft: Rethinking an Old Crime in a New Era,
Mich. Telecomm. & Tech. L. Rev.
Available at: http://repository.law.umich.edu/mttlr/vol12/iss2/3