But... the fact that the servers honored the code being used multiple times _is_ permission.
I'm not sure. It's my understanding that the intent (and legal TOS) of the code was "limit 1 per customer. Non-transferrable." The fact that the server allowed it doesn't change the fact that the intent was for it to be used once.
Imagine a bowl of candy out during Halloween. There is a sign that says "Take only one". The fact that this house failed to implement a means of controlling how many people take doesn't make it OK to take two handfuls.
The important distinction in this case is what the legal language of acceptable use was, and not what was possible through the (broken) server. If you fail to print "limit one per customer" on your coupons, that's a lesson learned. If you DO print "limit one per customer" but fail to validate that at the self-checkout lane, and people abuse it, that's fraud.
*This all predicates on whether the actual language stipulates that the code really is only good for a single, non-transferrable use.
I'm not sure. It's my understanding that the intent (and legal TOS) of the code was "limit 1 per customer. Non-transferrable." The fact that the server allowed it doesn't change the fact that the intent was for it to be used once.
Imagine a bowl of candy out during Halloween. There is a sign that says "Take only one". The fact that this house failed to implement a means of controlling how many people take doesn't make it OK to take two handfuls.
The important distinction in this case is what the legal language of acceptable use was, and not what was possible through the (broken) server. If you fail to print "limit one per customer" on your coupons, that's a lesson learned. If you DO print "limit one per customer" but fail to validate that at the self-checkout lane, and people abuse it, that's fraud.
*This all predicates on whether the actual language stipulates that the code really is only good for a single, non-transferrable use.