Remember the Lori Drew case? She’s the mom who was convicted last Thanksgiving for creating a fake MySpace persona, which she then used to harass a teenaged girl until the girl committed suicide.
After she was convicted, we argued that her conviction stretched the meaning of the statute too far. Here’s what we wrote:
The underlying statute, the Computer Fraud and Abuse Act, is a federal law intended to prevent hacking. Drew created a fictitious MySpace account, which was used to harass the girl. In doing so, Drew violated MySpace’s terms of service, though she apparently never read them. By violating the terms of service, Drew got unauthorized access to MySpace’s servers, and the prosecution went out on a limb to argue that this technically violated the CFAA.
But does it really?
Plenty of pundits are now doubting that the verdict will survive an appeal. Congress clearly intended the law to criminalize hacking into someone else’s computer. That’s different from creating a fictitious screen name — a very common and socially acceptable occurrence.
Terms of service are conditions imposed by websites which govern permissible use, and which almost always prescribe penalties that may be imposed for violations. These penalties normally range from warnings and temporary disabling of access, to permanent denial of access. The relationship is essentially contractual.
But if the prosecution’s theory is upheld on appeal, then breaching such conditions would have criminal consequences.
Criminalizing this kind of behavior isn’t exactly far-fetched. Crime is essentially that behavior which society considers so threatening that the guilty must be punished with a restriction on liberty or a loss of property. The existence of a civil remedy does not preclude something from being criminal — a thief is civilly liable to return what he stole, but still faces jail regardless. And there may be something to an argument for criminalizing the false personas on social networking sites frequented by minors, to protect society from predators.
But that’s clearly not what Congress was trying to do here. Furthermore, the prosecution’s stretched interpretation is just too overbroad. Rather than being narrowly tailored to focus on those who violate the TOS of a child-used site for the purpose of committing a nefarious or dangerous crime, the prosecution’s theory simply criminalizes all violations of any site’s TOS agreement. A court of appeals is likely to find that an improper application of the law.
Lori Drew was scheduled to be sentenced today. (Well, technically yesterday. Thursday. We’re still working, so it’s still Thursday to us.)
But she wasn’t sentenced. Instead, Judge Wu threw out her conviction. According to CNN, he refused to uphold the jury’s verdict because the guilty verdict would set a bad precedent that anyone who violates a site’s TOS could also be found guilty of a misdemeanor. Criminalizing all violations of a site’s TOS agreement is not what the law is designed to do. Because it technically allows such improper application of the law, it is probably unconstitutional for vagueness.
This was just an oral decision. Wu is expected to issue his written decision soon.
Great minds think alike!