AP: Routine conduct at risk with MySpace suicide case. Think twice before you sign up for an online service using a fake name or e-mail address. You could be committing a federal crime. Federal prosecutors turned to a novel interpretation of computer hacking law to indict a Missouri mother on charges connected to the suicide of a 13-year-old MySpace user.
What the woman in Missouri did was despicable. She masqueraded as a flirty teenage boy and created emotional havoc with a girl who killed herself. Maybe the dead girl’s family has a civil case.
But if this is a crime, then America is a land of criminals — because this is a practice that anyone with common sense engages in from time to time. Yes, some do it for mischief. But pseudonyms are also about sometimes justified self-protection.
We should stand behind our words. But the best way to handle anonymous and pseudonymous trolls and sleazebags is to ignore them and persuade everyone else that such speech is less than worthless. Sending people to jail for this is an assault on speech itself.
on May 18th, 2008 at 6:36 pm
I just don’t see where AP gets the idea that by *simply* “signing up for online service using a fake name or email address [you] could be commiting a federal crime”.
Here are the charges:
” Drew … was indicted by a federal grand jury in Los Angeles on one count of conspiracy and three counts of accessing protected computers without authorization *to get information used to inflict emotional distress on the girl*. [my emphasis]
that’s a totally different story from the routine using of a pseudonim, isn’t it? I would hope that inflicting emotional distress on others (and possibly driving them to suicide) is NOT routine behavior — if it *is*, it certainly needs to be stopped!
Delia
P.S. I’ve been dissapointed with AP as of late… D.
on May 18th, 2008 at 7:10 pm
Delia– you are correct, this is an old newspaper technique of packing a wallop in the lede. I was about to harp on it, too, if not for some other issues here.
Dan: be careful what you say. Ashley Grills, the 18-year old employee of Lori Drew, admitted to Good Morning America last month that she had sent most of the emails, including the fateful final one. The US Attorney has used her testimony to build the case against Drew.
Yes, it is troubling that the Justice Department is making a breach of ToS a crime. Still, let’s not be naive: using a electronic means to repeatedly harass or annoy is a crime in most states. It is folly to advise victims that they should just “ignore this.”
This is another case where there remains a gap between what the law says and what people expect it to be. As my understanding of the relevant statutes of Missouri (and other states), intent and repetition of the harassment are needed for a crime. This not being the case here, the local citizens took matters into their own hands once the Drew’s family name was revealed, and they began harassing (with clear intent, and repeatedly) the Drew family.
As we should well know, the whole incident motivated MySpace to join with 49 State Attorneys General to create the now renamed the Internet Safety Task Force, which the Berkman Center has begun coordinating.
I read Lauren Collins’s account in the New Yorker about the case. This line stuck out at me:
“Tina [Meier] says that she called the police to try to find out whether Josh was legitimate, to no avail.”
It has seemed to me, since I first began investigating this a year ago (see PONAR), that aggrieved users have the right to request this sort of information, and social media services should be prepared to honor it. But I do not know whether the ISTF will address this.
on May 20th, 2008 at 2:53 pm
Grills was listed as co-conspirator but not charged. Looks like she’s going to be the chief witness? Drew set up the account, though, as far as I can tell from various accounts.
The victim, according to DoJ, is MySpace. Not Meier. This is outrageous, and more so that MySpace is supporting the prosecution. Let’s see how their user base fares once people know they could be hauled into court at the whim of an out-of-control prosecutor for using a fake name or doing anything else that violates the endless and logically impenetrable ToS.
How repeatedly was this account used to harass or annoy? It doesn’t sound like there was much of that until close to the end of the correspondence.
on May 20th, 2008 at 4:12 pm
Dan, just so we understand where you are comming from: let’s assume this is in fact what happened — the girl was purposefully emotionally distressed to the point of being driven to suicide. Would the appropriate response of MySpace and everybody else that could possibly bring justice to this situation be: “tough luck!”? This is the impression I’m getting from your statments… D.
on May 21st, 2008 at 9:41 am
No one says “Tough luck.” The Meier family still has recourse to the civil courts.
Concocting a crime from a law that was not written for such a situation — with such an astoundingly broad interpretation of the law — leaves almost everyone a potential criminal. This is how banana republics work, turning normal behavior into crimes and selectively prosecuting. It’s not how a society that values civil liberties should behave. We are all in jeopardy if this prosecution succeeds.
on May 21st, 2008 at 1:08 pm
driving someone to suicide is no trivial matter… if you have no clear way to punish this, you are just inviting more of these crimes to be perpetrated — what’s the message you are sending? :” First off, there is no clear law against it! so no worries of state or federal prosecution — *no way of going to prison* –, the parents might sue for damages in civil court but it would be a very tough case… (so chances are they would not) –> isn’t this telling the victims “tough luck”?
Delia
P.S. as to “leaves almost everyone a potential criminal,” I already explained that the idea that by simply using a pseudonym for benign reasons one would be federally prosecuted has no factual support D.
on May 21st, 2008 at 8:23 pm
If that is what happened it is obviously not trivial. But there was no law covering the situation in Missouri at the time. The federal prosecution is mostly about violating terms of service on a website — specifically those regarding the use of real names — which has nothing to do with the offense you want punished.
Again, perverting the law to get revenge is no answer. It is lawless in its own right.
on May 22nd, 2008 at 8:06 am
“mostly about violating terms of service on a website — specifically those regarding the use of real names” –> nonsense… they would have been laughed out of court if the charge would have been “using a pseudonym while the terms of use were clearly asking for the actual name”
Again, here are the charges:
“” Drew … was indicted by a federal grand jury in Los Angeles on one count of conspiracy and three counts of accessing protected computers without authorization *to get information used to inflict emotional distress on the girl*. [my emphasis]
Delia
P.S. revenge is not the point here (although if you drive someone to suicide you certainly deserve punishment, as far as I’m concerned); the point is using as broad an interpretation of the law as needed to discourage this kind of situation from repeating D.
on May 22nd, 2008 at 8:54 am
You aren’t quoting the charges or the law. You’re quoting a news article.
From the actual law:
Whoever “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer if the conduct involved an interstate or foreign communication…”
The law doesn’t require a reason. Just doing it, under this incredibly sweeping interpretation, is enough to trigger an indictment.
Laws don’t cover every conceivable situation, and sometimes someone does something and gets away with it, at least in a criminal sense, due to a loophole. We don’t get to twist existing law to fix that lapse, as in this case where the interpretation is so broad that it could leave almost everyone under threat of criminal indictment. When we do, we are engaging in banana republicanism.
on May 22nd, 2008 at 7:04 pm
well…if AP can’t even get *the charges* right, what are they doing reporting the news?
Here are all the relevant parts from § 1030. Fraud and related activity in connection with computers, as far as I can tell:
“(a) Whoever—
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
(C) information from any protected computer if the conduct involved
an interstate or foreign communication;
shall be punished as provided in subsection (c) of this section.
(b) Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.
(c) The punishment for an offense under subsection (a) or (b) of this section is—
(C) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection *(a)(2)*, (a)(3) or (a)(6) of this section *which occurs after a conviction for another offense under this section*, or an attempt to commit an offense punishable under this subparagraph” [my emphasis]
that is not a stand-alone punishable offence, is it? (it must occur “after a conviction for another offence under this section or an attempt to commit an offense punishable under this subparagraph”)
Delia
on May 22nd, 2008 at 9:03 pm
The second part of that is about the punishment. The first part describes the offense. It is one of several “stand-alone” offenses, as you put it.
on May 23rd, 2008 at 7:51 am
I said it was not a “stand-alone *punishable* offense” [my emphasis] — there is NO punishment for it UNLESS it occurs *after* “a conviction for another offense”
Delia
P.S. I agree that is should NOT be listed as a stand-alone *offense* (even if not punishable) and I doubt it was intended as such (looks like an aggravating factor for the other offenses listed) D.
on May 23rd, 2008 at 10:09 am
You are simply incorrect. That is not what it says.
on May 23rd, 2008 at 10:26 am
that is the only way it makes sense to me — poorly phrased (meant just an aggravating factor); what would be the point of it otherwise? “yep! you commited an offence… but it was so trivial that we have no penalty for you…”
Delia
on May 23rd, 2008 at 2:43 pm
I give up. Believe what you want to believe.
on May 23rd, 2008 at 8:04 pm
well, it would help if you said what exactly *you* believe…
re: “You are simply incorrect. That is not what it says.”
if you believe it says you *would* be punished even if ALL you did was what (a) (2) (C) says, where are you reading that? (I thought I gave all the relevant parts)
the following is incomplete — re: I said it was not a “stand-alone *punishable* offense” [my emphasis] — there is NO punishment for it UNLESS it occurs *after* “a conviction for another offense” (May 23rd, 2008 at 7:51 am)
having been convicted of an *attempt*, as I said in the preceding post (May 22nd, 2008 at 7:04 pm),” it must occur ‘after a conviction for another offense under this section *or an attempt* to commit an offense punishable under this subparagraph”; [my emphasis] would also suffice but aside from that I don’t see anything wrong with what I said…
Delia
on May 24th, 2008 at 2:11 pm
It’s not what I believe that matters. It’s what the law says. Section (a) describes the offenses. Section (c) describes the punishments. One of the penalties — the one you point to — may well require a conviction for a separate offense (I’m not sure on that, but let’s assume so). Other penalties clearly do not require more than one offense.
Feel free to have the last word. You’re only making yourself look foolish.
on May 24th, 2008 at 6:50 pm
Delia, see Eric Goldman’s post:
http://blog.ericgoldman.org/archives/2008/05/lori_drew_prose.htm
“In the civil context, plaintiffs frequently use the CFAA to attack a defendant’s server usage in violation of a site’s user agreement. However, as far as I (and Orin) know, this is the first time the DOJ has tried to treat a user’s breach of a site’s user agreement as a CFAA crime. Not only is this theory potentially unsupported by the law (see, e.g., Orin Kerr and Dan Solove), but it puts almost all of us at risk of federal prosecution (see, e.g., Wired and the AP).”
[If both Orin Kerr and Dan Solove agree on a point of law, it’s a good bet it’s true – read those blog posts for more legal analysis]
on May 24th, 2008 at 7:37 pm
sorry about the delay (was away for the day)
Dan, I’ve told you before I have no interest in having the last word — I *do* have an interest in clearing things up if possible… (otherwise it seems pointless to talk about them, no?)
The penalty in case is the one *you* gave (I just tracked it down and gave all the relevant parts of the law):
re:
” From the actual law:
Whoever ‘intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains … information from any protected computer if the conduct involved an interstate or foreign communication…”
The law doesn’t require a reason. Just doing it, under this incredibly sweeping interpretation, is enough to trigger an indictment.” –> these were your words
(May 22nd, 2008 at 8:54 am)
if this is not a punishable offence on its own (it requires a separate conviction for a second offence) — and unless you show me that my reasoning was wrong, I see no reason to believe otherwise — who would prosecute?
realistically, the indictment you talk about would never materialize…
Delia
on May 24th, 2008 at 7:44 pm
errata: the *offense* in case (not the punishment in case) D.
on May 24th, 2008 at 7:45 pm
hi, Seth! :)… thanks for the link… I’m taking a look at it… D.
on May 24th, 2008 at 7:56 pm
re: Orin: “You can imagine the basic idea, though: Since everyone who uses computers violates dozens of different TOS every day, the theory would make everyone who uses computers a felon.” –> nonsense… for the reasons I gave above — it’s NOT a stand-alone *punishable* offense…
on May 24th, 2008 at 8:05 pm
re: Dan Solove: “if one “intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer if the conduct involved an interstate . . . communication” and “the offense was committed in furtherance of any . . . tortious act [*in this case intentional infliction of emotional distress*] in violation of the . . . laws . . . of any State.” [my emphasis]
–>that’s why this whole idea that *everybody* would be felon makes no sense… UNLESS *everybody* is intentionally inflicting emotional distress on others (possibly driving them to suicide) … pretty far fetched assumption as far as I’m concerned… D.
on May 25th, 2008 at 4:30 am
oops… missing a phrase… UNLESS *everybody* is *doing things like* intentionally inflicting emotional distress on others (possibly driving them to suicide) D.
on May 25th, 2008 at 2:21 pm
Seth, exactly the point. They’re using the law to criminalize violations of ToS. Which is precisely the problem.
on May 25th, 2008 at 4:20 pm
Seth, I hope you don’t base your belief on this: “If both Orin Kerr and Dan Solove agree on a point of law, it’s a good bet it’s true…” — I just don’t find that they are right (when you look at the details and reasons they are giving). D.
on May 25th, 2008 at 6:31 pm
P.S. for Seth: I get the impression an alarmist first caught wind of this and then a whole lot of others just adopted that view without really looking into it. D.
on May 25th, 2008 at 7:13 pm
Delia, both of them take comments. Why not try to convince them of your reasoning?
Now, I’ve seen lawyers be wrong before (wow, have I ever …), so I’m not making a blind argument from authority. But several lawyers of differing ideological views agreeing on a point does deserve respect.
on May 25th, 2008 at 8:20 pm
I’m not out to convince anybody, Seth, but I may post a comment if they are not making it a hassle to do it (make you register and the like) Thanks! D.