A federal judge yesterday tentatively acquitted Lori Drew, the Missouri woman convicted for her involvement in a MySpace “cyberbullying” hoax that allegedly resulted in a young girl’s suicide.  If it sticks, the acquittal will help reverse the momentous change in online liability that Drew’s earlier guilty verdict threatened to set in motion.

Last November, a jury convicted Drew of three misdemeanor violations of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, which is essentially an anti-hacking law.  Commentors widely criticized the convictions, as the case’s logic seemed to criminalize any violation of a website’s Terms of Service (see Marc’s Satyricon post, CMLP, Threat Level, and numerous links therein).

As Judge George Wu pointed out in announcing his tenative decision, such a result is probably unconstitutional.  Terms of Service include an infinite variety of provisions — most of which have little bearing on criminal acts — and few web users ever read them.

Stripped of the emotionally charged facts regarding the fraud and suicide, Drew’s crime was nothing other than failing to submit “truthful and accurate” registration information when creating a MySpace profile.  She would have been no less liable for misstating her height.

Note that the acquittal will not take effect until Judge Wu issues a written decision.  Until then, keep an eye out for the flood of commentary that will no doubt arise regarding the issue.

(Matt C. Sanchez is a recent Harvard Law School graduate and was formerly the CMLP's Legal Threats Editor.  Matt also writes for Florida Media Lawyer and the Legal Satyricon.)