We've posted before (here and here) on the tragic Megan Meier suicide case, in which a 13-year-old neighbor of Lori Drew committed suicide in October 2006 after a "boy" she met on MySpace abruptly turned on her and ended their "relationship." In May 2008, federal prosecutors in Los Angeles indicted Drew, who allegedly pretended to be 16-year-old "Josh Evans" on MySpace and precipitated Megan's suicide with hurtful comments, for violating the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, which usually applies to hacking. The heart of the government's theory is that Drew criminally accessed MySpace servers "without authorization" or "in excess of authorization" because she violated the social networking site's terms of service by creating an account with inaccurate registration information and engaging in hurtful speech.
As reprehensible as Drew's conduct is alleged to have been, the government's theory is deeply troubling because it would impose criminal penalties for ignoring or violating a website's terms of service, something that probably millions of Internet users do every day, often without even knowing it. For example, Google's terms of service prohibit anyone from using any Google services unless they are of legal age to enter into a contract, usually 18. The prosecution's theory arguably could apply to any minor who uses Google's search engine.
In light of the dangerous expansion of the CFAA and the serious First Amendment and due process concerns raised by the case, a coalition of public interest organizations and individual Internet law professors today filed an amicus curiae brief in support of Drew's motion to dismiss the indictment. Some of the coalition members include EFF, Public Citizen, Center for Democracy & Technology, Lauren Gelman, Eric Goldman, Mark A. Lemley, and Daniel J. Solove. Phil Malone of the Berkman Cyberlaw Clinic and Jennifer Granick of EFF represent the coalition.
The brief raises three primary arguments: (1) the CFAA does not, by its terms, apply to terms of service violations, but rather to a trespasser's access to computer systems or areas of computer networks without permission; (2) applying the CFAA to Drew's conduct would constitute a serious encroachment on fundamental civil liberties, including freedom of speech; and (3) applying the CFAA when a user ignores or violates website terms of service would violate due process and render the statute void for vagueness and lack of fair notice. I'll leave it to our readers to parse the details, but I heartily encourage a look.
(Note: Phil Malone is a co-founder of the CMLP, and the CMLP is affiliated with the Berkman Center for Internet & Society.)