Home | About | RSS Feed | Contact and Publicity Guidelines | Comment Policy the Law, the Universe, and Everything 

Search


Concurring Opinions is a
general-interest legal blog
operated by Concurring
Opinions LLC, a Pennsylvania
Limited Liability Corporation.

jr_114_9780195367195_bnr

jr_114_9780195383768_bnr

advertise-here4


FC-CO(SS)

Our Podcast

Subscribe to Law Talk

law-rev-contents2.jpg


  • Posts by Author

  • Categories

  • Archives


  • Recent Comments

    • Christa on Must Law Practice and Scholarship be Exciting?

    • AYY on Privacy and Tattletales

    • Lsat Prep on Improving the US News Rankings: A Wish List

    • Lsat Prep on Fantasy Law School League

    • Legal Fact Finder on Ricci: Color-Blind Standards in a Race Conscious Society?

    • Observer on Ricci: Color-Blind Standards in a Race Conscious Society?

    • RJ on Ricci: Color-Blind Standards in a Race Conscious Society?

    • RJ on Ricci and Briscoe as Disparate Impact Cases

    • Mike Rich on Negligent Corpse Mishandling

    • anon on Privacy and Tattletales

    • orly lobel on At CELS, Hoping to Blog

    • harry brooks on Ricci: Color-Blind Standards in a Race Conscious Society?

    • RJ on Ricci: Color-Blind Standards in a Race Conscious Society?

    • Michael H Schneider on Negligent Corpse Mishandling

    • flood pictures on Public opinion on same-sex marriage

    •  

    Site Meter

Search Results

Lori Drew Case Decided

posted by Daniel Solove

The Lori Drew case has finally been decided.  Background about the case is here.  In previous posts (here and here), I argued that the CFAA should be held to be unconstitutionally vague.

In an opinion released on August 28, Judge George Wu struck down, on unconstitutional vagueness grounds, the prosecution’s attempt to enforce violations of website terms of service as crimes under the Computer Fraud and Abuse Act (CFAA):

[I]f any conscious breach of a website’s terms of service is held to be sufficient by itself to constitute intentionally accessing a computer without authorization or in excess of authorization, the result will be that section 1030(a)(2)(C) becomes a law “that affords too much discretion to the police and too little notice to citizens who wish to use the [Internet].” City of Chicago [v. Morales], 527 U.S. [41] at 64 [(1999)].

Congratulations to Orin Kerr, who assisted in the defense, and who is cited numerous times throughout the court’s opinion.

August 29, 2009 at 10:18 pm   Posted in: Anonymity, Privacy, Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Web 2.0  No Comments  Print This Post Print This Post

Lori Drew Tentatively Acquitted

posted by Daniel Solove

Judge George Wu has ruled that he is planning to dismiss the charges against Lori Drew, the woman involved in the MySpace suicide case involving Megan Meier.  Background about the case is here.  According to an article by Kim Zetter of Wired, who has provided terrific coverage of the case:

“It basically leaves it up to a website owner to determine what is a crime,” said Wu on Thursday, echoing what critics of the case have been saying for months. “And therefore it criminalizes what would be a breach of contract.” . . . .

Wu told Assistant U.S. Attorney Mark Krause that if Drew had been convicted of the felonies, he would have let the convictions stand, and would have already sentenced her. But the misdemeanor convictions troubled him, because of the vague wording of the statute. . . .

To convict Drew of the felonies, prosecutors would have needed to prove two things: that Drew accessed MySpace “without authorization,” and did it for the purpose of committing a tortious act — in this case, to intentionally cause harm to Megan Meier.

But for the misdemeanors, the jury just had to find that Drew obtained the unauthorized access. Wu said that language, standing on its own, was too vague to pass constitutional muster in this case.

“I don’t see how the misdemeanor aspect would be constitutional,” he said. “That is the issue I’m wrestling with at this time.”

Wu also doubted that MySpace provided sufficient notice to members to hold them responsible. If a user didn’t read the terms of service, the judge asked prosecutor Krause, could they still be charged with violating them?

In previous posts (here and here), I argued that the CFAA should be held to be unconstitutionally vague.  I’m encouraged that Judge Wu agrees, though I believe the CFAA is unconstitutionally vague not only in its misdemeanor provisions, but in its felony ones as well.

Congratulations to my colleague, Orin Kerr, who assisted in Lori Drew’s defense.

The AP story is here.

July 2, 2009 at 7:41 pm   Posted in: Privacy, Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Web 2.0  10 Comments  Print This Post Print This Post

Beware of Visiting the Volokh Conspiracy

posted by Daniel Solove

Beware of visiting the Volokh Conspiracy, as Orin Kerr has promulgated new terms of service. If you access the site contravening any of these terms, according to the prosecution theory in the Lori Drew case, you’ve committed a federal crime. One of Orin’s terms is that you can’t be a federal employee to access the Volokh Conspiracy. So if the prosecutor in the Lori Drew case were to access the blog, I sure hope he wouldn’t be a hypocrite and would bring a prosecution against himself!

November 28, 2008 at 1:53 pm   Posted in: Privacy (Gossip & Shaming)  3 Comments  Print This Post Print This Post

The Lori Drew Trial: Verdict

posted by Daniel Solove

A verdict has been reached in the Lori Drew case. Kim Zetter reports:

Lori Drew, the 49-year-old woman charged in the first federal cyberbullying case, was cleared of felony computer-hacking charges by a jury Wednesday morning, but convicted of three misdemeanors. The jury deadlocked on a remaining felony charge of conspiracy.

After just over a day of deliberation, the six-man, six-woman jury acquitted Drew of three felony charges of violating the federal Computer Fraud and Abuse Act, in an emotionally charged case that stemmed from a 2006 MySpace hoax targeting a 13-year-old girl, who later committed suicide.

Tina Meier, the mother of the girl, shook her head silently from the gallery as the verdict was read.

Prosecutors claimed Drew and others obtained unauthorized access to MySpace by creating a fake profile for a nonexistent 16-year-old boy named “Josh Evans.” The account was used to flirt with, and then reject, 13-year-old old Megan Meier. The case hinged on the government’s novel argument that violating MySpace’s terms of service for the purpose of harming another was the legal equivalent of computer hacking, and Drew faced a maximum sentence of five years in prison for each charge.

But on Wednesday, jurors found Drew guilty only of three counts of gaining unauthorized access to MySpace for the purpose of obtaining information on Megan Meier — misdemeanors that potentially carry up to a year in prison, but most likely will result in no time in custody. The jury unanimously rejected the three felony computer hacking charges that alleged the unauthorized access was part of a scheme to intentionally inflict emotional distress on Megan.

November 26, 2008 at 4:00 pm   Posted in: Privacy, Privacy (Gossip & Shaming), Social Network Websites, Web 2.0  7 Comments  Print This Post Print This Post

The Lori Drew Case: Why Not Rule on the Motions?

posted by Daniel Solove

According to Kim Zetter’s account of the Lori Drew trial, Judge Wu has postponed ruling on any of the legal issues until after the jury’s verdict:

When the prosecution rested its case Friday at about 2:00 p.m., defense attorney H. Dean Steward moved for an immediate dismissal, based on testimony that proved Drew never saw MySpace’s contract, and wasn’t the one who set up the account and accepted the terms.

U.S. District Judge George Wu asked both sides to file written briefs on the issue over the weekend, and allowed testimony to continue in the case.

Why not rule on it now? Judge Wu hasn’t ruled on the merits of how the CFAA should be interpreted, whether it is unconstitutionally vague, and now whether or not the prosecution, as a matter of law, has failed to prove the requisite mens rea. Why won’t he rule on any of these issues?

The only reason I can think of is that he’s waiting to see if the jury acquits Drew, which then moots the issues. This is the only scenario I can think of in which he won’t eventually have to rule on the motions.

Why not just issue a ruling one way or the other? That’s what I thought judges are supposed to do. Is there something I’m missing here about his judicial strategy?

November 24, 2008 at 6:20 pm   Posted in: Privacy, Privacy (Gossip & Shaming), Social Network Websites, Web 2.0  6 Comments  Print This Post Print This Post

The Lori Drew Case: Sarah Drew’s Testimony

posted by Daniel Solove

Over at Wired’s Threat Level blog, Kim Zetter’s excellent coverage of the Lori Drew trial continues. In this post, she discusses the testimony of Lori Drew’s daughter Sarah:

The girl’s testimony, if true, supports the defense’s assertions that Lori Drew was unaware of Meier’s previous suicide attempt until after Meier killed herself in 2006.

The younger Drew, who prosecutors say was involved in the creation of the fake MySpace account through which Meier was bullied, denied playing any role in the creation of the account, although she admitted she was present when many of the messages were written and when the final message was sent to Meier telling her the world “would be a better place without you.” She insisted she told Ashley Grills, who confessed to writing the last message, not to send it, although she didn’t say why she told this to Grills.

She said it was Grills — who has been granted immunity by prosecutors — who devised the plan, created the account and sent the messages. Neither she nor her mother knew the account was created until “after the fact,” and neither one was home when Grills clicked on the terms of service to create the Josh Evans profile. She also said her mother wasn’t home when Grills sent the final message to Meier.

The girl’s words seemed designed to strike at the heart of the conspiracy charge against her mother, which asserts that she conspired with her daughter and Grills to intentionally violate the MySpace terms of service in order to inflict intentional emotional distress on Meier.

Grills had said that both Drews were with her when she created the account, but that none of them had read the terms of service. That testimony raised questions about whether Lori Drew could be convicted of conspiracy if she didn’t click to agree on the terms of service or even know they existed.

November 24, 2008 at 6:16 pm   Posted in: Privacy, Privacy (Gossip & Shaming), Social Network Websites, Web 2.0  One Comment  Print This Post Print This Post

The Lori Drew Case: Does the CFAA Require Knowledge?

posted by Daniel Solove

Over at Wired’s Threat Level Blog, Kim Zetter is providing great coverage of the Lori Drew case.

Here’s her post about Tina Meier’s testimony (the mother of Megan Meier).

Zetter’s most recent post describes the direct examination of Ashley Gill, one of the people who participated with Lori Drew in the creation of the fake MySpace profile.

The young woman who typed the final, cruel message to 13-year-old Megan Meier the day she killed herself took the stand to testify against her former employer and confidant, Lori Drew, on Thursday.

But several moments in 20-year-old Ashley Grill’s 80-minutes of testimony seemed to undermine the government’s case. The most damaging statement: that it was her idea, not Drew’s, to create a fake MySpace account to befriend Megan.

Though the jury doesn’t have to find that Drew instigated the plan to convict her of conspiracy, the revelation is nonetheless at odds with the government’s position that the 39-year-old Drew took a leading role in creating a MySpace account for “Josh Evans,” a purported 16-year-old boy who flirted with the emotionally-vulnerable Megan, and ultimately turned on her. The statement came as Grill described the genesis of the hoax, which unfolded at Drew’s home in September 2006.

Grill was in the kitchen with Drew and Sarah, Lori Drew’s daughter, when she proposed creating a fake MySpace account to get information on Megan. Drew applauded the plan, and thought it was funny, but not herself conceive it, Grill said.

The three of them crowded around Drew’s computer as Grill set up the profile. None of the three read MySpace’s terms-of-service first. As Ashley began, Lori and Sarah left for soccer practice, urging Grill to finish up in their absence.

There are several interesting things here. First, the hurtful emails, the ones that led to Meier’s suicide, were not penned by Drew but by Grill, the prosecution’s own witness. Second, and more importantly, the government’s witness conceded that Drew had not read MySpace’s terms of service. Unless the CFAA is a strict liability statute, or can be violated negligently or recklessly, then the prosecution must prove that Drew knew she was violating the terms of service. Thus far, I haven’t heard anything to indicate she knew it was a violation of MySpace’s terms of service to create a fake profile. If knowledge is required, and if knowledge isn’t proven, then the prosecution’s case shouldn’t survive a directed verdict motion.

I only know a little about the CFAA, so I ask the experts: Am I correct that knowledge that one accesses a site without authorization is required for there to be a CFAA violation, even under the prosecution’s warped interpretation of the statute?

November 20, 2008 at 10:08 pm   Posted in: Privacy, Privacy (Gossip & Shaming), Social Network Websites, Web 2.0  7 Comments  Print This Post Print This Post

Lori Drew and the Computer Fraud and Abuse Act

posted by Daniel Solove

myspace1.jpgThe Lori Drew trial is set to begin this week, and it is a travesty that this trial is even taking place. The basic facts of this case are that Drew was the mother of a teenage daughter and she created a fake MySpace profile for a fictional teen boy to befriend a classmate of her daughter’s. It remains unclear what the motivation was for creating this fake profile, but from what I’ve read, it was to learn about rumors about her daughter. This classmate, Megan Meier, befriended the fake MySpace persona. At some point, the fake persona broke up with Meier, saying he no longer wanted to be friends, and Meier committed suicide.

Afterwards, there was considerable media attention in the case, although this didn’t happen until about a year later. There was outrage at Drew, with many people calling for blood. But local prosecutors determined, correctly in my opinion, that although Drew’s conduct may have been immature, shortsighted, and mean, it wasn’t criminal.

Enter an ambitious federal prosecutor, eager for fame and national attention. He indicted Lori Drew for creating a fake MySpace profile, which he contends is a violation of the Computer Fraud and Abuse Act (CFAA). The CFAA § 1020(a)(2)(C) makes it a criminal misdemeanor to “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication.” The CFAA § 1030(c)(2)(B)(2) make it a felony if one “intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer” and “the offense was committed in furtherance of any . . . tortious act [in this case intentional infliction of emotional distress] in violation of the . . . laws . . . of any State.”

Basically, the theory of the prosecution’s case is that Lori Drew violated the CFAA because she violated the terms of service of Myspace which prohibited creating fake profiles, and she did so in furtherance of committing the tort of intentional infliction of emotional distress.

These CFAA provisions are, in my opinion, unconstitutionally vague. I believe they either must be struck down or saved with a narrowing interpretation. I personally would strike down these parts of the statute and have Congress start over. My argument is here, and I won’t repeat much of it, but the gist is that a vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. Because the CFAA would essentially criminalize many violations of website terms of service (if not nearly all), this allows the website operators to virtually write the criminal code.

Read the rest of this post »

November 16, 2008 at 12:52 pm   Posted in: Privacy, Privacy (Electronic Surveillance), Social Network Websites  7 Comments  Print This Post Print This Post

Cheers for Kerr

posted by Frank Pasquale

Though I have had my blogospheric disagreements with Orin Kerr, a law prof and former prosecutor, I’m glad to see him getting involved in the Lori Drew case on the defense side. Though Drew’s conduct in the case was reprehensible, the feds may only be able to punish it by setting a precedent that could chill a lot of internet activity: :

Kerr wrote on the Volokh Conspiracy blog that the government was essentially charging Drew with criminal trespassing on MySpace’s server for allegedly providing false information to open a MySpace account under the false identity of a nonexistent teenage boy. Kerr said this essentially made it a federal crime to violate any online terms of service contract. “Since everyone who uses computers violates dozens of different [Terms of Service] every day, the theory would make everyone who uses computers a felon,” he wrote at Volokh Conspiracy.

That’s not to say that I endorse CDA 230, or other expansive safe harbors on the internet. Kerr has suggested limiting the CDA’s applicability–and perhaps in response to such proposals, intermediaries will start keeping a closer eye on what their users do. But this legal change should be accomplished in a series of more deliberative, regulatory, or norm-based steps–not with the blunt instrument of sudden criminal charges.

The case appears to be bringing together some traditionally opposed groups:

The Electronic Frontier Foundation, the Center for Democracy and Technology and Ralph Nader’s Public Citizen group have filed an amicus brief supporting Drew’s efforts to dismiss the charges, in part on grounds that the government’s reading of the CFAA is unconstitutional and would restrict anonymous and free speech. Andrew Grossman of the Heritage Foundation has also weighed in on the case[, . . . writing that] “Drew’s conduct was irresponsible, but it was not criminal. It may deserve social sanction, already dispensed in great quantity, and perhaps civil liabil­ity to Megan Meier’s parents. But if Drew is con­victed under criminal law, virtually every Internet user will face the consequences.”

The civil liability proposal is an interesting one, and might also lead to some responsibilities for intermediaries to retain certain data for a limited time and limited law-enforcement purposes.

October 21, 2008 at 4:18 pm   Posted in: Cyberlaw  No Comments  Print This Post Print This Post

Trolls, cyberbullying, Dan

posted by Kaimipono D. Wenger

This week’s New York Times magazine has a fascinating article about online trolls and cyberbullying, which includes a quote from Dan. The article itself is well worth reading. An excerpt:

That the Internet is now capacious enough to host an entire subculture of users who enjoy undermining its founding values is yet another symptom of its phenomenal success. It may not be a bad thing that the least-mature users have built remote ghettos of anonymity where the malice is usually intramural. But how do we deal with cases like An Hero, epilepsy hacks and the possibility of real harm being inflicted on strangers?

Several state legislators have recently proposed cyberbullying measures. At the federal level, Representative Linda Sánchez, a Democrat from California, has introduced the Megan Meier Cyberbullying Prevention Act, which would make it a federal crime to send any communications with intent to cause “substantial emotional distress.” In June, Lori Drew pleaded not guilty to charges that she violated federal fraud laws by creating a false identity “to torment, harass, humiliate and embarrass” another user, and by violating MySpace’s terms of service. But hardly anyone bothers to read terms of service, and millions create false identities. “While Drew’s conduct is immoral, it is a very big stretch to call it illegal,” wrote the online-privacy expert Prof. Daniel J. Solove on the blog Concurring Opinions.

To steal a line from Glenn Reynolds — go read the whole thing.

August 1, 2008 at 1:20 am   Posted in: Blogging, Cyberlaw, Privacy (Gossip & Shaming), Social Network Websites  8 Comments  Print This Post Print This Post

Is the Computer Fraud and Abuse Act Unconstitutionally Vague?

posted by Daniel Solove

At the National Law Journal, attorney Nick Akerman (Dorsey & Whitney) contends that the Computer Fraud and Abuse Act (CFAA) indictment of Lori Drew (background about the case is here) is an appropriate interpretation of the statute:

While this may be the first prosecution under the CFAA for cyberbullying, the statute neatly fits the facts of this crime. Drew is charged with violating §§ 1030(a)(2)(C), (c)(2)(B)(2) of the CFAA, which make it a felony punishable up to five years imprisonment, if one “intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer if the conduct involved an interstate . . . communication” and “the offense was committed in furtherance of any . . . tortious act [in this case intentional infliction of emotional distress] in violation of the . . . laws . . . of any State.”

There is no question that the MySpace network is a “protected” computer as that term is defined by the statute. Indeed, “[e]very cell phone and cell tower is a ‘computer’ under this statute’s definition; so is every iPod, every wireless base station in the corner coffee shop, and many another gadget.” U.S. v. Mitra, 405 F.3d 492, 495 (8th Cir. 2005). There is also no question that a violation of MySpace’s TOS provides a valid predicate for proving that the defendant acted “without authorization.” What the commentators ignored in their critique of this indictment is that the “CFAA . . . is primarily a statute imposing limits on access and enhancing control by information providers.” EF Cultural Travel B.V. v. Zefer Corp., 318 F.3d 58, 63 (1st Cir. 2003). A company “can easily spell out explicitly what is forbidden.” Id. at 63. Thus, companies have the right to post what are in effect “No Trespassing” signs that can form the basis for a criminal prosecution.

If this interpretation of the law is correct, then the law is probably unconstitutionally vague. A vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. The CFAA, as construed by the prosecution in the Drew case, will probably be found vague because it authorizes or encourages arbitrary and discriminatory enforcement.

Suppose I put a notice on this post that says: “No attorneys may post a comment to this blog.” Suppose Nick Ackerman comes to this site, sees this post, and and writes a comment that is defamatory. Under his theory, he can be prosecuted for violating the CFAA. He has “trespassed” on this site. Moreover, if a blog has a policy that it will not tolerate “rude, uncivil, or off-topic comments,” then commenters who make such comments that are tortious (intentional infliction of emotional distress, public disclosure of private facts, false light, defamation, etc.) can be liable for a CFAA violation. Moreover, any use of a website that goes against whatever terms the operator of that site has set forth that constitutes a negligence tort is also criminal.

The problem here is that the CFAA’s applicability would be extremely broad — so broad that the cases likely to be prosecuted would be arbitrary. Since tort law is common law, and is very flexible, broad, and evolving, people would not have adequate notice about what conduct would be legal and not legal. There’s a reason why tort law is different from criminal law — we are willing to accept a lot more ambiguity and uncertainty in tort law than in criminal law, where the stakes involve potential imprisonment.

Moreover, Nick Akerman only focuses on the CFAA § 1030(c)(2)(B)(2), which makes it a felony to exceed authorized access if the offense was committed in furtherance of any tortious act.

The CFAA § 1020(a)(2)(C) makes it a criminal misdemeanor to “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication.” If I’m interpreting this correctly (and I don’t purport to be an expert on the CFAA), under the Drew prosecutor’s interpretation of the CFAA, any time a person violates a website’s terms of service and access any information from the site, there’s a criminal violation. That means that if I post on this blog a notice that says: “No attorneys may access any other parts of this blog other than the front page,” and an attorney accesses any other page on my blog, then there’s a CFAA violation. Could the law possibly be this broad? I think it would require a narrowing interpretation in order to avoid problems of unconstitutional vagueness.

The CFAA strikes me as a very poorly drafted statute. The Drew indictment demonstrates the problems with the law. Either courts should fix the CFAA interpretively by narrowing its scope, or else strike it down as unconstitutionally vague. But what clearly cannot stand is for the law to be interpreted as the Drew prosecutor seeks to interpret it.

Hat tip: Dan Slater at the WSJ Blog

May 22, 2008 at 2:29 pm   Posted in: Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Privacy (Law Enforcement), Social Network Websites  14 Comments  Print This Post Print This Post

More Misguided Responses to the Megan Meier Incident

posted by Daniel Solove

Last week brought the unfortunate news that Lori Drew was indicted for a violation of the Computer Fraud and Abuse Act for her ill-conceived hoax on Megan Meier. According to an MSNBC article:

Andrew DeVore, a former federal prosecutor who co-founded a regional computer crime unit in New York, said Friday the interpretation raises constitutional issues related to speech and due process — in the latter case, because it doesn’t allow for adequate notice of when using an alias online is criminal.

Because corporations would end up setting criminal standards, a completely legal act at one site could be illegal at another, said DeVore, who has no direct involvement in the case.

Now, the Missouri legislature has just passed a law in response to the incident. According to the bill summary:

Currently, the crime of harassment includes communications meant to frighten or disturb another person. Under this act, communications conducted to knowingly frighten, intimidate, or cause emotional distress to another person are included. Harassment includes communications by any means.

Harassment includes knowingly using unwanted expressions that put the person in reasonable apprehension of offensive physical contact or harm or knowingly making unwanted communications with a person.

A person also commits harassment:

1) By knowingly communicating with another person who is, or who purports to be, seventeen years of age or younger and in so doing, and without good cause, recklessly frightens, intimidates, or causes emotional distress to such other person; or

2) By engaging, without good cause, in any other act with the purpose to frighten, intimidate, or cause emotional distress to another person, cause such person to be frightened, intimidated, or emotionally distressed, and such person’s response to the act is one of a person of average sensibilities considering the person’s age.

This law is incredibly dumb, and I hope that the governor is wise enough not to sign this uniformed and very poorly crafted piece of legislation. It is yet another misguided response to the Megan Meier incident. As I discussed in my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale 2007), we must be careful not to adopt responses to problematic online communication that are too authoritarian and too chilling of free speech.

Under this law, a person could be guilty of a crime for recklessly frightening, intimidating or causing emotional distress to a person they know is 17 or younger. That’s incredibly broad — most likely overbroad under the First Amendment. It sweeps in a potentially broad range of protected expression under the First Amendment.

Read the rest of this post »

May 18, 2008 at 5:39 pm   Posted in: First Amendment, Privacy, Privacy (Gossip & Shaming), Social Network Websites  9 Comments  Print This Post Print This Post

Megan Meier Case Update — Drew Indicted

posted by Daniel Solove

myspace1.jpgI’ve blogged about the Megan Meier case a while ago. This is the case where Megan Meier, a teenager, committed suicide after her online friend from Myspace suddenly started to reject her and say mean things to her. The “friend” on Myspace was actually Lori Drew, the mother of one of her classmates, and some other individuals. They created the fake profile and were pretending to be Meier’s fictional friend.

Now, Drew has been indicted by a federal grand jury for a violation of the Computer Fraud and Abuse Act (CFAA). Here’s the indictment.

Drew was charged with conspiracy as well as three counts of accessing protected computers without authorization. According to the indictment:

On or about the following dates, defendant DREW, using a computer in O’Fallon, Missouri, intentionally accessed and caused to be accessed a computer used in interstate commerce, namely, the MySpace servers located in Los Angeles County, California, within the Central District of California, without authorization and in excess of authorized access, and, by means of interstate commerce obtained and caused to be obtained information from that computer to further tortious acts, namely intentional infliction of emotional distress on [Megan Meier].

From the AP:

Each of the four counts carries a maximum possible penalty of five years in prison.

Drew will be arraigned in St. Louis and then moved to Los Angeles for trial.

The indictment says MySpace members agree to abide by terms of service that include, among other things, not promoting information they know to be false or misleading; soliciting personal information from anyone under age 18 and not using information gathered from the Web site to “harass, abuse or harm other people.”

Drew and others who were not named conspired to violate the service terms from about September 2006 to mid-October that year, according to the indictment. It alleges that they registered as a MySpace member under a phony name and used the account to obtain information on the girl.

Drew and her coconspirators “used the information obtained over the MySpace computer system to torment, harass, humiliate, and embarrass the juvenile MySpace member,” the indictment charged.

UPDATE: Over at the Volokh Conspiracy, Orin Kerr believes that the indictment should be dismissed. Kerr believes that it is a stretch to apply the CFAA to violations of a site’s terms of service.

If the computer owner says that you can only access the computer if you are left-handed, or if you agree to be nice, are you committing a crime if you use the computer and are nasty or you are right-handed? If you violate the Terms of Service, are you committing a crime?

Kerr also argues that the prosecution will have a ver yhard time demonstrating that Drew intended to violate MySpace’s terms of service. He writes: “But here there is no evidence that Drew even read the TOS. Most people don’t, of course; I would be surprised if 1 person in 100 actually tried reading it. If Drew wasn’t aware that she was violating the TOS, she couldn’t be exceeding her authorized access intentionally.”

I agree with Kerr on these first two reasons. While Drew’s conduct is immoral, it is a very big stretch to call it illegal.

Kerr offers a third reason why the indictment is faulty — it is unclear whether the goal of the conspiracy was to obtain information, as was charged in the indictment. Kerr writes: “[I]t doesn’t seem that Drew had the intent to obtain information from her victim. Her apparent goal was to harass her victim and to cause emotional distress, not to obtain information from her.” On this reason, however, I’m not so sure I agree. The news accounts I read about the case indicated that one of Drew’s primary motivations for creating the fake profile was to learn information from Megan Meier. She wanted to know information from Megan that pertained to her own daughter, who was a classmate of Megan’s. The harassing came later on.

May 15, 2008 at 5:46 pm   Posted in: Privacy, Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Social Network Websites  5 Comments  Print This Post Print This Post

Megan Meier Blog: A Hoax

posted by Daniel Solove

A few days ago, I blogged about a blog called “Megan Had It Coming” when a blogger in the name of Lori Drew (the mother who was involved in the case) attempted to explain her side of the story. I wrote in my post that the blog might very well be a hoax, and it indeed was. From CNN:

Police are investigating Internet postings of someone posing as the woman linked to an online hoax played on a 13-year-old girl who committed suicide. . . .

Lori Drew’s attorney said Friday that she is not the writer.

The St. Charles County sheriff’s department is investigating the blog postings on Blogger.com to see whether a crime has been committed, a spokesman said.

“Any Internet message that purports to be a member of the Drew family is being managed by an impostor and undoubtedly is being done for the purpose of further damaging the Drews’ reputation,” the family said in a statement. . . .

Lori Drew’s lawyer, Jim Briscoe, said Google Inc., which owns Blogger.com, has been contacted. A Google spokesman said the company is reviewing the impersonation allegation. . . .

Since then, the Drews have been besieged with negative publicity, and Meier’s death prompted her hometown of Dardenne Prairie to adopt a law engaging in Internet harassment a misdemeanor.

Now, elected officials say the law’s first use could be to prevent possible harassment against the Drews.

“I would say that would be a possibility, that they could be the first,” Mayor Pam Fogarty said Friday. “A law is a law is a law. You can’t discriminate.” . . . .

St. Charles County Prosecutor Jack Banas said he heard about the postings through the news media and asked the sheriff’s department to investigate.

Banas said he had no idea if someone might be charged under the Dardenne Prairie measure. He explained any charges he brings are under state law, not under local ordinances.

December 8, 2007 at 1:52 pm   Posted in: Privacy (Gossip & Shaming), Social Network Websites, Web 2.0  4 Comments  Print This Post Print This Post

More Facts about the Megan Meier Case

posted by Daniel Solove

This story from CNN provides some interesting facts about the Megan Meier case:

Megan became friends with the Drews’ young daughter and the girls remained close for years, according to a report provided by prosecutors. But the girls had a falling-out in 2006.

A teenage employee of Drew’s named Ashley said she created the “Josh” account on MySpace after a brainstorming session with Drew and her daughter, according to a prosecutor’s report. Drew said the girls approached her with the idea, and she told them only to send polite messages to Megan.

Ashley sent Megan many of the messages from “Josh,” and Lori Drew was aware of them, prosecutors said.

On October 16, 2006, there was a heated online exchange between Megan and Ashley, who was posing as Josh. A few other MySpace users joined in, calling Megan names. It ended when “Josh” said the world would be better off without Megan.

Tina Meier said her daughter went to her room, crying and upset. About 20 minutes later, Megan was found hanging from a belt tied around her neck.

Drew’s attorney Jim Briscoe said on NBC on Tuesday that Drew “absolutely, 100 percent” had nothing to do with the negative comments posted online about Megan and wasn’t aware of them until after the girl took her life.

One possibility is that perhaps one of the other young girls involved made the nasty comments that precipitated Megan’s despair. This still doesn’t excuse the mother’s involvement in the fake profile, but much of the online shaming blames her for the suicide. Maybe Lori Drew is taking the brunt of the criticism to protect the other young girls involved.

Suppose the mother weren’t involved at all, and the profile were made totally by the young teenage girls without the knowledge of any adults — would people feel differently about the online shaming campaign or about posting personal information about the creators of the profile?

Meanwhile, the shaming of the Drews continues:

Read the rest of this post »

December 7, 2007 at 11:27 am   Posted in: Privacy (Gossip & Shaming), Social Network Websites  9 Comments  Print This Post Print This Post

The Megan Meier Case: New Developments

posted by Daniel Solove

Recently, I blogged about the tragic Megan Meier case, where the parent of a classmate of Megan’s created a fake MySpace profile and pretended to be a boy (Josh Evans) interested in Megan. When the fictitious boy suddenly dumped Megan and wrote nasty comments, Megan committed suicide. A local newspaper reported the story, which quickly caught fire in the media. The local reporter declined to identify the woman who created the fake profile, fearing vigilantism, but a woman named Sarah Wells posted the woman’s name — Lori Drew — and her address. Soon, the blogosphere was aflame in rage at Drew. Recently, the local prosecutor considered bringing charges against Drew but ultimately concluded that Drew had not committed any crime.

Now there’s a new twist in the case. On a blog called “Megan Had It Coming” is a post purportedly written by Lori Drew.

lori-drew.jpg

The blogger, who claims to be Drew, writes a lengthy essay explaining her side of the story:

It’s time I dropped the charade. Yes, I made this blog. Yes, I’m Lori Drew.

My daughter had nothing to do with this. Everyone needs to leave her alone. None of you can possibly know her involvement, and none of you can possibly know what she’s gone through. She’s just a kid. She doesn’t deserve these brutal verbal attacks. Please stop.

Now that Mr. Banas has made public the announcement that there will be no charges filed against me or my family, I feel it is time to speak out about this tragic affair. I cannot count on any media organization to fairly represent my story, as they have grossly misrepresented and sensationalized the story so far. So, I must present my case here, on the blog that has been my only outlet. . . .

Then Sarah Wells outed me. Then the hate and harassment and threats poured in. Even against my daughter. First there were dozens of calls, then hundreds, then there was national news, and everyone went crazy.

That’s why I started this blog and posted as “Kirsten.” I was so angry at the world for being so unfair, especially when it came to my daughter whom I had sworn to protect from all of this. I took a low blow at Megan’s memory because I desperately wanted the world to at least get a glimpse of the truth.

But that’s all over now. The final word from authorities has come down that there will be no charges, so I don’t have to remain silent. There’s no point in hiding anymore. The internet has made it clear that mob revenge must prevail, even if there’s no justice in it. So be it.

Here I am, internet. Come get me.

There’s a lot more in the post, which has over 1800 comments. Is this really Lori Drew? The Internet makes it so easy to spread information — in anyone’s name — that it could be Drew or just some imposter.

Hat tip: Prettier than Napoleon, who writes that the “blog is almost certainly a hoax (any competent attorney would have put the kibosh on it), but does it matter? Regardless of authenticity, it acts as a lightning rod for outrage, and the reputation of the purported author is already shredded.”

UPDATE: The blog is indeed a hoax.

December 5, 2007 at 12:54 am   Posted in: Privacy (Gossip & Shaming), Social Network Websites  5 Comments  Print This Post Print This Post




Authors

Daniel J. Solove

Website
Understanding Privacy

Kaimipono Wenger

Website
SSRN Page

Dave Hoffman

Website
SSRN Page

Nate Oman

Website
SSRN Page

Frank Pasquale

Website
SSRN Page

Deven Desai

Website
SSRN Page

Danielle Citron

Website
SSRN Page

Lawrence Cunningham

Website
SSRN Page

Sarah Waldeck

Website
SSRN Page

Jaya Ramji-Nogales

Website
SSRN Page

Solangel Maldonado

Website
SSRN Page

Gerard Magliocca

Website
SSRN Page


Guests

Rachel Godsil
Alex Kreit
Anita Krishnakumar
Matthew Sag
Michael Zimmer






Previous Guests

Michael Abramowicz
Michelle Adams
Robert Ahdieh
Michelle Anderson
Laura Appleman
Ann Bartow
Francesca Bignami
Jeremy Blumenthal
Kathleen Boozang
Bruce Boyden
Donald Braman
Al Brophy
Neil H. Buchanan
Bill Burke-White
Scott Burris
Paul Butler
Naomi Cahn
Anupam Chander
Miriam Cherry
Jack Chin
Jennifer Collins
Allison Danner
Brannon Denning
Deven Desai
Mike Dimino
Mark Edwards
David Fagundes
Christine Haight Farley
Kim Ferzan
Dan Filler
Michael Froomkin
Amanda Frost
Timothy Glynn
Rachel Godsil
Eric Goldman
David Gray
Craig Green
Tristin Green
Jeffrey Harrison
Erica Hashimoto
Carissa Hessick
Laura Heymann
Robert Hillman
Christine Hurt
Darian Ibrahim
John Ip
Kevin Johnson
Dan Kahan
Brian Kalt
Sam Kamin
Michael Kang
Chimène Keitner
Orin Kerr
Nancy Kim
Heidi Kitrosser
Adam Kolber
Russell Korobkin
Anita S. Krishnakumar
Susan Kuo
Greg Lastowka
Sarah Lawsky
Erik Lillquist
Jeff Lipshaw
Jonathan Lipson
Jacqueline Lipton
Joseph Liu
Michael Madison
Solangel Maldonado
Jason Mazzone
Linda McClain
William McGeveran
Salil Mehra
Carrie Menkel-Meadow
Max Minzner
Scott Moss
Eric Muller
Jaya Ramji-Nogales
Helen Norton
Elizabeth Nowicki
Paul Ohm
Michael O'Shea
David Opderback
Kristen Osenga
Rafael Pardo
Marcy Peek
Eduardo Peñalver
Robert Percival
David Post
Shruti Rana
Geoffrey Rapp
Neil Richards
Lori Ringhand
Alice Ristroph
Susan Scafidi
Paul Secunda
Jonathan Siegel
Jessica Silbey
Peter Smith
Charles Sullivan
Rick Swedloff
Steph Tai
Andrew Taslitz
Robert Tsai
Jenia Turner
Steve Vladeck
Sarah Waldeck
Melissa Waters
Alfred Yen
David Zaring
Timothy Zick
Spencer Weber Waller
Howard Wasserman
Frank Wu
Corey Yung
Jonathan Zittrain

Blogroll

Above the Law
ACS Blog
Althouse
Balkinization
Becker-Posner Blog
BlackProf
BoingBoing
Chicago Law Faculty Blog
Conglomerate
CrimLaw
Crime & Federalism
CrimProf Blog
Crooked Timber
Discourse.net
Dorf on Law
Election Law
Emergent Chaos
The Faculty Lounge
Feminist Law Profs
43(B)log
Freakonomics Blog
Freedom to Tinker
Google Blogoscoped
How Appealing
Ideoblog
Info/Law
Instapundit.com
Juris Novus
Jurisdynamics
Law and Humanities Blog
Law and Letters
Law Librarian Blog
Legal Profession Blog
Legal Theory Blog
Legal Times Blog
Leiter Reports
Brian Leiter's Law School Reports
Lessig Blog
Madisonian Theory
Media Law Blog
Mirror of Justice
The Moderate Voice
National Security Advisors
Opinio Juris
Point of Law
PrawfsBlawg
ProfessorBainbridge.com
Property Prof Blog
Red Tape Chronicles
The Right Coast
Schneier on Security
SCOTUSBlog
Security Dilemmas
Sentencing Law and Policy
Simple Justice
Sivacracy.net
The Situationist
Susan Crawford
TalkLeft
Talking Points Memo
TaxProf Blog
Tech & Marketing Law
Truth on the Market
Volokh Conspiracy
WorkPlace Prof Blog
WSJ Law Blog
Wonkette
The Yin Blog


© Concurring Opinions

Powered by WordPress