Lori Drew and the Computer Fraud and Abuse Act
posted by Daniel Solove
The Lori Drew trial is set to begin this week, and it is a travesty that this trial is even taking place. The basic facts of this case are that Drew was the mother of a teenage daughter and she created a fake MySpace profile for a fictional teen boy to befriend a classmate of her daughter’s. It remains unclear what the motivation was for creating this fake profile, but from what I’ve read, it was to learn about rumors about her daughter. This classmate, Megan Meier, befriended the fake MySpace persona. At some point, the fake persona broke up with Meier, saying he no longer wanted to be friends, and Meier committed suicide.
Afterwards, there was considerable media attention in the case, although this didn’t happen until about a year later. There was outrage at Drew, with many people calling for blood. But local prosecutors determined, correctly in my opinion, that although Drew’s conduct may have been immature, shortsighted, and mean, it wasn’t criminal.
Enter an ambitious federal prosecutor, eager for fame and national attention. He indicted Lori Drew for creating a fake MySpace profile, which he contends is a violation of the Computer Fraud and Abuse Act (CFAA). The CFAA § 1020(a)(2)(C) makes it a criminal misdemeanor to “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication.” The CFAA § 1030(c)(2)(B)(2) make it a felony if one “intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer” and “the offense was committed in furtherance of any . . . tortious act [in this case intentional infliction of emotional distress] in violation of the . . . laws . . . of any State.”
Basically, the theory of the prosecution’s case is that Lori Drew violated the CFAA because she violated the terms of service of Myspace which prohibited creating fake profiles, and she did so in furtherance of committing the tort of intentional infliction of emotional distress.
These CFAA provisions are, in my opinion, unconstitutionally vague. I believe they either must be struck down or saved with a narrowing interpretation. I personally would strike down these parts of the statute and have Congress start over. My argument is here, and I won’t repeat much of it, but the gist is that a vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. Because the CFAA would essentially criminalize many violations of website terms of service (if not nearly all), this allows the website operators to virtually write the criminal code.
So I hereby declare that on Concurring Opinions nobody may write a comment while wearing a hat. If you write a comment by wearing a hat, you’re violating our terms of service, and that’s a criminal violation under the CFAA! And if your comment is tortious (defamatory, invasive of privacy, etc.) then that’s a felony violation of the CFAA, and you could be put in prison for up to 5 years.
Of course, we all know that most of these violations wouldn’t be prosecuted. Prosecutors would use their discretion to go after only those cases that they found particularly bad. Like what happened in here with Drew. But this is precisely what the constitutional prohibition on vague laws is all about — it prevents arbitrary enforcement of laws by prosecutors because they’re dealing with an unpopular defendant or because they want to get some media attention.
If the government’s interpretation stands, it means that hundreds of thousands–perhaps millions–of Internet users are criminals. The absurdity of it all is mind-boggling.
What perplexes me about the case are the following questions:
1. Why is this case being prosecuted at all? The case is making a mockery out of the CFAA. I can think of no reason why this prosecution is going forward other than to be a way for the prosecutor to gain media attention and go after a person who is unpopular. Of course, I am only speculating as to the prosecutor’s motives, but I find this case so inappropriate that I can’t think of a legitimate motivation to bring it.
2. Why is this case going to trial? The judge, U.S. District Judge George Wu, apparently hasn’t made any rulings on dismissing the case. This is exactly the kind of prosecution that should be dismissed prior to prosecution. Why should a defendant have to stand trial, a very expensive and stressful experience, when as a matter of law, the statute either (a) shouldn’t apply to her conduct; or (b) is unconstitutionally vague?
3. In the most recent news, the judge has said he will allow evidence of Meier’s suicide, even though it isn’t relevant:
U.S. District Judge George Wu previously indicated he might bar any mention of suicide because it could be prejudicial, but he changed his mind after hearing lawyers’ arguments.
Wu said he was now convinced that many prospective jurors would be aware of the suicide from reading news reports or seeing a recent episode of the TV show “Law and Order” that involved a similar scenario.
He said he would instruct jurors, possibly at the outset of the trial, that the case was not about the suicide and that Drew is not charged with causing the suicide.
I have no idea if this AP report is correct about Judge Wu’s reasons for allowing the evidence of the suicide, but it strikes me as erroneous reasoning. The suicide has little to do with the violation of the CFAA. The alleged violation can be proven without introducing evidence of the suicide. The suicide is so prejudicial, likely to inflame the jurors’ passions and get them to hate Lori Drew for what happened rather than to focus on the alleged violation of law. It should be excluded from evidence, as this evidence is considerably more prejudicial than probative. The fact that pretrial publicity might mean that some jurors know about it is no excuse for sidestepping the rules of evidence. In many high profile cases that were much more widely publicized than this one, plenty of evidence was excluded that was more prejudicial than probative.
This case is basically a witch hunt. It is exactly what the Constitution mandates should not happen in criminal law. The law shouldn’t be vague. It shouldn’t be a tool that prosecutors can use whenever they don’t like a particular person. Judge Wu should dismiss this case immediately, either striking down these provisions of the CFAA or issuing a limiting construction. This case should not be going to trial.
Disclosure: My colleague, Orin Kerr, is one of the defense attorneys for Lori Drew. My opinions here are my own.
UPDATE: Scott Greenfield at Simple Justice has this critique of Judge Wu’s evidentiary ruling.
November 16, 2008 at 12:52 pm
Posted in: Privacy, Privacy (Electronic Surveillance), Social Network Websites
Print This Post
Responses (8)
Jay Levitt - November 16, 2008 at 5:53 pm
Could you talk a little, for the benefit of the non-lawyers in the audience, about how the CFAA might be limited (either judicially, or by amending it) in a way that wouldn’t completely gut it?
The original purpose is, I think, to say that I have the right to set the rules for accessing my computer. That seems reasonable.
And if you lie about who you are in order to use my computer, you’re committing fraud. Still seems reasonable.
But at first blush, I can’t think of any way to codify that concept without giving me free reign to declare rules that effectively become criminal statute – which is behind all the furor in the Lori Drew case.
I’ve seen dozens of posts proclaiming that this law is a good idea, but way too vague; I haven’t seen a single one proposing how to fix it. Any ideas?
A.W. - November 17, 2008 at 9:30 am
I am coming late to this, but I see nothing absurd about this. First, you say that it is vague. But it isn’t. it says, you access websites on their terms. What is vague about that?
Second, you say it allows them to write the criminal code. Um, so? We often allow the permissions of others to define lawful conduct. A woman can say “you can have sex with me, but only if you dress as little bo peep,” and if the guy forces himself in any other attire, he is in jeopardy for rape.
You also say: “If the government’s interpretation stands, it means that hundreds of thousands–perhaps millions–of Internet users are criminals.”
Really? Now, look, I am sure there is a lot of lying going on, on the internet. Okay. But all of it is related to crimes or torts? I doubt it.
Also a few other points.
“Why is this case being prosecuted at all?” Because a girl is dead.
“Why is this case going to trial?” see above.
“he will allow evidence of Meier’s suicide, even though it isn’t relevant” how exactly is it irrelevant? It seems that the severity of the emotional distress is utterly relevant, since after all we are taught in law school that the emotional distress has to reach a unique level of cruelty to count. Also, the fact that some of the statements that the prosecution wish to enter into evidence occurred after the girl’s death makes it pretty hard to avoid mentioning it.
> It shouldn’t be a tool that prosecutors can use whenever they don’t like a particular person.
Wow, that is a laugh. It is, and it is all the time. Statutory rape laws, for instance, are frequently used as a short cut for when the District Attorney thinks actual forcible rape occurred, but can only prove sex beyond a reasonable doubt. It goes on and on. Really, the naiveté in that sentence is stunning.
By the way, as simple justice points out, but pretends is sinister, the judge merely said originally that he was not sure it was relevant, but would rule on the subject later. Apparently simple justice holds him to it like it is a commitment, but actually that would be unfair to the government to do that.
I always tell my clients that the simplest way to avoid legal trouble is this: if it seems like it ought to be illegal, it probably is. “You might think you are clever, that you found some loophole that means that although it is wrong, it ain’t technically illegal. Don’t believe it. Do not underestimate the ability of a determined prosecutor to close any loopholes you think you found. The bad guys almost never get away with it.”
This is a classic example of that principle in action. And more power to the government for doing so.
Neeneko - November 17, 2008 at 11:09 am
While I agree this is a bit of a strange use of the law, given the increasing pressure that social networking sites are under to stop child predators from creating fake profiles, I can see why MySpace would have an interest to take this as far as it can go. When you join, you sign a ToS claiming you are who you say you are and MySpace is probably trying o find ways to legally enforce that contract beyond simply canceling your service. So I would look to MySpace rather then the ‘ambitious prosecuter’ as the source of this.
Having said that.. I’m actually kinda confused about why other laws did not apply in this case. It seems like old classics like child endangerment, corruption of a minor, accessory to suicide, etc,… any of those could have kicked in. They could even have brought in some of those anti-grooming laws since, regardless of outcome, you basically had an adult pretending to be a minor who was romantically interested in another minor. If Drew had been a male this probably would have been exactly what they did.
Correcting the Record on Scalia - November 17, 2008 at 1:10 pm
Congratulations on your Textualism-based reasons why this is a bad prosecution. I trust you will incorporate this reasoning into your opinions on Con Law, where such reasoning is even more vital because, of course, Congress could modify the CFAA following a boneheaded decision, but cannot modify the Constitution after a similarly boneheaded decision.
Nicholas M. Cassaro - November 30, 2008 at 3:41 am
If Lori Drew did nothing else, she sexually harassed a minor. But she did do something else. She doesn’t deserve life in prison or anything, but she should spend a few years behind bars.
Charles Tompkins - December 9, 2008 at 11:05 am
With respect to the admissibility of evidence of the suicide, it appears to me that Professor Solove is asking the obvious question: Is the suicide probative of an element of the crime of unlawful access under CFAA? I think not and that its admission has potential only to inflame the jury. Poor evidentiary decision.
A.W. - December 9, 2008 at 1:35 pm
Charles:
See my comment above. In order to be intentional infliction of emotional distress, it has to be a severe amount of distress. that has to be proven. the fact she killed herself tends to show it was pretty severe. Thus its relevant.
Daniel Jones - April 11, 2010 at 12:10 pm
I always thought that the internet was a safe place to buy things but I had my identity stolen last year and a rather large sum of money taken out of my bank account. I only found out that this was happening when my bank calls me to confirm the purchase of a $2000 semi acoustic guitar that I was apparently trying to buy in Bangkok!
I can only assume that my details were swipped over the internet and so now I am ever so careful. I think its well worth installing as many security tools as possible, as the theifs are becoming more and more sophisticated in their methods. Any recommendations anyone?
Leave a Reply