Site Meter

The Lori Drew Case: Does the CFAA Require Knowledge?

You may also like...

7 Responses

  1. A.W, says:

    Yeesh, Daniel, your jihad against this prosecution is really starting to drag down your analysis.

    Knowledge? She knew there was an TOS agreement and one of them surely clicked “I agree.” The fact they skipped over it doesn’t excuse them, then.

    To quote one of many cases on the concept of Willful Ignorance: “One who, knowing or strongly suspecting that he is involved in shady dealings, takes steps to make sure that he does not acquire full or exact knowledge of the nature and extent of those dealings is held to have a criminal intent,” In re Aimster Copyright Litigation, 334 F.3d 643 (7th Cir., 2003)

    So the answer is, she knew the TOS existed, and chose not to read it, she was willfully blind as to whether her conduct was criminal, and thus has, as a matter of law, knowledge.

  2. A.W., The willful blindness is an interesting theory, but to prove knowledge for the CFAA violation, the prosecution must prove that she knew she used the site in an unauthorized manner. Merely not reading the TOS doesn’t establish beyond a reasonable doubt that a person was willfully blind to every conceivable unauthorized use. Willful blindness is a fairly limited doctrine, and it basically applies when one is fairly close to knowing, but deliberately sticks his/her head in the sand to avoid finding out the complete story (the willful blindness jury instruction is also referred to as the “ostrich instruction”). Basically, it involves something akin to partial knowledge, and the defendant deliberately avoiding finding out more. I doubt many courts would find that merely ignoring the TOS, something that nearly everyone does (I think that less than 10% of users actually read the TOS), would be sufficient for willful blindness. Moreover, the doctrine requires deliberate avoidance, sometimes even taking steps to avoid finding out more (or going out of one’s way to avoid finding out more). Merely ignoring the TOS will likely not constitute taking such steps.

    If you can find an analogous case with willful blindness, I’ll stand corrected, but under my understanding of the doctrine, it won’t work.

    Regarding my critique of this prosecution more generally, I’m fairly certain that the case will either (1) be dismissed on a directed verdict motion if the judge gets his act together, either on the theory in my post or on an interpretation of the CFAA that will narrow the overbroad statute; or (2) be dismissed on appeal if there’s a conviction. If Drew is convicted, and the case stands up on appeal, I’ll be stunned, and then the message will be clear: Millions of Internet users will face potential prosecution! I’m not exaggerating — this is why I find the prosecution’s theory of the case so troubling. And if the courts adopt your theory of willful blindness, then even more Internet users will be in trouble, for hardly anyone reads TOS.

  3. Bruce Boyden says:

    Dan, as you probably know, Orin Kerr thinks the answer is yes also — or rather, he says the violation of the TOS must be intentional, which I presume requires knowledge of its contents: http://volokh.com/archives/archive_2008_05_11-2008_05_17.shtml#1210889188

    The only case I’m aware of off the top of my head that involved a remotely similar question is from the equivalent language under the ECPA, not the CFAA: Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F. Supp. 2d 817 (E.D. Mich. 2000). But there there was no agreement at all governing access; the question was whether the defendant should have inferred that his access was no longer authorized to a certain portion of a third party’s computer network containing the plaintiff’s data after his contract with the plaintiffs was terminated. The court said no, you need a more specific signal than that. That doesn’t tell us whether, where there *is* an agreement that the defendant (hypothetically) didn’t read and didn’t have constructive knowledge of, that unread agreement provides the more specific signal.

    A.W., you’re going too fast. First of all, the idea that you can’t escape liability by not reading a contract is true as a matter of *contract law*, but that doesn’t necessarily apply to other fields. E.g., criminal law, which usually requires some level of intent. Constructive knowledge of the terms or of relevant norms of access might suffice, but I’m not sure it’s quite so obvious that you can’t provide any false registration information to your average social networking site, particularly given that it’s free and there’s no requirement that you use your real name as your account name. Unlike Aimster, I’m not aware of any facts here that would indicate the basis for such constructive knowledge, e.g. major news stories and well-publicized litigation holding people liable for providing false registration information on free social networking sites.

  4. A.W. says:

    The failure to read the TOS when you are up to something sneaky using that site is about as clear an example of willfull blindness as you can get, citing that case as one example of many.

    as for the claim that millions of people will be criminals, given that you have to be gaining access to that computer in an unauthorized manner in order to committ a tort, i’m not sure how many people will fall under it, and those who do, well, then, they deserve it.

    For instance, suppose you log onto my space and then committ defamation. Well, unless they can prove that at the moment of log on, you intended to committ the defamation; so if you decided to committe the tort spontaneously, no criminal liability.

    And so what if people can go to jail over this? you know, maybe it would be a good thing if people start watching what they say on the web, and stop lying. I keep waiting for people to wise up to the fact that you can’t trust everything you read on the web, but every day you hear of people who read some idiot site and decide 9-11 was a US government conspiracy, or something stupid like that. I mean, my God, there are people who will quote wikipedia to me, ignoring the fact that any idiot can write one of those entries. So maybe making people a little afraid of writing BS is a good thing.

    And besides we all know it is NOT going to be applied to every internet defamor, but selectively to outrageous conduct, such as the Palin email hacking case, or the Lori Drew case. And if it bothers you to see the prosecutors be allowed that much discretion, well, that is just how it has been on many topics for a long time.

  5. Bruce Boyden says:

    Keep in mind that under the government’s theory, mere breach of the TOS by itself, that results in obtaining information or causing “loss” of $5,000 (broadly defined), is a misdemeanor, subject to a fine and up to a year in jail, regardless of whether there is some further tort or crime anticipated. So, say Dan puts a new term, linked to at the bottom of Concurring Opinions home page: “A.W. is no longer allowed to access this site.” Without reading the TOS, you access the site repeatedly to read blog posts (obtain information) and submit comments. Are you guilty of a misdemeanor? I would say no.

  6. A.W. says:

    the actual provision requires a desire to committ a tort. now if i go to concurring opinions to look for tips on how best to defame someone, well, then, yeah, i deserve whatever happens to me. why are we so eager to excuse bad conduct?

    I mean, a girl is dead, and they pretty directly urged her to committ suicide.

  7. There was some discussion of the scienter issue in the CFAA by the Court of Appeals many years ago, in the Morris Internet Worm case — see 928 F.2d 504. Of course, the law has been amended a number of times since 1991; I haven’t checked if the relevant language has changed.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image