Volume 57, Issue 1 (October 2009)

Articles

Essay

Comments

Discourse

Th UCLA Law Review is also pleased to announce the launch of a our new website.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor [...]]]> During the 2008 election, Democrats effectively used Web 2.0 platforms to garner interest in the campaign and win supporters.  President Obama has been widely hailed as the first “Tech President,” and he seems to have trounced the Facebook landscape.  To date, President Barack Obama has over 6.6 million Facebook friends, while Sarah Palin only has 848, 614 Facebook pals and Mitt Romney has 70, 130.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor now that they are in the minority.  AMERICAblogs’ John Aravosis worries that Democrats have ceded their online advantage.

No matter the current political victor in this social media landscape, Government 2.0 is here to stay.  It surely has great potential to shine light on government policymaking and to marshal public participation, especially from people who otherwise wouldn’t bother getting involved with government policymaking.  Adding the President as a friend on MySpace and joining live chats may seem to be a relatively costless endeavor as compared to writing letters or commenting on agency rulemakings.  But Government 2.0 also poses privacy risks: social media sites not only give government access to people’s policy insights but also access to all of individuals’ social media data, such as their videos, photos, walls musings, “Top 25 things you don’t know about me” lists, and the like.  Soon, I will be posting on SSRN a draft of my essay “The One-Way Mirror: Enhancing Participation and Securing Privacy for Government 2.0″ (forthcoming George Washington Law Review) and hope to get your feedback.

Understanding Privacy offers a comprehensive overview of the many difficulties involved in discussions of privacy. Drawing from a broad array of interdisciplinary sources, I set forth a framework for understanding privacy that provides clear practical guidance for engaging with privacy issues.

In an opinion released on August 28, Judge George Wu struck down, on unconstitutional vagueness grounds, the prosecution’s attempt to enforce violations of website terms of service as crimes under the Computer Fraud and Abuse Act (CFAA):

[I]f any conscious breach of a website’s terms of service is held to be sufficient by itself to constitute intentionally accessing a computer without authorization or in excess of authorization, the result will be that section 1030(a)(2)(C) becomes a law “that affords too much discretion to the police and too little notice to citizens who wish to use [...]]]> The Lori Drew case has finally been decided.  Background about the case is here.  In previous posts (here and here), I argued that the CFAA should be held to be unconstitutionally vague.

In an opinion released on August 28, Judge George Wu struck down, on unconstitutional vagueness grounds, the prosecution’s attempt to enforce violations of website terms of service as crimes under the Computer Fraud and Abuse Act (CFAA):

[I]f any conscious breach of a website’s terms of service is held to be sufficient by itself to constitute intentionally accessing a computer without authorization or in excess of authorization, the result will be that section 1030(a)(2)(C) becomes a law “that affords too much discretion to the police and too little notice to citizens who wish to use the [Internet].” City of Chicago [v. Morales], 527 U.S. [41] at 64 [(1999)].

Congratulations to Orin Kerr, who assisted in the defense, and who is cited numerous times throughout the court’s opinion.

“It basically leaves it up to a website owner to determine what is a crime,” said Wu on Thursday, echoing what critics of the case have been saying for months. “And therefore it criminalizes what would be a breach of contract.” . . . .

Wu told Assistant U.S. Attorney Mark Krause that if Drew had been convicted of the felonies, he would have let the convictions stand, and would have already sentenced her. But the misdemeanor [...]]]> Judge George Wu has ruled that he is planning to dismiss the charges against Lori Drew, the woman involved in the MySpace suicide case involving Megan Meier.  Background about the case is here.  According to an article by Kim Zetter of Wired, who has provided terrific coverage of the case:

“It basically leaves it up to a website owner to determine what is a crime,” said Wu on Thursday, echoing what critics of the case have been saying for months. “And therefore it criminalizes what would be a breach of contract.” . . . .

Wu told Assistant U.S. Attorney Mark Krause that if Drew had been convicted of the felonies, he would have let the convictions stand, and would have already sentenced her. But the misdemeanor convictions troubled him, because of the vague wording of the statute. . . .

To convict Drew of the felonies, prosecutors would have needed to prove two things: that Drew accessed MySpace “without authorization,” and did it for the purpose of committing a tortious act — in this case, to intentionally cause harm to Megan Meier.

But for the misdemeanors, the jury just had to find that Drew obtained the unauthorized access. Wu said that language, standing on its own, was too vague to pass constitutional muster in this case.

“I don’t see how the misdemeanor aspect would be constitutional,” he said. “That is the issue I’m wrestling with at this time.”

Wu also doubted that MySpace provided sufficient notice to members to hold them responsible. If a user didn’t read the terms of service, the judge asked prosecutor Krause, could they still be charged with violating them?

In previous posts (here and here), I argued that the CFAA should be held to be unconstitutionally vague.  I’m encouraged that Judge Wu agrees, though I believe the CFAA is unconstitutionally vague not only in its misdemeanor provisions, but in its felony ones as well.

Congratulations to my colleague, Orin Kerr, who assisted in Lori Drew’s defense.

The AP story is here.

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results [...]]]> According to Help Net Security, Craig Gentry, a researcher at IBM, appears to have found a way to allow “the deep and unlimited analysis of encrypted information – data that has been intentionally scrambled – without sacrificing confidentiality.” The solution involves a an “ideal lattice.” I’ll leave the explanation of all the math to the math/computer science folks. As the Help Net article notes, the solution seems to enable some great advantages for anyone providing cloud computing for:

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.

It all sounds wonderful. One could have encrypted data and let others data mine while maintaining anonymity or privacy. Yet, something seemed odd to me. So I did what lawyers do, I called someone who knew more about computer science and asked for some help. That person explained that yes this could mean one could query an encrypted database without decrypting the data. The example to consider is a database of book purchases. One could ask how many people bought both book A and book B and see that result without ever seeing what a specific person purchased. Great, right? Not so fast.

As this person reminded me, with other sources of information one can figure out what a specific person did. That reminded me of the AOL debacle. With a little work, people were able to figure out who the anonymous subjects were.

All of which highlights that privacy is not binary. The cluster of information and the ability to analyze it seems often, if not always, to lead to problems about the use of information. So if this breakthrough allows a company or the government to claim that we should remain calm and all is well, we may want to remain clam but show how all may not be well. A few regulations about the use of the data even if supposedly anonymous, might allow the beneficial aspects of the solution to thrive while limiting the harms that can occur.

Image: WikiCommons
By: Gwenda; License: Public Domain
(My apologies to CS folks if the image does not match the breakthrough’s area of encryption)

Worries about the “death of privacy” have been prevalent for some time. We increasingly lack control over [...]]]> As they follow the fascinating and heartening “Twitter Revolution” in Tehran, commentators worry that “the regime is prepared to detain dissidents — reportedly using Facebook and Twitter to locate them.” Yesterday also saw new reports of controversy over domestic surveillance by the US National Security Agency. Apparently the “agency routinely examined large volumes of Americans’ e-mail messages without court warrants.” Commentators like Glenn Greenwald and our own Dan Solove have done a great job explaining the legal details of NSA surveillance. I just want to comment on some of broader social trends that explain the upward ratchet of surveillance around the world.

Worries about the “death of privacy” have been prevalent for some time. We increasingly lack control over (or even awareness of) the digital profiles kept about us by businesses and governments. Another form of privacy—that at the core of the public-private divide—has also been in decline over the past couple decades. As the essays in Freeman and Minow’s book Government by Contract show, “privatization” is often less an arm’s length transaction between government and business than a veritable marriage of institutions. The recent explosion of public-private partnerships in the finance and auto industries further erodes the distinction between government and business. As William J. Novak’s essay in Government by Contract observes, much of what we think of as purely private markets are creatures of state action:

Robert Lee Hale contended that the sharp theoretical separation of public and private obscured the actual proactive role of public power in structuring the so-called private bargains that had such an immense effect on the distribution of wealth and power in American society. . . . [T]he private sphere is positively constructed by law and government and is consequently always suffused with (as opposed to immune from) sovereignty, force, violence, and coercion.

This is particularly true of communications technologies, which are often of great interest to government regulators. As Michael D. Birnhack and Niva Elkin-Koren explain in their brilliant article The Invisible Handshake, new and hidden exchanges of information for power are key to government-business relations:

Law enforcement agencies seek to enhance their monitoring capacity and online businesses seek to prevent fraud and combat piracy while strengthening their ties with authorities. . . . The invisible hand [of market-based communications] turned out to be very useful for the State, and it is now being replaced with a handshake, which, likewise, is invisible. . . . The use of private parties for executing government roles may create an unholy alliance between governments that wish to exercise their power and large online players that seek to maintain and strengthen their dominant role in the market.

Birnhack and Elkin-Koren were prophetic. The kind of government-business alliances they feared have become de rigeur in the national surveillance state. Both Chris Hoofnagle and Jon D. Michaels have described the development in some detail. Michaels’s story of FedEx is indicative of the larger trend:

[After FedEx's] CEO announced his company’s commitment to cooperating with the government “up to and including the line on which we would be doing a disservice to our shareholders” . . . FedEx has received a range of government perks. For instance, FedEx has been afforded special access to government security databases, presumably giving it a range of advantages over non-cooperating competitors. It has also been awarded a prized seat on the FBI’s regional terrorism task force (it is the only private company so represented) and thus has even more insider access to international security threats, again presumably well before its competitors receive such warnings. Moreover, FedEx has received an exceptional license from the State of Tennessee to develop an internal police force . . . .

Hoofnagle proposes that “the Privacy Act should apply to private sector companies that sell information to the government,” not just to the government itself. It seems to me that the first step to wisdom in this area is to realize that whatever we fear from direct government collection of data, we should fear from ostensibly “private” third parties that do the same. Otherwise, the ailing “public/private” divide could cause many more “deaths” of individual privacy.

Why do we need to coalesce power in a cyber security czar to oversee the nation’s information security efforts?  Ira Winkler offers an explanation for centralizing this responsibility, rather than [...]]]> President Obama recently announced the creation of a White House cyber security coordinator who will oversee a national strategy for securing American interests in cyberspace.  The coordinator will be a member of the National Security Council, reporting to the national security adviser and the senior White House economic adviser.   President Bush started us in this direction by instituting the Cyber Initiative to overhaul the government’s cyber defenses.  Yet we remain vulnerable to attacks on systems related to government operations, money supply, electric-power distribution, and transportation.  Thus, devoting resources to shoring up cyber security is crucial.

Why do we need to coalesce power in a cyber security czar to oversee the nation’s information security efforts?  Ira Winkler offers an explanation for centralizing this responsibility, rather than spreading it across various agencies.  He considers complications that arise when multiple agencies engage in cyber security efforts of the offensive and defensive variety.  He asks: what if the NSA engages in a long-term project to enter false information into an adversary’s database, unaware that the Army had hacked into the same database to try to track military movements?  According to Winkler, the lack of coordination would allow the NSA’s efforts to mislead the Army.  Divergent defensive efforts could similarly clash, thus undermining cyber security.

The President’s plan raises a number of unresolved issues.  The President hopes to recruit the private sector’s help in devising a comprehensive security strategy.  He has suggested building public and private partnerships around cybersecurity.  How will the Administration accomplish this partnership?  Would it be designed to get input from security professionals regarding government regulation of the private sector’s cyber security efforts?  Will the government have a role in overseeing private networks?  The heart burn involved in solving these issues is worthwhile given the critical importance of our networks to our economy and the real threat of cyber warfare.

Thanks to Wikimedia Commons for the image.

Social networking sites and blogs have increasingly become breeding grounds for anonymous online groups that attack women, people of color, and members of other traditionally disadvantaged groups. These destructive groups target individuals with defamation, threats of violence, and technology-based attacks that silence victims and concomitantly destroy their privacy. Victims go offline or assume pseudonyms to prevent future attacks, impoverishing online dialogue and depriving victims of the social and economic opportunities associated with a vibrant online presence. Attackers manipulate search engines to reproduce their lies and threats for employers and clients to see, creating [...]]]> From tomorrow through Thursday, Concurring Opinions will be hosting a number of scholars invited to discuss Danielle Citron’s work Cyber Civil Rights. Responding to controversies over online attacks, Citron argues the following:

Social networking sites and blogs have increasingly become breeding grounds for anonymous online groups that attack women, people of color, and members of other traditionally disadvantaged groups. These destructive groups target individuals with defamation, threats of violence, and technology-based attacks that silence victims and concomitantly destroy their privacy. Victims go offline or assume pseudonyms to prevent future attacks, impoverishing online dialogue and depriving victims of the social and economic opportunities associated with a vibrant online presence. Attackers manipulate search engines to reproduce their lies and threats for employers and clients to see, creating digital “scarlet letters” that ruin reputations. . . .

Web 2.0 technologies accelerate mob behavior. With little reason to expect self-correction of this intimidation of vulnerable individuals, the law must respond. General criminal statutes and tort law proscribe much of the mobs’ destructive behavior, but the harm they inflict also ought to be understood and addressed as civil rights violations. Civil rights suits reach the societal harm that would otherwise go unaddressed and would play a crucial expressive role. Acting against these attacks does not offend First Amendment principles when they consist of defamation, true threats, intentional infliction of emotional distress, technological sabotage, and bias-motivated abuse aimed to interfere with a victim’s employment opportunities. To the contrary, it helps preserve vibrant online dialogue and promote a culture of political, social, and economic equality.

As I’ve noted before, I think this piece breaks new ground in applying venerable laws to the online environment. In this cyber-symposium, we propose to discuss the following issues:

What can the law do to respond to these threats?

How we deter harassment while promoting legitimate speech?

How do we balance the privacy rights of speakers and those they speak about in the new communicative landscape created by sites like AutoAdmit, Juicy Campus, Facebook, and anonymous message boards?

A list of scholars invited to discuss these issues appears below:

Ann Bartow

David Fagundes

Michael Froomkin

Nathaniel Gleicher

James Grimmelmann

Orin Kerr

Nancy Kim

Susan Kuo

Daithí Mac Síthigh

Helen Norton

David Post

David Robinson

As co-organizers of the online symposium, Danielle, David Hoffman, Deven Desai and I welcome these guests and look forward to participating in the discussion. We have decided to default to “no comments” for this cyber-symposium. It was a tough decision, but ultimately we tended to feel that, for this topic in particular, the costs of editing and/or responding to abusive or off-topic comments would likely be higher than the benefits of our usual default to openness.

As recent controversies have shown, it’s easy for online mobs to inflict real injuries on their victims–and women bear a disproportionate share of the abuse. Citron argues that “acting against these attacks . . . helps preserve vibrant online dialogue and promote a culture of political, social, and economic equality.” We look forward to an animated and insightful discussion on how to balance liberty, equality, and privacy online.

The case is a criminal prosecution of a man who secretly recorded his girlfriend in the nude, in violation of Wisconsin Statute § 942.09(2)(am). I’ve posted the text of the full statute below. The statute provides that it is a felony to record another person in the nude without that person’s consent “in a circumstance in which [the person] has a reasonable expectation of privacy.” The defendant contended that his girlfriend didn’t have a reasonable expectation of privacy because (as the court characterizes his argument), “she knowingly and consensually exposed her [...]]]> An interesting case from the Wisconsin Court of Appeals embodies what I believe is a thoughtful and nuanced understanding of privacy. The case is Wisconsin v. Jahnke, 2007AP2130-CR (Dec. 30, 2008).

The case is a criminal prosecution of a man who secretly recorded his girlfriend in the nude, in violation of Wisconsin Statute § 942.09(2)(am). I’ve posted the text of the full statute below. The statute provides that it is a felony to record another person in the nude without that person’s consent “in a circumstance in which [the person] has a reasonable expectation of privacy.” The defendant contended that his girlfriend didn’t have a reasonable expectation of privacy because (as the court characterizes his argument), “she knowingly and consensually exposed her nude body to him while he was secretly videotaping her.” In other words, he argued that since she expected to be seen by him, she lost her expectation of privacy in her nude body.

The court wisely rejected the defendant’s construction of the statute:

Under this construction, Jahnke’s girlfriend’s privacy interest in not being recorded in the nude is left unprotected any time she permits anyone, under any circumstance, to view her nude. If she disrobes in a medical facility and permits medical personnel to view her, such personnel could record her without violating subsection 1 and, of course, later share that recording without violating subsections 2 or 3. It is one thing to be viewed in the nude by a person at some point in time, but quite another to be recorded in the nude so that a recording exists that can be saved or distributed and viewed at a later time.

The dissent raises some interesting arguments involving statutory construction and some prior caselaw. In particular, the dissenting judge points to an earlier decision defining the term “reasonable expectation of privacy” under the statute, holding that it “requires that the person who is depicted nude is in a circumstance in which he or she has an assumption that he or she is secluded from the presence or view of others, and that assumption is a reasonable one under all the circumstances.” State v. Nelson, 718 N.W.2d 168 (Wisc. App. 2006). The majority concluded that the Nelson definition was “incomplete” and that the “statute is plainly directed at reasonable expectations vis-à-vis not being recorded.”

The majority opinion wisely avoids a trap that many courts get into — understanding “privacy” narrowly as absolute secrecy or seclusion. Privacy involves a cluster of expectations involving the nature and extent to which their information is captured, used, and disseminated. It seems quite reasonable to assume that two lovers who see each other nude nevertheless expect privacy. They might be exposing their nude bodies to each other, but what they expect is that nobody else will see them. Since this is a criminal statute, it is important that courts avoid interpreting privacy too liberally, especially in areas where expectations of privacy are muddy. But it seems to me that under this circumstance–the nonconsensual recording of a person in the nude when she is exposing her body only to her boyfriend (rather than walking down a public street in the nude)–expectations are clear that the intended exposure is for the boyfriend’s eyes only.

The opinion is here.

WISCONSIN STAT. § 942.09(2)(am) provides:

Whoever does any of the following is guilty of a Class I felony:

1. Captures a representation that depicts nudity without the knowledge and consent of the person who is depicted nude while that person is nude in a circumstance in which he or she has a reasonable expectation of privacy, if the person knows or has reason to know that the person who is depicted nude does not know of and consent to the capture of the representation.

2. Makes a reproduction of a representation that the person knows or has reason to know was captured in violation of subd. 1. and that depicts the nudity depicted in the representation captured in violation of subd. 1., if the person depicted nude in the reproduction did not consent to the making of the reproduction.

3. Possesses, distributes, or exhibits a representation that was captured in violation of subd. 1. or a reproduction made in violation of subd. 2., if the person knows or has reason to know that the representation was captured in violation of subd. 1. or the reproduction was made in violation of subd. 2., and if the person who is depicted nude in the representation or reproduction did not consent to the possession, distribution, or exhibition.

Hat tip: How Appealing

Colin J. Bennett, The Privacy Advocates: Resisting the Spread of Surveillance (MIT Press 2008)

A very informative account of those who work in the privacy advocacy community.

Anupam Chander, Lauren Gelman, and Margaret Jane Radin (editors), Securing Privacy in the Internet Age (Stanford University Press 2008)

A great collection of essays, from a symposium at Stanford Law School. A bit dated — the symposium was held in 2003 — but still worth reading. I have a piece in the book discussing data security vulnerabilities and the law — originally penned back in 2003, so I can [...]]]> Here’s a list of notable books about information privacy published in 2008. Pick up a few to help stimulate the economy, save the publishing business, and learn more about privacy:

Colin J. Bennett, The Privacy Advocates: Resisting the Spread of Surveillance (MIT Press 2008)

A very informative account of those who work in the privacy advocacy community.

Anupam Chander, Lauren Gelman, and Margaret Jane Radin (editors), Securing Privacy in the Internet Age (Stanford University Press 2008)

A great collection of essays, from a symposium at Stanford Law School. A bit dated — the symposium was held in 2003 — but still worth reading. I have a piece in the book discussing data security vulnerabilities and the law — originally penned back in 2003, so I can say “told ya so!”

William Cuddihy, The Fourth Amendment: Origins and Original Meaning 602-1791 (Oxford University Press 2008)

The best and most comprehensive intellectual history of the Fourth Amendment ever written.

Cory Doctorow, Little Brother (Tor Teen 2008)

A contemporary version of Orwell’s 1984 — thought-provoking and engaging fiction, as usual from Doctorow.

Laura Donohue, The Cost of Counterterrorism: Power, Politics, and Liberty (Cambridge University Press 2008)

A detailed and compelling history of how 9/11 altered privacy and surveillance in the US and UK.

Sam Gosling, Snoop: What Your Stuff Says About You (Basic Books 2008)

A fascinating discussion of current psychological research about what the products we buy reveal about us.

Mohammad Hashim Kamali, The Right to Life, Security, Privacy and Ownership in Islam (Islamic Texts Society 2008)

A very interesting exploration of privacy in Islamic law.

Jon Mills, Privacy: The Lost Right (Oxford University Press 2008)

From my blurb on the book jacket: “Privacy: The Lost Right provides a clear, concise, and accessible synthesis of the field of information privacy.”

Lena Cowen Orlin, Locating Privacy in Tudor London (Oxford University Press 2008)

An historical account of privacy in everyday life during the sixteenth century in England.

John Palfrey, Born Digital: Understanding the First Generation (Basic Books 2008)

A deft and accessible account of how the generation growing up today will face increasing challenges to their privacy.

Bruce Schneier, Schneier on Security (Wiley 2008)

This book is a collection of Bruce Schneier’s essays. Schneier is always interesting and wise — and he’s always worth reading.

Wolfgang Sofsky, Privacy: A Manifesto (Princeton University Press 2008)

A. C. Grayling of The Times writes: “Its message, implied throughout, is that as one of the great values of civilisation and one of the essentials of personal and psychological integrity, privacy is worth fighting to regain.”

Daniel J. Solove, Understanding Privacy (Harvard University Press 2008)

D. S. Dunn, in Choice writes: “Legal scholars will want to read this book, but so will psychologists, communication specialists, public policy makers, philosophers, and anyone interested in where to draw the line between public and private life.”

Rob Walker, Buying In: The Secret Dialogue Between What We Buy and Who We Are (Random House 2008)

A compelling account of modern data mining and marketing practices.

Jonathan Zittrain, The Future of the Internet–And How to Stop It (Yale University Press 2008)

A fascinating examination of Web 2.0 and how new technologies can impede freedom and progress.

Afterwards, there was considerable media attention in the [...]]]> The Lori Drew trial is set to begin this week, and it is a travesty that this trial is even taking place. The basic facts of this case are that Drew was the mother of a teenage daughter and she created a fake MySpace profile for a fictional teen boy to befriend a classmate of her daughter’s. It remains unclear what the motivation was for creating this fake profile, but from what I’ve read, it was to learn about rumors about her daughter. This classmate, Megan Meier, befriended the fake MySpace persona. At some point, the fake persona broke up with Meier, saying he no longer wanted to be friends, and Meier committed suicide.

Afterwards, there was considerable media attention in the case, although this didn’t happen until about a year later. There was outrage at Drew, with many people calling for blood. But local prosecutors determined, correctly in my opinion, that although Drew’s conduct may have been immature, shortsighted, and mean, it wasn’t criminal.

Enter an ambitious federal prosecutor, eager for fame and national attention. He indicted Lori Drew for creating a fake MySpace profile, which he contends is a violation of the Computer Fraud and Abuse Act (CFAA). The CFAA § 1020(a)(2)(C) makes it a criminal misdemeanor to “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication.” The CFAA § 1030(c)(2)(B)(2) make it a felony if one “intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer” and “the offense was committed in furtherance of any . . . tortious act [in this case intentional infliction of emotional distress] in violation of the . . . laws . . . of any State.”

Basically, the theory of the prosecution’s case is that Lori Drew violated the CFAA because she violated the terms of service of Myspace which prohibited creating fake profiles, and she did so in furtherance of committing the tort of intentional infliction of emotional distress.

These CFAA provisions are, in my opinion, unconstitutionally vague. I believe they either must be struck down or saved with a narrowing interpretation. I personally would strike down these parts of the statute and have Congress start over. My argument is here, and I won’t repeat much of it, but the gist is that a vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. Because the CFAA would essentially criminalize many violations of website terms of service (if not nearly all), this allows the website operators to virtually write the criminal code.

So I hereby declare that on Concurring Opinions nobody may write a comment while wearing a hat. If you write a comment by wearing a hat, you’re violating our terms of service, and that’s a criminal violation under the CFAA! And if your comment is tortious (defamatory, invasive of privacy, etc.) then that’s a felony violation of the CFAA, and you could be put in prison for up to 5 years.

Of course, we all know that most of these violations wouldn’t be prosecuted. Prosecutors would use their discretion to go after only those cases that they found particularly bad. Like what happened in here with Drew. But this is precisely what the constitutional prohibition on vague laws is all about — it prevents arbitrary enforcement of laws by prosecutors because they’re dealing with an unpopular defendant or because they want to get some media attention.

If the government’s interpretation stands, it means that hundreds of thousands–perhaps millions–of Internet users are criminals. The absurdity of it all is mind-boggling.

What perplexes me about the case are the following questions:

1. Why is this case being prosecuted at all? The case is making a mockery out of the CFAA. I can think of no reason why this prosecution is going forward other than to be a way for the prosecutor to gain media attention and go after a person who is unpopular. Of course, I am only speculating as to the prosecutor’s motives, but I find this case so inappropriate that I can’t think of a legitimate motivation to bring it.

2. Why is this case going to trial? The judge, U.S. District Judge George Wu, apparently hasn’t made any rulings on dismissing the case. This is exactly the kind of prosecution that should be dismissed prior to prosecution. Why should a defendant have to stand trial, a very expensive and stressful experience, when as a matter of law, the statute either (a) shouldn’t apply to her conduct; or (b) is unconstitutionally vague?

3. In the most recent news, the judge has said he will allow evidence of Meier’s suicide, even though it isn’t relevant:

U.S. District Judge George Wu previously indicated he might bar any mention of suicide because it could be prejudicial, but he changed his mind after hearing lawyers’ arguments.

Wu said he was now convinced that many prospective jurors would be aware of the suicide from reading news reports or seeing a recent episode of the TV show “Law and Order” that involved a similar scenario.

He said he would instruct jurors, possibly at the outset of the trial, that the case was not about the suicide and that Drew is not charged with causing the suicide.

I have no idea if this AP report is correct about Judge Wu’s reasons for allowing the evidence of the suicide, but it strikes me as erroneous reasoning. The suicide has little to do with the violation of the CFAA. The alleged violation can be proven without introducing evidence of the suicide. The suicide is so prejudicial, likely to inflame the jurors’ passions and get them to hate Lori Drew for what happened rather than to focus on the alleged violation of law. It should be excluded from evidence, as this evidence is considerably more prejudicial than probative. The fact that pretrial publicity might mean that some jurors know about it is no excuse for sidestepping the rules of evidence. In many high profile cases that were much more widely publicized than this one, plenty of evidence was excluded that was more prejudicial than probative.

This case is basically a witch hunt. It is exactly what the Constitution mandates should not happen in criminal law. The law shouldn’t be vague. It shouldn’t be a tool that prosecutors can use whenever they don’t like a particular person. Judge Wu should dismiss this case immediately, either striking down these provisions of the CFAA or issuing a limiting construction. This case should not be going to trial.

Disclosure: My colleague, Orin Kerr, is one of the defense attorneys for Lori Drew. My opinions here are my own.

UPDATE: Scott Greenfield at Simple Justice has this critique of Judge Wu’s evidentiary ruling.

In the summer of 1962, FBI Director J. Edgar Hoover was scanning his morning Washington Post when an item on Page A15 caught his eye. Norman Mailer’s most recent article in Esquire magazine had mocked Jacqueline Kennedy for, among other things, being excessively soft-spoken for a first lady.

Hoover scribbled a note: “Let me have memo on Norman Mailer.”

Over the next 15 years, FBI agents closely tracked the grand and mundane aspects of the acclaimed novelist’s life, according to previously confidential government files. Agents questioned his friends, scoured his passport file, thumbed through his best-selling books and circulated his photo among informants. They kept records on his appearances at writers conferences, talk [...]]]> The Washington Post has an interesting article about the FBI’s surveillance of author Norman Mailer:

In the summer of 1962, FBI Director J. Edgar Hoover was scanning his morning Washington Post when an item on Page A15 caught his eye. Norman Mailer’s most recent article in Esquire magazine had mocked Jacqueline Kennedy for, among other things, being excessively soft-spoken for a first lady.

Hoover scribbled a note: “Let me have memo on Norman Mailer.”

Over the next 15 years, FBI agents closely tracked the grand and mundane aspects of the acclaimed novelist’s life, according to previously confidential government files. Agents questioned his friends, scoured his passport file, thumbed through his best-selling books and circulated his photo among informants. They kept records on his appearances at writers conferences, talk shows and peace rallies. They noted the volume of envelopes in his mailbox and jotted down who received his Christmas cards. They posed as his friend, chatted with his father and more than once knocked on his door disguised as deliverymen.

The Mailer file wasn’t publicly known until very recently. According to the Washington Post article:

The bureau’s first confidential memo on Mailer, dated June 29, 1962, noted that the writer “admitted being a ‘Leftist’” and said that he had described the FBI as a “secret police organization” that should be abolished. An informant claimed that Mailer had been invited to a 1953 reception at the Polish Consulate in New York, though it was unknown whether he had attended. The memo quoted Louis Budenz, a former managing editor of the Daily Worker who broke with the Communist Party in 1945, as saying Mailer was a “concealed Communist.”

Apparently, if you want to avoid having an FBI file, don’t mock the First Lady and don’t criticize the FBI.

Despite pledges by President George W. Bush and American intelligence officials to the contrary, hundreds of US citizens overseas have been eavesdropped on as they called friends and family back home, according to two former military intercept operators who worked at the giant National Security Agency (NSA) center in Fort Gordon, Georgia.

According to one of the intercept operators, “US military officers, American journalists and American aid workers were routinely intercepted and “collected on” as they called their offices or homes in the United States.” Another intercept operator independently confirmed what the first one had reported.

Not only did they listen in on private conversations, with no connection to terrorism, but they also [...]]]> ABC News reports about a new scandal arising out of the NSA Surveillance Program:

Despite pledges by President George W. Bush and American intelligence officials to the contrary, hundreds of US citizens overseas have been eavesdropped on as they called friends and family back home, according to two former military intercept operators who worked at the giant National Security Agency (NSA) center in Fort Gordon, Georgia.

According to one of the intercept operators, “US military officers, American journalists and American aid workers were routinely intercepted and “collected on” as they called their offices or homes in the United States.” Another intercept operator independently confirmed what the first one had reported.

Not only did they listen in on private conversations, with no connection to terrorism, but they also shared calls that they deemed interesting or funny:

Faulk says he and others in his section of the NSA facility at Fort Gordon routinely shared salacious or tantalizing phone calls that had been intercepted, alerting office mates to certain time codes of “cuts” that were available on each operator’s computer.

“Hey, check this out,” Faulk says he would be told, “there’s good phone sex or there’s some pillow talk, pull up this call, it’s really funny, go check it out. It would be some colonel making pillow talk and we would say, ‘Wow, this was crazy’,” Faulk told ABC News.

Faulk said he joined in to listen, and talk about it during breaks in Back Hall’s “smoke pit,” but ended up feeling badly about his actions. . . .

In testimony before Congress, then-NSA director Gen. Michael Hayden, now director of the CIA, said private conversations of Americans are not intercepted.

“It’s not for the heck of it. We are narrowly focused and drilled on protecting the nation against al Qaeda and those organizations who are affiliated with it,” Gen. Hayden testified.

More from the ABC story here.

I’m not surprised by this story. It is a common problem with government surveillance to reach beyond its limits, and for surveillance officials to disseminate information they find humorous or entertaining. For example, it has happened with CCTV in the UK. Hopefully, next year’s Congress will do a thorough investigation.