decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
An Amicus Brief: Issues in the Cyberbullying Case That Affect You - Updated 3Xs
Friday, November 28 2008 @ 05:50 AM EST

I was trying to figure out how to explain to you all that is involved in the case of the U.S. v. Lori Drew, the cyberbullying case that so many lawyers are expressing concerns about. I felt I needed a lawyer to explain it, but where would I find one who felt like doing some unpaid work, and over the Thanksgiving holiday to boot?

Then I had a brainstorm. I could show you the amicus brief [PDF] submitted in the case by the Electronic Frontier Foundation, the Center for Democracy and Technology, and Public Citizen, which was also signed by "14 individual faculty members listed in Appendix A who research, teach and write scholarly articles and books about internet law, cybercrime, criminal law and related topics at law schools nationwide". Appendix A is at the very end. If you look at the list, you'll see that it's some of the finest and most knowledgeable lawyers and law professors specializing in cyberlaw. The brief was written by Jennifer Granick of EFF and Philip R. Malone of Harvard Law School's Berkman Center for Internet and Society's Cyberlaw Clinic.

I think when you read it, it will turn your hair white. It did me. In fact, I don't think it's overstating it a bit to say that unless this case is overturned, it is time to get off the Internet completely, because it will have become too risky to use a computer. At a minimum, I'd feel I'd need to avoid signing up for membership at any website, particularly MySpace. Why particularly MySpace? The Times Online has their statement:

MySpace, which is a division of News Corporation, owner of The Times, said in a statement that it “respects the jury's decision and will continue to work with industry experts to raise awareness of cyber-bullying and the harm it can potentially cause.”
If it respects this decision, I don't feel safe there. I didn't even want to visit its web site to try to find its terms of use. But according to this article, MySpace gets to be the one that decides if we've violated their terms:
MySpace users agree that the social networking site has the final say on deciding whether content posted by users violates a long list of regulations contained in the agreement.
There is no recourse. They make the law and if you mess up, you go to jail. You used a computer, after all, didn't you, and their server isn't yours, and if they say you have violated their terms, you have. I'd also never upload anything to YouTube, and I wouldn't use anyone's blogging software. I'd definitely stay out of the Cloud, because I don't own those computers either, leaving me open to Computer Fraud & Abuse Act allegations, which is what Drew was charged with. In short, it'd be time for me to just pack up and leave, if this verdict stands. If you think EULAs were bad, imagine after this ruling if they can be tied to the CFAA. Do you think it'll be long before folks are tossed in jail for defining fair use in ways a copyright owner doesn't like? Would Microsoft hesitate to criminalize its EULA terms? You think? You trust?

The case is not yet done, in that there is a motion that the judge took under advisement and said he will rule on this coming Monday. And there are other developments, as reported by St. Louis Today:
Drew lawyer H. Dean Steward has filed a motion to dismiss the case, arguing repeatedly that prosecutors in Los Angeles over-reached and that Drew could only be prosecuted if she both read MySpace's terms and knowingly and intentionally violated them. Wu has appeared to lean towards granting that motion in court, although he has declined prior chances to do so. Steward has also filed a motion for a new trial, which could lead to a federal appeals court tossing out the case.
Wu is the judge, the Honorable George H. Wu. There are some serious issues, legal issues, raised by the case, in other words. The legal issues are not about who is or isn't morally awful; the legislative branch can always write new laws to address a new issue that they realize someone needs to write a law for. The legal issues raised are what happens to everyone who uses a computer if the Computer Fraud & Abuse Act is applied to actions that were not contemplated as covered by the legislators when they drafted the act. Here's the analysis by the US Departmenet of Justice of the CFAA, dated long before this case. More reactions:
"The statute was never intended to cover this kind of conduct," says Michael Scott, professor of law at Southwestern School of Law, Los Angeles. "Lori Drew did not do the key acts that the prosecution alleged, but rather a third party did, so it seems strange that the person who pulled the trigger is not prosecuted but the one standing next to her is."

Or at least criminalize it before you prosecute anyone. Andrew Grossman goes to the heart of the matter, in the Christian Science Monitor:

"What happened to Megan Meier was a tragedy, not a crime," says Andrew Grossman, senior legal policy analyst in the Center for Legal and Judicial Studies at the Heritage Foundation in Washington. "This case should never have been brought. The strongest evidence for the prosecution had nothing or little to do with the charges. This verdict is a loss for civil liberties and leaves all Internet users at risk of prosecution under federal law. It is a prime example of overcriminalization."
[Grossman explains what he means by overcrimilaization in detail in this article.] And that's why it'd be time to get off the Internet and go back to a typewriter. Really. You read a great deal about judges and how they shouldn't be allowed to be activists and use their positions to create law. But the amicus brief raises a serious question: what about prosecutors? Is society in safe hands if prosecutors get to broadly interpret a law retroactively in creative and aggressive ways to make it apply to activities that have nothing to do with what the law was written to address? How about web sites? If violating a web site's terms of use is criminalized by the CFAA, have we not given private companies the ability to write the criminal laws? Do you feel safe if they are allowed to arbitrarily decide what is or isn't criminal? And then change it whenever they feel like it, without notice to you? Here's a question for you, from AlmostLegally:
At my office, the company I work for says “don’t send personal email from your work computer.” But if I do, is that a federal crime?

For example, Groklaw has terms of use. I ask you not to post comments about politics and not to troll or spam or personally attack anyone. If you violate those terms, should I apply the CFAA to you and send you to jail? One year for each misdemeanor and a $100,000 fine, because you violate something I made up to suit myself? On what basis should I be given such power? Have we lost our minds? I surely don't want any such powers.

Note that's one of the concerned comments in the New York Times article I linked to at the very beginning, a comment by Andrew M. Grossman, senior legal policy analyst for the Heritage Foundation, again:

"If this verdict stands, it means that every site on the Internet gets to define the criminal law," Grossman told The Times. "That's a radical change. What used to be small-stakes contracts become high-stakes criminal prohibitions."

Did you ever think you could be criminally prosecuted for not abiding by a web site's terms of use? Neither did I. And that raises another question. Do I now have a responsibility to police you and make sure you are abiding by my 'laws'? Does anybody know? And there's another point that the brief raises: can you retroactively define something as criminal and put people in jail for conduct they had no notice was criminal conduct before they did it?

The law is not supposed to surprise or ambush you. The law draws a line in the sand, as drawn by the legislators, who draw it where they think they need to to accomplish something very specific. They don't write laws that say, "Don't do bad stuff." If they did, it'd be likely found unconstitutional, on the grounds of vagueness, because who knows what "bad stuff" is if it isn't defined?

Did you know that YouTube's Terms of Use say not to do "bad stuff"? I didn't either, never having read it, because like the majority of you, I rarely read terms of use. But the brief tells us that it says that. If we apply the CFAA to that web site's terms of use, is it now a crime to do "bad stuff"? Actually, yes, if you use a computer to do it, whatever it is that someone someday might conceivably define as "bad stuff". Who gets to define "bad stuff"? Google? Some prosecutor somewhere you don't even live? A blogger mob? An enemy who can't sleep without inventing new and mean ways to ruin your life? Does the CFAA not empower such conduct?

Do you actually want a world like that? In some ways, it's worse than lawlessness, worse than the old Wild West. Why worse? Because in the West in the old days, might made "right". That's clear enough, and you knew where you stood. Practice shooting, or move East where there were laws. But if the law is vague or retroactively redefined just to get you, because someone in power decides you deserve it, you have laws but you can't rely upon them, because they are not necessarily fairly applied or reliably defined, so you are in constant danger of having a law used just to get you personally, because someone doesn't like the way you part your hair.

Like that never happens in real life.

The entire point of the rule of law is that it's dependable and predictable and it applies equally to everyone. You don't wake up to a knock on your door, and find the police have defined you mysteriously as a criminal without warning. I'm not talking about this case's specifics now. Everyone agrees that bullying is not a good thing, and I sympathize with prosecutors. I've known some, and I liked them all. They are men and women, in my experience, who care deeply about the victims of crime, and that's a beautiful quality. But the rule of law is beautiful too, but only if it's dependable, fair, and applied without favoritism. Not to mention Constitutional. Anonymous speech is protected under the US Constitution, as the brief points out. PCWorld quotes some more lawyers:

If the charges against Drew are upheld, it will be a serious blow to anyone who wants to remain anonymous on the Internet, said Brock Meeks, a CDT spokesman. "Everybody that is sympathetic to this case and saying finally we've got something to nail her on here, they're not looking hard enough at the fact that the Justice Department blundered by using this anti-hacker law," he said.

The charges suggest that anyone who uses a fake name to sign up for a Web service like Yahoo or Gmail could be charged with a federal crime, Meeks said. "If that's a federal crime, then I'm certainly guilty of a federal crime and there are probably a million other people out there who are probably also guilty."

Is it not Kafkaesque if you can be dragged into court on a whim in any location in the world, if the computer you are alleged to have misused is located there, even if it's half a country or even a world away from where you reside and they can put you in jail for a crime that wasn't defined as a crime at the time of your conduct in question? It'd be one thing if you were given a notice that this was the new interpretation; but if you just wake up to find out you are a retroactive criminal, you might as well be in a Kafka novel, because there is absolutely no way to ever know what the definition of criminal conduct will be tomorrow or when it can retroactively be applied to you. Drew, according to reports of the testimony at trial, never read the terms of use. Yes, but she should have known, said the prosecutor. She must have. How do you know? Should the law guess? We can be put in prison because although there is no proof we knew something, we might have or could have or must have?

If you think I am overstating what the brief is saying, feel free to say so, but do read it. At least then, you'll know what the uproar is all about. I know from some of your comments that you think the verdict was all about Lori Drew. I don't think so. I think it's about us.

Update: I remembered reading a detail about the case in one of the first articles about it, if not the first, namely that Megan was underage when she opened her MySpace account, and that her mother allowed her to do so, despite it being a violation of the web site's Terms of Use, and I found it now, from the St. Charles Journal:

MySpace has rules. A lot of them. There are nine pages of terms and conditions. The long list of prohibited content includes sexual material. And users must be at least 14.

"Are you joking?" Tina asks. "There are fifth-grade girls who have MySpace accounts."

As for sexual content, Tina says, most parents have no clue how much there is. And Megan wasn't 14 when she opened her account. To join, you are asked your age but there is no check. The accounts are free.

As Megan's 14th birthday approached, she pleaded for her mom to give her another chance on MySpace, and Tina relented.

She told Megan she would be all over this account, monitoring it. Megan didn't always make good choices because of her ADD, Tina says. And this time, Megan's page would be set to private and only Mom and Dad would have the password.

If only the parents would have the password, it means to me that they were the ones who set it up. And at the time of the suicide, Megan was still not yet 14, the age limit MySpace sets for opening an account. "This time" is referring to an earlier account that the parents had shut down, so they apparently allowed her to have an account even earlier, or she just opened it herself. Either way, it was a violation of the web site's terms of use:
Tina Meier was wary of the cyber-world of MySpace and its 70 million users. People are not always who they say they are.

Tina knew firsthand. Megan and the girl down the block, the former friend, once had created a fake MySpace account, using the photo of a good-looking girl as a way to talk to boys online, Tina says. When Tina found out, she ended Megan's access.

So the girl herself set up a fake account as well as violating the terms of use by opening an account when she was underage. Excuse me for pointing this out, but shouldn't this mother also be prosecuted for violating MySpace's Terms of Use, now found a violation of a criminal statute, the Computer Fraud & Abuse Act? Before you answer, remember that Drew was found not guilty of intent to cause harm. If not, I'd like to hear your arguments. That same article, by the way, tells us about an incident that makes me wonder just what exactly caused the suicide:
Monday, Oct. 16, 2006, was a rainy, bleak day. At school, Megan had handed out invitations to her upcoming birthday party and when she got home she asked her mother to log on to MySpace to see if Josh had responded.

Why did he suddenly think she was mean? Who had he been talking to?

Tina signed on. But she was in a hurry. She had to take her younger daughter, Allison, to the orthodontist.

Before Tina could get out the door it was clear Megan was upset. Josh still was sending troubling messages. And he apparently had shared some of Megan's messages with others.

Tina recalled telling Megan to sign off.

"I will Mom," Megan said. "Let me finish up."

Tina was pressed for time. She had to go. But once at the orthodontist's office she called Megan: Did you sign off?

"No, Mom. They are all being so mean to me."

"You are not listening to me, Megan! Sign off, now!"

Fifteen minutes later, Megan called her mother. By now Megan was in tears.

"They are posting bulletins about me." A bulletin is like a survey. "Megan Meier is a slut. Megan Meier is fat."

Megan was sobbing hysterically. Tina was furious that she had not signed off.

Once Tina returned home she rushed into the basement where the computer was. Tina was shocked at the vulgar language her daughter was firing back at people.

"I am so aggravated at you for doing this!" she told Megan.

Megan ran from the computer and left, but not without first telling Tina, "You're supposed to be my mom! You're supposed to be on my side!"

Am I the only parent who notices that this child was left alone on the Internet, with admonitions to stop but delayed enforcement? And can you *prove* in a court of law that it was not the mother's failure to support her, as the child apparently viewed it, that actually caused the death? This child had tried to kill herself before, the article points out, an attempt that had nothing to do with the cyberbullying. No doubt that's why the local authorities didn't prosecute, since they said there was no way to actually say what exactly caused the suicide:
"We did not have a charge to fit it," McGuire says. "I don't know that anybody can sit down and say, 'This is why this young girl took her life.'"
Incidentally, Megan's mother was quoted in that article saying this:
"I don't feel their intentions were for her to kill herself. But that's how it ended."
That is what the jury found, actually, that Drew had no intention of causing a suicide. She didn't set up the account, according to testimony at trial, or send the messages. But if the mother recognized that there was no intention to cause the suicide, why did she not tell the court that and prevent the prosecutor from going after Drew for intent to cause the suicide?

Update 2: Orin Kerr, one of Drew's attorneys, has posted his summary of what happened and what happens next:

The jury agreed that it is a federal crime to intentionally violate the Terms of Service on a website, and that Drew directly or indirectly did so, but it acquitted Drew of having violated Terms of Service in furtherance of the tortious act. That is, the jury ruled that Drew is guilty of relatively lower-level crimes for violating MySpacs Terms of Service (for being involved in the setting up of a fake MySpace account). It acquitted Drew for any role in inflicting distress on Meier or for anything related to Meier's suicide. The maximum allowed penalty for the misdemeanor violations are one year in prison for each violation, although the majority of federal misdemeanors result in a sentence of probation.

The next step in the case is that the trial judge will rule on whether there was enough evidence for the jury to find that Drew violated the Terms of Service intentionally, or whether the TOS violation was only negligent or reckless or knowing. If the judge agrees that there was enough evidence for the jury to find that Drew violated the Terms of Service intentionally, the case will go on to sentencing for the crime of having violated MySpace's Terms of Service.

After sentencing, if that happens, the sentence will be followed by an appeal before the Ninth Circuit on the legal question of whether it is in fact a federal crime to violate the Terms of Service of a website. For those not following my coverage of the case, I am one of Drew's attorneys, and yes, if there is an appeal, I will be very heavily involved in it.

The local prosecutor in Missouri investigated the matter, by the way, and then explained why they didn't prosecute:
In December 3rd, after his review of the case, Jack Banas announced that no charges would be brought. In Banas’s reckoning, the Drews are conclusively guilty of little except egregious judgment that set off a chain of horrible events, and deep insensitivity in their aftermath. He invoked the Duke lacrosse case as a cautionary example of due process succumbing to the passions of a community inflamed. “Are you going to hug this lady, say she did something great?” he told me. “No. She made a huge, fatal mistake by trusting these kids. But there are undisputed facts and disputed facts, and even if you believe all of them they still don’t give you a criminal fact pattern in the state of Missouri.”

The Meiers do not hold Ashley Grills responsible, nor do they blame Michele Mulford’s daughter, who sent the message that kicked off the online melee on October 15th. “If you don’t think that child wishes she could go back and change that . . . ” Tina said. “It could easily have been Megan doing that.”

Update 3: You might find it helpful to read the indictment [PDF] and the memorandum, points of law and authorities. The charges she was found guilty of were accessing MySpace without authorization, due to violating the terms of use.

For example, here's Count 4, on page 10 of the indictment: "Count 4, 10/16/06: Unauthorized Access: In violation of MySpace TOS, accessed MySpace servers to obtain information regarding M.T.M."

She did that on three occasions, according to the indictment, accounting for charges 2-4, so that's three years in prison and $300,000 in fines, potentially. Here's why the prosecutor thought she could be charged, despite her never reading the terms of use, since she didn't open the account and testified she never saw the terms, from page 4:

A copy of the applicable MySpace TOS was readily available to prospective members, members, and users of the website, who could click on a link titled "Terms of Service" or "Terms" to be directed to a web page where prospective members, members, and users of the website could review those rules.
Also, I found the motion for acquittal [PDF] and the prosecutor's opposition [PDF].

Final Update, Sept. 1, 2009: The judge's ruling -- acquittal [PDF]. Some analysis by Eric Goldman.

*****************************

JENNIFER STISA GRANICK (California Bar No. 168423 )
[email]
ELECTRONIC FRONTIER FOUNDATION
[address, phone, fax)

PHILLIP R. MALONE (California Bar No. 163969)
[email]
CYBERLAW CLINIC
BERKMAN CENTER FOR INTERNET AND SOCIETY
HARVARD LAW SCHOOL
[address, phone)

Amici Curiae

UNITED STATES DISTRICT COURT
FOR THE CENTRAL DISTRICT OF CALIFORNIA

_____________________

UNITED STATES,

Plaintiff,

v.

LORI DREW

Defendant.

_____________________

Case No. CR-08-0582-GW

BRIEF OF AMICI CURIAE ELECTRONIC FRONTIER
FOUNDATION, ET AL., IN
SUPPORT OF DEFENDANT'S
MOTION TO DISMISS
INDICTMENT FOR FAILURE TO
STATE AN OFFENSE AND FOR
VAGUENESS

Date: September 4, 2008
Time:. 8:30 AM

Honorable Judge George H. Wu

_____________________

TABLE OF CONTENTS

TABLE OF CONTENTS .............................................................................................................I

TABLE OF AUTHORITIES .....................................................................................................III

STATEMENT OF INTEREST OF AMICI CURIAE ................................................................. 1

FACTS AND SUMMARY OF THE ARGUMENT.................................................................... 3

I. THIS COURT SHOULD DISMISS THE COMPUTER FRAUD AND ABUSE ACT CHARGES AGAINST DEFENDANT DREW BECAUSE HER ALLEGED VIOLATION OF THE MYSPACE TERMS OF USE DOES NOT CONSTITUTE "UNAUTHORIZED ACCESS" OR "EXCEEDING AUTHORIZED ACCESS" UNDER THE STATUTE ............6

A. BY ITS PLAIN TERMS, THE COMPUTER FRAUD AND ABUSE ACT PROHIBITS TRESPASS AND THEFT, NOT MERE CONTRACTUAL VIOLATIONS OF TERMS OF USE ...........................................................................................................................................6

B. THE LEGISLATIVE HISTORY SUPPORTS THE VIEW THAT THE CFAA PROHIBITS TRESPASS AND THEFT, NOT IMPROPER MOTIVE OR USE. .......................8

C. COURTS ARE JUSTIFIABLY WARY EVEN OF CIVIL ENFORCEMENT OF WEBSITE TERMS OF SERVICE ...........................................................................................10

D. IMPOSING CRIMINAL LIABILITY FOR IGNORING OR VIOLATING TERMS OF SERVICE WOULD BE AN UNPRECEDENTED, EXTRAORDINARY AND DANGEROUS EXTENSION OF FEDERAL CRIMINAL LAW.....................................................................12

E. THE BETTER VIEW, SUPPORTED BY MORE RECENT CASES, REJECTS CFAA LIABILITY FOR AUTHORIZED USERS ACTING OUTSIDE THE TERMS AND CONDITIONS OF THAT AUTHORIZATION .......................................................................14

1. MORE RECENT, BETTER-REASONED CASES ADOPT A NARROWER VIEW OF "EXCEEDING AUTHORIZED ACCESS"...........................................................................14

2. OLDER CASES WRONGLY ADOPTED A BROADER VIEW OF "EXCEEDING AUTHORIZED ACCESS" ....................................................................................................17

F. THE RULE OF LENITY REQUIRES THE NARROWER INTERPRETATION OF THE CFAA'S "ACCESS" LANGUAGE .........................................................................................20

G. THE GOVERNMENT'S PREVIOUS ATTEMPT IN THIS DISTRICT TO EXPAND CIVIL CASES INTERPRETING THE CFAA INTO THE CRIMINAL CONTEXT LED TO THE WRONGFUL CONVICTION AND INCARCERATION OF AN INDIVIDUAL FOR CONSTITUTIONALLY PROTECTED ACTIVITIES.............................................................21

II. APPLYING THE CFAA TO DEFENDANT'S CONDUCT IN THIS CASE WOULD CONSTITUTE A SERIOUS ENCROACHMENT ON FUNDAMENTAL CIVIL LIBERTIES, INCLUDING FREEDOM OF SPEECH ............................................................ 23
A. THE FIRST AMENDMENT ASSURES THE RIGHT TO SPEAK ANONYMOUSLY ONLINE ..................................................................................................................................23

i

B. CONSTITUTIONAL AVOIDANCE DICTATES A NARROW READING OF "ACCESS" UNDER THE CFAA ...............................................................................................................26
III. APPLICATION OF THE CFAA WHEN A USER IGNORES OR VIOLATES WEBSITE TERMS OF SERVICE WOULD VIOLATE DUE PROCESS AND RENDER THE STATUTE VOID FOR VAGUENESS AND LACK OF FAIR NOTICE.......................26
A. WEB SITE TERMS OF SERVICE ARE ROUTINELY IGNORED OR NOT FULLY READ OR UNDERSTOOD.....................................................................................................28

B. WEB SITE TERMS ARE FREQUENTLY AND ARBITRARILY CHANGED BY SITE OWNERS WITH LITTLE OR NO LIKELIHOOD OF ACTUAL NOTICE TO USERS .........31

C. WEB SITE TERMS MAY THEMSELVES BE ARBITRARY, VAGUE, OR FRIVOLOUS AND ARE CREATED BY PRIVATE SITE OWNERS FOR A MYRIAD OF BUSINESS OR PERSONAL REASONS HAVING NOTHING TO DO WITH REGULATING "ACCESS" FOR CFAA PURPOSES..........................................................................................................33

D. BASING CRIMINAL LIABILITY ON PRIVATE CONTRACT TERMS INEVITABLY WILL LEAD TO ARBITRARY AND DISCRIMINATORY ENFORCEMENT .....................34

ii

TABLE OF AUTHORITIES

CASES

ACLU of Ga. v. Miller, 977 F. Supp. 1228 (N.D. Ga. 1997) .................................... 24

ACLU v. Johnson, 4 F. Supp. 2d 1029 (D.N.M. 1998) ............................................ 24

America Online Inc. v. LCGM, Inc., 46 F. Supp. 2d 444 (E.D. Va. 1998) ............... 19

ApolloMEDIA Corp. v. Reno, 526 U.S. 1061 (1999) ............................................... 24

Ashcroft v. Free Speech Coal., 535 U.S. 234 (2002) ............................................... 25

Brett Senior & Associates, P.C. v. Fitzgerald, 2007 WL 2043377 (E.D. Pa. July 13, 2007) ........................................ 8, 14, 16

Canada Dry Corp. v. Nehi Beverage Co., 723 F.2d 512 (7th Cir. 1983).................. 25

Christensen v. C.I.R., 523 F.3d 957 (9th Cir. 2008)................................................... 7

City of Chicago v. Morales, 527 U.S. 41 (1999)................................................ 27, 33

Coates v. City of Cincinnati, 402 U.S. 611, (1971).................................................. 34

Columbia Ins. Co. v. Seescandy.com, 185 F.R.D. 573 (N.D. Cal. 1999).................. 24

Crowell v. Benson, 285 U.S. 22 (1932) ...................................................... 26

D. H. Overmyer Co. v. Frick Co., 405 U.S. 174 (1972) ........................................... 25

Diamond Power Int'l, Inc. v. Davidson, 540 F. Supp. 2d 1322 (N.D. Ga. 2007) 14, 15

Doe v. TheMart.com Inc., 140 F. Supp. 2d 1088 (W.D. Wash. 2001).................... 24

Doe v. Cahill, 884 A.2d 451 (Del. 2005)............................................. 25

Douglas v. U.S. Dist. Court for Cent. Dist. Calif., 495 F.3d 1062 (9th Cir. 2007) ... 32

Educ'al Testing Service v. Stanley H. Kaplan, Educ'al Center., Ltd., 965 F. Supp. 731 (D. Md. 1997) .............................. 17

EF Cultural Travel BV v. Explorica Inc., 274 F.3d 577 (1st Cir. 2001)................... 19

EF Cultural Travel BV v. Zefer Corp. , 318 F.3d 58 (1st Cir. 2003).......................... 19

Foti v. City of Menlo Park, 146 F.3d 629 (9th Cir. 1998) ........................................ 28

Gibson v. Fla. Legislative Investigative Comm., 372 U.S. 539 (1963)..................... 24

Global Telemedia Int'l v. Does, 132 F. Supp. 2d 1261 (C.D. Cal. 2001) ................. 24

Grayned v. Rockford, 408 U.S. 104 (1972).................................................... 27

iii

Humanitarian Law Project v. Mukasey, 509 F.3d 1122 (9th Cir. 2007)................... 28

Int'l Ass'n of Machinists and Aerospace Workers v. Werner-Masuda, 390 F. Supp. 2d 479 (D.Md 2005) ....................... passim

Int'l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418 (7th Cir. 2006) ............................ 18

Lanzetta v. New Jersey, 306 U.S. 451 (1939) .......................................................... 27

Leocal v. Ashcroft, 543 U.S. 1 (2004).......................................................... 20

Lockheed Martin Corp. v. Speed, 2006 WL 2683058 (M.D. Fla. Aug. 1, 2006) . ....8, 14, 15

McIntyre v. Ohio Elections Comm'n, 514 U.S. 334 (1995)...................................... 24

McNally v. United States, 483 U.S. 350 (1987) ....................................................... 20

Nunez v. City of San Diego, 114 F.3d 935 (9th Cir. 1997) ....................................... 27

Ohio Bell Tel. Co. v. Public Utilities Comm'n, 301 U.S. 292 (1937) ....................... 25

Pasquantino v. United States, 544 U.S. 349 (2005) ................................................. 20

Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y. 2000) .................. 19

Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004)................................. 19

Reno v. ACLU, 521 U.S. 844 (1997) ......................................................... 24

Shamrock Foods v. Gast, 535 F. Supp. 2d 962 (D. Ariz. 2008) ................8, 16, 20, 21

Shurgard Storage Ctrs, Inc. v. Safeguard Self Storage, Inc., 119 F. Supp. 2d 1121 (W.D. Wash. 2000)..................................... 17, 18

Snepp v. United States, 444 U.S. 507 (1980) ....................................................... 25

Southwest Airlines Co. v. FareChase Inc., 318 F. Supp. 2d 435 (N.D.Tex. 2004) ... 19

Talley v. California, 362 U.S. 60 (1960)............................. 24

Ting v. AT & T, 182 F. Supp. 2d 902 (N.D. Cal. 2002)............................................ 30

United States v. Batchelder, 442 U.S. 114 (1979).................................................... 27

United States v. Czubinski, 106 F.3d 1069 (1st Cir. 1997)......................................... 5

United States v. Drew, No. 08-00582 (C.D. Cal. May 15, 2008) ............................... 3

United States v. Harriss, 347 U.S. 612 (1954)................................................ 27

United States v. LaMacchia, 871 F. Supp. 535 (D. Mass. 1994).......................... 5, 21

United States v. McDanel, Ninth Circuit Case No. 03-50135, Central District of 28 California Case No. CR-01-638-LGB ..................................................... 5, 22

iv

United States v. Miranda-Lopez, 2008 WL 2762392 (9th Cir. July 17, 2008) ......... 21

United States v. Riggs, 739 F. Supp. 414 (N.D. Ill. 1990).......................................... 9

United States v. Sutcliffe, 505 F.3d 944 (9th Cir. 2007)........................................... 27

United States v. Thompson/Center Arms Co., 504 U.S. 505 (1992) ......................... 20

United States v. Winstar Corp. , 518 U.S. 839 (1996) .............................................. 25

United States v. Wunsch , 84 F.3d 1110 (9th Cir. 1996) ........................................... 28

ViChip Corp. v. Lee , 438 F. Supp. 2d 1087 (N.D. Cal. 2006) .................................. 18

Zadvydas v. Davis , 533 U.S. 678 (2001) ........................................................... 26, 28

STATUTES

18 U.S.C. § 1030(a)(2)(C).................................................... 3, 17, 18

18 U.S.C. § 1030(e)(6) .................................................................... 7

18 U.S.C. § 2701(a)................................................................ 17

18 U.S.C. § 1030(a)(5)(A).......................................................... 21

18 U.S.C. § 1343................................................................... 5

47 U.S.C. § 223(A)(1)(C)......................................................... 3

Pub.L. No. 98-473, ß 2102(a), 98 Stat. (1984)........................................................... 8

OTHER AUTHORITIES

Alan M. White & Cathy Lesser Mansfield, Literacy and Contract, 13 Stan. L. & Pol'y Rev. 233, (2002)..................................... 11, 31

Andrew Robertson, The Limits of Voluntariness in Contract, 29 Melbourne L. Rev. 21 179, (April 2005) ..................................................................... 30

Antony Savvas, Social Network Users Hide Identities, Computer Weekly, Sept. 25, 2007............................................................. 23

Jeff Gelles, Internet Privacy Issues Extend to Adware, Newark Star-Ledger, July 31, 2005................................................................. 30

Mark A. Lemley, Terms of Use, 91 Minn. L. Rev. 459, (2006) ................... 11, 20, 31

Melvin Aron Eisenberg, The Limits of Cognition and the Limits of Contract, 47 Stan. L. Rev. 211, (1995)......................................................... 30, 31

v

Michael I. Meyerson, The Reunification of Contract Law: The Objective Theory of Consumer Form Contracts, 47 U. Miami L. Rev. 1263, 1269 & nn.28-29 (1993)............................................................ 30, 31

Nathaniel Good et al., Commentary, User Choices and Regret: Understanding Users' Decision Process About Consensually Acquired Spyware, 2 I/S: J.L. & Pol'y for Info. Soc'y 283, (2006) ........................ 29

Orin S. Kerr, Cybercrime's Scope: Interpreting "Access" and "Authorization" in Computer Misuse Statutes, 78 N.Y.U. L. Rev. 1596 (2003)................................. 12

Oxford English Dictionary, Oxford University Press ................................................ 9

Pew Internet & American Life Project, Teens, Privacy and Online Social Networks: How teens manage their online identities and personal information in the age of MySpace, April 18, 2007, at 23-24, at http://www.pewinternet.org/pdfs/PIP_Teens_Privacy_SNS_Report_Final.pdf ...... 4

Restatement (Second) of Agency, § 112 (1958) ....................................................... 18

Restatement (Second) of Contracts, § 211 cmt. b (1981).......................................... 29

Robert A. Hillman & Jeffrey J. Rachlinski, Standard-Form Contracting in the Electronic Age, 77 N.Y.U. L. Rev. 429, (2002) ................................................... 30

Robert L. Oakley, Fairness in Electronic Contracting: Minimum Standards for Non-Negotiated Contracts, 42 Hous. L. Rev. 1041, 1051 (2005)................................. 29

Robert W. Gomulkiewicz, Getting Serious About User-Friendly Mass Market Licensing for Software, 12 Geo. Mason L. Rev. 687, (2004).......................... 11, 31

Russell Korobkin, Bounded Rationality, Standard Form Contracts, and Unconscionability, 70 U. Chi. L. Rev. 1203 (2003) ............................................. 31

United States v. McDanel, Government Brief............................................................ 6

LEGISLATIVE MATERIALS

141 Cong. Rec. S9423.................................................................... 9

142 Cong. Rec. E1621.................................................................... 9

H.R. Rep. No. 98-894 (1984) ......................................................................... 8

S. Rep. No. 99-432 (1986)................................................................... 8, 9

INTERNET SOURCES

AOL Terms of Use, http://about.aol.com/ aolnetwork/aolcom_terms ......................... 32

Child Exploitation and Online Protection Centre, Thinkuknow: Social Networking, http://www.thinkuknow.co.uk/(X()S(zuckbyrpokhbemgzsglhm))/_/control /social.aspx......................................................... 4

vi

Facebook Terms of Use, http://www.facebook.com/terms.php................................ 13

Google Terms of Service, § 2.3, http://www.google.com/accounts/TOS..................12

Match.com Terms of Use Agreement, http://www.match.com/registration/membagr.aspx ..............................................13

Network Solutions Terms of Service, http://www.networksolutions.com/legal/ static-service-agreement.jsp .................................................................29

Terms and Conditions -- MySpace.com, http://www.myspace.com/ index.cfm?fuseaction=misc.terms ..................... 3, 29, 32

West Terms of Use, http://west.thomson.com/about/terms-of- use/default.aspx?promcode=0 ............................................................... 32

YouTube Community Guidelines, http://www.youtube.com/t/community_guidelines............................33

vii

STATEMENT OF INTEREST OF AMICI CURIAE

Amici are three organizations, the Electronic Frontier Foundation, the Center for Democracy and Technology and Public Citizen, and the 14 individual faculty members listed in Appendix A who research, teach and write scholarly articles and books about internet law, cybercrime, criminal law and related topics at law schools nationwide. None received any compensation for participating in this brief. Amici's sole interest in this case is in the evolution of sound and principled interpretation and application of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(2)(C). Amici believe that this brief will assist the Court in its consideration of the proper interpretation and application of the CFAA in this case.

Electronic Frontier Foundation ("EFF") is a non-profit, member-supported civil liberties organization working to protect free speech and privacy rights. As part of that mission, EFF has served as counsel or amicus in key cases addressing privacy issues and rights as applied to the Internet and other new technologies. With more than 13,000 dues-paying members, EFF represents the interests of technology users in both court cases and in broader policy debates surrounding the application of law in the digital age, and publishes a comprehensive archive of digital civil liberties information at one of the most linked-to web sites in the world, www.eff.org.

Center for Democracy & Technology ("CDT") is a non-profit public interest and Internet policy organization. CDT represents the public's interest in an open,

1

decentralized Internet reflecting constitutional and democratic values of free expression, privacy, and individual liberty. In particular, CDT works to protect online free speech, including the right to speak anonymously and to engage in robust communication and debate without inappropriate threats of criminal sanctions.

Public Citizen is a non-profit, public interest organization that has defended the rights of citizens and consumers since its founding in 1971. Public Citizen has stood against the enforceability of abusive terms in one-sided contracts of adhesion and strongly rejects the proposition that criminal liability should attach to violations of contractual fine print. Since 1999, Public Citizen has also defended the First Amendment right of citizens to communicate anonymously in online forums without the threat of unjustified liability.

2

FACTS AND SUMMARY OF THE ARGUMENT

Defendant Lori Drew is a Missouri resident charged in the Central District of California with violating the Computer Fraud and Abuse Act ("CFAA"). The Government alleges that in the fall of 2006, Defendant created a MySpace account under the name of "Josh Evans." Indictment, United States v. Drew, No. 08-00582, 6 (C.D. Cal. May 15, 2008). Through the "Josh Evans" account, Defendant communicated and developed an online relationship with Megan Meier, a 13-year-old girl also living in Missouri. Indictment at 6. At some point during their communications "Josh Evans" said hurtful things to Miss Meier. Id. at 7-8. Tragically, Miss Meier took her own life.

There are state and federal statutes that regulate harassing and otherwise harmful speech, carefully identifying speech that falls outside of First Amendment protection. See, e.g., 47U.S.C. § 223(a)(1)(C); R.S.Mo. 565.090 (former).1 Neither of those statutes appears to criminalize the communications from "Josh Evans" to Miss Meier here. In the absence of applicable First Amendment-compliant criminal statutes, the Government has chosen to indict Defendant for violating the CFAA, 18 U.S.C. § 1030(a)(2)(C), and for conspiring to violate it. The Government theory is that Defendant's use of a fictitious name and registration information and her hurtful speech violated the MySpace terms of service (TOS). See Terms and Conditions -- MySpace.com, http://www.myspace.com/index.cfm?fuseaction=misc.terms (last modified Feb. 28, 2008). Defendant allegedly failed to provide truthful and accurate registration information; failed to refrain from using any information obtained from MySpace services to harass, abuse, or harm other people; failed to refrain from soliciting personal information from anyone under 18; failed to refrain from

3

promoting information that she knew was false or misleading; and failed to refrain from posting photographs of other people without their consent, all in violation of the terms of use. Indictment at 6-7. On the Government's view, account holders who use their MySpace accounts in violation of the TOS are accessing the company servers "without authorization" or "in excess of authorization." In this way, Defendant victimized MySpace when "Josh Evans" did not follow its terms of service.

The Government's novel and unprecedented response to what everyone recognizes as a tragic situation would create a reading of the CFAA that has dangerous ramifications far beyond the facts here. Terms of service include prohibitions both trivial and profound. As detailed in examples below, the Government's theory would attach criminal penalties to minors under the age of 18 who use the Google search engine, as well as to many individuals who legitimately exercise their First Amendment rights to speak anonymously online. This effort to stretch the computer crime law in order to punish Defendant Drew for Miss Meier's death would convert the millions of internet-using Americans who disregard the terms of service associated with online services into federal criminals. Indeed, survey evidence shows that the majority of teenage MySpace users have entered at least some false information into MySpace, and would thus be subject to prosecution under the Government's theory. Pew Internet & American Life Project, Teens, Privacy and Online Social Networks: How teens manage their online identities and personal information in the age of MySpace, 23-24, http://www.pewinternet.org/pdfs/PIP_ibiblios_Privacy_SNS_Report_Final.pdf (Apr. 18, 2007). In fact, child safety advocates like the Child Exploitation and Online Protection Centre of the British government specifically encourage children to protect themselves by providing misleading identifying information instead of real names on social networking sites. See Child Exploitation and Online Protection Centre, Thinkuknow: Social Networking,

4

http://www.thinkuknow.co.uk/(X()S(z4uckb3yrpokhbemgzsglhm2))/8_10/control/s ocial.aspx (last visited July 31, 2008) ("It's a good idea to use a nickname rather than your real name."). To the best of amici's knowledge, never before in the 22-year history of the CFAA has a criminal prosecution been based on such a theory.

The case is reminiscent of United States v. LaMacchia, 871 F.Supp. 535 (D. Mass. 1994), where the district court rejected a Government attempt to stretch the scope of the federal wire fraud statute, U.S.C. § 1343, to cover the unauthorized, non-commercial distribution of copyrighted software products over the internet by an MIT student. At the time, copyright law did not contain criminal provisions against non-commercial infringement. Noting that the key question was whether, metaphorically, "new wine can be poured into an old bottle," id. at 536, the court recognized that:

[w]hat the Government is seeking to do is to punish conduct that reasonable people might agree deserves the sanctions of the criminal law. . . . While the Government's objective is a laudable one, particularly when the facts alleged in this case are considered, its interpretation of the wire fraud statute would serve to criminalize the conduct of not only persons like LaMacchia, but also the myriad of home computer users who succumb to the temptation to copy even a single software program for private use.
Id. at 544.2

The case is also reminiscent of United States v. McDanel, prosecuted by this same United States Attorney's office under a different provision of the CFAA before ___________

5

the Government admitted error on appeal and moved to overturn the defendant's conviction. See United States v. McDanel, Government Brief, attached as Exhibit A, at 6, 8. In McDanel, the Government stretched the definition of "harm to the integrity" of a computer system to cover truthful reports about a security vulnerability that could endanger a customer's private communications. The Government's proposed interpretation of the CFAA in this case is a similar stretch, one that is unsupported by case law or Congressional intent, is overbroad and unconstitutionally vague, and would punish constitutionally protected activities. This Court should reject the unwarranted expansion of the CFAA and dismiss the indictment.

I. THIS COURT SHOULD DISMISS THE COMPUTER FRAUD AND ABUSE ACT CHARGES AGAINST DEFENDANT DREW BECAUSE HER ALLEGED VIOLATION OF THE MYSPACE TERMS OF USE DOES NOT CONSTITUTE "UNAUTHORIZED ACCESS" OR "EXCEEDING AUTHORIZED ACCESS" UNDER THE STATUTE

A MySpace account holder does not gain unauthorized access or exceed authorized access to MySpace servers by disregarding conditions set forth in that service's terms of service (TOS). The CFAA criminalizes unauthorized access to a computer system or to information on the system. Both the plain language of the statute and the legislative history show that the statute is meant to punish trespassers and "hackers," not users who ignore or violate sites' contracts or customers who misuse the service.

A. By Its Plain Terms, The Computer Fraud And Abuse Act Prohibits Trespass And Theft, Not Mere Contractual Violations Of Terms Of Use
The fundamental question in this case is when access to a highly popular, everyday web site is "without authorization" or in excess of authorized access.3 The

6

plain language of the CFAA does not criminalize an account holder's use of a computer in violation of TOS, but rather a trespasser's access to computer systems or areas of computer networks without permission. In other words, the statute prohibits trespass and theft, not improper motive or use. Every exercise of statutory interpretation begins with an examination of the plain language of the statute. Christensen v. C.I.R., 523 F.3d 957, 962 (9th Cir. 2008) (Courts look to the plain language of a statute, and to legislative history). The Government charged Defendant with 18 U.S.C. 1030 (a)(2)(C), which states:
(a) Whoever-- ...(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--...(C) information from any protected computer if the conduct involved an interstate or foreign communication; ...shall be punished as provided in subsection (c) of this section.
Although Congress did not define the phrase "without authorization," it did so for the phrase "exceeds authorized access". The term "exceeds authorized access" means: "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter." 18 U.S.C. § 1030(e)(6) (2008).

The plain language of the statute prohibits trespass, either by outsiders who have no rights to the computer system, or by "insiders" who have some rights to access the computer system, but have limited rights to access or alter information on that same system. The Indictment in this case does not allege whether the defendant's access to the MySpace service was "without authorization" or "in excess of authorized access" or both. Regardless, both prongs of 1030(a)(2)(C) are straightforward prohibitions against computer trespass. The first covers outsiders who have no rights to the computer system, and the second covers "insiders" who have some rights to access the computer system, but do not have rights to access or alter certain files or information on that same system. If the computer owner gives

7

the user the ability to access to particular information, then the user does not exceed his authorization by accessing that information, regardless of the purpose or manner of such access. Lockheed Martin Corp. v. Speed, 2006 WL 2683058, *5 (M.D. Fla. Aug. 1, 2006) (plain reading of "exceeds authorized access" means "those [who go] above [their] authorization, meaning those that go beyond the permitted access granted to them typically insiders exceeding whatever access is permitted to them"). The plain language of Section 1030(a)(2) targets "the unauthorized procurement or alteration of information, not its misuse or misappropriation." Shamrock Foods v. Gast, 535 F. Supp. 2d 962, 965 (D. Ariz. 2008) (citing Brett Senior & Assocs., P.C. v. Fitzgerald, 2007 WL 2043377 (E.D. Pa. July 13, 2007)).
B. The Legislative History Supports The View That The CFAA Prohibits Trespass And Theft, Not Improper Motive Or Use.
The legislative history confirms that Congress intended the CFAA to criminalize intruders who trespassed on computers and computer networks. Int'l Ass'n of Machinists and Aerospace Workers v. Werner-Masuda, 390 F. Supp. 2d 479, 495-96 (D.Md 2005) (citing S. Rep. No. 99-432, at 4 (1986), reprinted in 1986 U.S.C.C.A.N. 2479, 2482 (explaining that the CFAA "is a consensus bill aimed at deterring and punishing certain 'high-tech' crimes")). The CFAA was originally called the Counterfeit Access Device and Computer Fraud and Abuse Act and was enacted in 1984. Counterfeit Access Device and Computer Fraud and Abuse Act, Pub. L. No. 98-473, Title II, § 2102(a), 98 Stat. 1937 (1984) (prior to 1986 amendment). The 1984 House Committee emphasized that "section 1030 deals with an 'unauthorized access' concept of computer fraud rather than the mere use of a computer. Thus, the conduct prohibited is analogous to that of 'breaking and entering' rather than using a computer . . . in committing the offense." H.R. Rep. No. 98-894 at 20 (1984) reprinted in 1984 U.S.C.C.A.N. 3689, 3706. Consequently, the committee report emphasized concerns about "hackers" who "trespass into" computers and the inability of "password codes" to protect against this threat. Id. at

8

10-11, reprinted in 1984 U.S.C.C.A.N. 3689, 3695-97. The 1984 version of the law criminalized actions of one who gains "unauthorized access" or who "having accessed a computer with authorization, uses the opportunity such access provides for purposes to which such authorization does not extend."

In 1986, Congress deleted the part of the statute that prohibited those with authorization from using the system for unauthorized purposes and substituted the phrase "exceeds authorized access." Werner-Masuda, 390 F. Supp. 2d , 479, 499 n. 12 (D. Md. 2005) (quoting S. Rep. No. 99-432, at 9 (1986), reprinted in 1986 U.S.C.C.A.N. 2479, 2486). As the court in Werner-Masuda explains:

By enacting this amendment, and providing an express definition for "exceeds authorized access," the intent was to "eliminate coverage for authorized access that aims at `purposes to which such authorization does not extend,'" thereby "removing from the sweep of the statute one of the murkier grounds of liability, under which a [person's] access to computerized data might be legitimate in some circumstances, but criminal in other (not clearly distinguishable) circumstances that might be held to exceed his authorization.
Id. at 499 n.12 (quoting S. Rep. No. 99-432, at 21, 1986 U.S.C.C.A.N. 2479, 2494-95) (alterations in original). Congress used the "exceeds authorized access" language to avoid extending criminal liability to employees where administrative sanctions were more appropriate. Id.

This intention is further supported by the fact that, when discussing the CFAA, and specifically section (a)(2)(C), legislators often referred to "hackers" and the need to protect sensitive information from theft. See, e.g., 142 Cong. Rec. E1621-03 (daily ed. Sept. 17, 1996) (statement of Rep. Goodlatte); see also 14 Cong. Rec. S9423 (daily ed. June 29, 1995) (statement of Sen. Leahy). The modern, conventional usage of "hacker" is usually someone who gains unauthorized access to a computer typically to obtain information of value he or she is not entitled to obtain, or to cause damage. See, e.g., Oxford English Dictionary, Oxford Univ. Press (defining, inter alia, a hacker as "a person who uses his skill with computers to try to gain unauthorized access to computer files or networks"); see also United States v.

9

Riggs, 739 F. Supp. 414, 423-24 (N.D. Ill. 1990) (citing approvingly to sources that define hackers as those using computer skills to gain unauthorized access to a computer system). The legislative history makes no mention of unauthorized or excessive access obtained through ignorance or disregard of private terms of service.

The legislative history supports the conclusion that the CFAA criminalizes trespasses in which the user gains access to computer services or information to which he is not entitled, not those in which an authorized individual uses the services or information in an impermissible manner. Defendant Drew had an account on MySpace, a free interactive internet-based social network open to anyone who signs up for the service. There are no fees, no vetting, no checks on who may use the service. Usernames and passwords are deployed, not to keep people off MySpace, but to give users control over their own account profiles and keep such profiles separate. Defendant Drew allegedly used her account to access MySpace services and information. She had no special skill with computers and did not circumvent any security measures, technological or otherwise. As is any member of the public who signs up and holds an account, she was authorized to use the service and to access the system, including information stored there. The way she used her account, if the allegations are true, was reprehensible. But unless her hateful speech rises to the level of harassment or stalking, it is not criminal and cannot be punished; attempting instead to punish that speech under the CFAA merely because it took place on the internet in contravention to a private terms of service is improper.

C. Courts Are Justifiably Wary Even Of Civil Enforcement Of Website Terms Of Service
Adopting the erroneous view of the CFAA propounded by the prosecution in this case would criminalize the actions of internet users or web service account holders who violate a mere contractual promise to use a computer in a certain way or who ignore or disregard terms of service hidden behind a "legal notices" hyperlink at the bottom of a webpage. As detailed in Section III.A, infra, many, perhaps most,

10

internet users do not even read or understand these documents, which are often long, riddled with legalese, and poorly organized and formatted or typically are written at a level of difficulty that exceeds the ability of most consumers to understand. Accord Robert W. Gomulkiewicz, Getting Serious About User-Friendly Mass Market Licensing for Software, 12 Geo. Mason L. Rev. 687, 692-94, 701-02 (2004); Alan M. White & Cathy Lesser Mansfield, Literacy and Contract, 13 Stan. L. & Pol'y Rev. 233, 235-42 (2002). Significantly, the Government in this case has not alleged that the Defendant or co-conspirators ever read or even looked at the MySpace terms, but only that the terms "were readily available" to users "who could click on a link titled 'Terms of Service' or 'Terms' to be directed to a web page where [they] could review those rules." Indictment at 4 (emphasis added).4

Indeed, the current prosecution would impose criminal liability for merely ignoring or violating terms of service at a time that courts and academics continue to debate the extent to which and under what circumstances such documents should be enforced as a matter of regular civil contract law. See, e.g., Mark A. Lemley, Terms of Use, 91 Minn. L. Rev. 459, 462-63, 475-76 (2006) (citing cases and noting differences in enforceability between corporate-entity defendants and individuals). Among the thorny issues that are presented by such cases are whether the user receives adequate actual or constructive notice of the terms, whether the user effectively consents and whether the terms are unconscionable. Whatever the merits of recognizing private, civil contract obligations and remedies in such situations, however, the imposition of serious criminal liability in light of these problems would be fundamentally unfair.

11

D. Imposing Criminal Liability For Ignoring Or Violating Terms Of Service Would Be An Unprecedented, Extraordinary And Dangerous Extension Of Federal Criminal Law
George Washington University Law Professor Orin Kerr has argued thoughtfully and persuasively that "unauthorized access" should not include access to a computer in violation of a contract or terms of service. Doing so would:
threaten a dramatic and potentially unconstitutional expansion of criminal liability in cyberspace. Because Internet users routinely ignore the legalese that they encounter in contracts governing the use of websites, Internet Service Providers (ISPs), and other computers, broad judicial interpretations of unauthorized access statutes could potentially make millions of Americans criminally liable for the way they send e- mails and surf the Web.
Orin S. Kerr, Cybercrime's Scope: Interpreting "Access" and "Authorization" in Computer Misuse Statutes, 78 N.Y.U. L. Rev. 1596, 1599 (2003). Consider the remarkable and disturbing results that a contract-based approach to authorized access can create under the CFAA:
Imagine that a website owner announces that only right-handed people can view his website, or perhaps only friendly people. Under the contract-based approach, a visit to the site by a left-handed or surly person is an unauthorized access that may trigger state and federal criminal laws. A computer owner could set up a public web page, announce that "no one is allowed to visit my web page," and then refer for prosecution anyone who clicks on the site out of curiosity. By granting the computer owner essentially unlimited authority to define authorization, the contract standard delegates the scope of criminality to every computer owner.
Id. at 1650-51.

Professor Kerr's concerns are not merely hypothetical. There are many surprising terms of service provisions that, if violated, would convert authorized users into federal criminals. Take for example, two of the internet's most popular websites' terms of service:

  • "You may not use the Services and may not accept the Terms if (a) you are not of legal age to form a binding contract with Google," Google Terms of Service, § 2.3, http://www.google.com/accounts/TOS (last modified Apr. 16, 2007).

12

  • "[Y]ou agree to . . . provide accurate, current and complete information about you as may be prompted by any registration forms on the Site ("Registration Data") . . . [and] maintain and promptly update the Registration Data, and any other information you provide to Company, to keep it accurate, current and complete . . . ." Facebook Terms of Use, http://www.facebook.com/terms.php (last modified June 7, 2008).

On the Government's view, a user who is under the age of majority violates the CFAA every time she enters a search query on the Google.com webpage and obtains information. Under Facebook's terms of use, if a user changes jobs or addresses or even her thoughts on what her favorite movie is, she would need to immediately tell Facebook, as this is information she has provided to the company, or run the risk that her continued use of the site could lead to criminal sanctions.5

In another example, the Electronic Frontier Foundation reports that terms of service for the popular dating site Match.com require users of either the website or the dating service to be single or separated from their spouses. See, e.g., Match.com Terms of Use Agreement, http://www.match.com/registration/membagr.aspx ("You must be at least eighteen (18) years of age and single or separated from your spouse to register as a member of Match.com or use the Website.") (last visited July 30, 2008). The brief's author has not been able to visit the site to confirm the report; because she remains happily married, doing so would be a violation of the site's terms, potentially a criminal act under the interpretation of the CFAA advanced by the Government here.

13

E. The Better View, Supported By More Recent Cases, Rejects CFAA Liability For Authorized Users Acting Outside the Terms and Conditions of That Authorization
Professor Kerr's concern about applying the CFAA to contract violations followed holdings by several courts in civil cases that a disloyal employee's use of a computer or a competitor's automated searching of a system for commercial purposes could violate the statute. However, the more recent and better view, consistent with Kerr's well-reasoned analysis, rejects the idea that authorized access becomes unauthorized, and thus criminal, when the user acts with his own purposes, rather than those of the computer owner, in mind. See, e.g., Werner-Masuda, 390 F. Supp. 2d at 495-96; Brett Senior & Assocs., 2007 WL 2043377; Diamond Power Int'l, Inc. v. Davidson, 540 F. Supp. 2d 1322 (N.D. Ga. 2007); Lockheed Martin Corp., 2006 WL 2683058. This better view rejects CFAA liability even where the defendant is a former employee violating a negotiated employment contract or confidentiality agreement by transferring confidential information to a rival company for the employee's own economic benefit and to the detriment of the computer owner. The instant case is a far easier one: all that is alleged here is that the defendant violated the standard MySpace service terms of use, and did so without any purpose to gather trade secrets or commercial or proprietary data, or to gain any economic advantage.

1. More Recent, Better-Reasoned Cases Adopt A Narrower View Of "Exceeding Authorized Access"
The better-reasoned cases hold that if a user is authorized to access a computer and information stored there, then doing so is not criminal, even if that access is in violation of a contractual agreement or non-negotiated terms of use. For example, in Werner-Masuda the plaintiff argued that the defendant, a union officer, exceeded her authorization to use the union computer when she accessed a membership list to send to a rival union, and not for legitimate union business. The defendant had signed an agreement promising that she would not access union computers "contrary to the

14

policies and procedures of the [union] Constitution". Werner-Masuda, 390 F. Supp. 2d at 495 (D. Md. 2005). The District Court rejected this argument, holding that even if the defendant breached a contract, that breach of a promise not to use information stored on union computers in a particular way did not mean her access to that information was unauthorized or criminal.
Thus, to the extent that Werner-Masuda may have breached the Registration Agreement by using the information obtained for purposes contrary to the policies established by the [union] Constitution, it does not follow, as a matter of law, that she was not authorized to access the information, or that she did so in excess of her authorization in violation of the [Stored Communications Act] or the CFAA. . . . Although Plaintiff may characterize it as so, the gravamen of its complaint is not so much that Werner-Masuda improperly accessed the information contained in VLodge, but rather what she did with the information once she obtained it. . . . Nor do [the] terms [of the Stored Communications Act and the CFAA] proscribe authorized access for unauthorized or illegitimate purposes. (citations omitted)
Id. at 499.

Here, too, the gravamen of the Government's complaint is not that Defendant improperly obtained information to which she was not entitled on the MySpace servers, but rather that she used the MySpace service for an unauthorized or illegitimate purpose. The CFAA does not proscribe authorized access for unauthorized or illegitimate purposes. Thus, to the extent that Defendant may have breached the Terms of Service by using a MySpace account contrary to the policies established by the company, it does not follow that she was not authorized to access the MySpace servers in violation of the CFAA.

Subsequent cases have followed the reasoning of Werner-Masuda based on either plain language or legislative history. In Lockheed Martin Corp. the court found no CFAA violation under the plain language of the statute. "Exceeds authorized access," the opinion states, refers to those employees "that go beyond the permitted access granted to them typically insiders exceeding whatever access is permitted to them." Lockheed Martin Corp., 2006 WL 2683058, at *5.

In Diamond Power Int'l, Inc. v. Davidson, the District Court similarly rejected

15

a CFAA claim against an employee who violated an employment agreement by using his access to his employer computer system to steal data for a competitor. The defendant transferred information from password-protected computer drives to his new employer while still employed with the former company in violation of a confidentiality agreement. Davidson, 540 F. Supp. 2d at 1327-31. Correctly identifying the narrower interpretation of "exceeding authorized access" as "the more reasoned view," the court held that "a violation for accessing `without authorization' occurs only where initial access is not permitted. And a violation for `exceeding authorized access' occurs where initial access is permitted but the access of certain information is not permitted." Id. at 1343.

In Brett Senior & Assocs., an employer alleged that its former employee misused confidential information at his new employer in violation of the CFAA. While still working with his former employer, the employee interviewed with a rival company and showed it a list of his employer's clients and those the details of those clients' business with the company. Before leaving to join the new firm, the employee then contacted 20 of his clients and convinced 15 of them to come with him to the new firm. Brett Senior & Assocs., P.C., 2007 WL 2043377 at *1. The court relied on the legislative history to reject the former employer's CFAA claim. The employee defendant had full access to information contained in the computer system until his departure, and the court concluded that a CFAA violation is a trespass offense, not a misuse of services offense. Id. at *3.

In Shamrock Foods v. Gast, under similar facts, the District Court relied on Davidson and Werner-Masuda to hold that the defendant did not access the information at issue "without authorization" or in a manner that "exceed[ed] authorized access." Shamrock Foods, 535 F. Supp. 2d at 968. The defendant had an employee account on the computer he used at his employer Shamrock and was permitted to view the specific files he allegedly emailed to himself. The CFAA did not apply, even though the emailing was for the improper purpose of benefiting

16

himself and a rival company in violation of the defendant's Confidentiality Agreement.6 See Werner-Masuda, 390 F.Supp. 2d at 496 (interpreting the same language "prohibit[ing] only unauthorized access and not the misappropriation or disclosure of information" in the Stored Communications Act (SCA), 18 U.S.C. § 2701(a) to mean that "there is no violation of section 2701 for a person with authorized access to the database no matter how malicious or larcenous his intended use of that access." (quoting Educ'al Testing Service v. Stanley H. Kaplan, Educ'al Ctr., Ltd., 965 F. Supp. 731, 740 (D. Md. 1997) ("[I]t appears evident that the sort of trespasses to which the [SCA] applies are those in which the trespasser gains access to information to which he is not entitled to see, not those in which the trespasser uses the information in an unauthorized way."))).
2. Older Cases Wrongly Adopted A Broader View Of "Exceeding Authorized Access"
The cases discussed above contrast with and reject earlier decisions, most importantly Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc., 119 F. Supp. 2d 1121 (W.D. Wash. 2000), which introduced an agency theory of authorization under the CFAA that several courts have followed. Shurgard follows neither the plain language nor the legislative intent of the CFAA and would lead to a variety of troubling and potentially unconstitutional results. See id. The reasoning in Werner-Masuda is both persuasive and correct and, to the extent that Shurgard takes a different approach, this Court should reject it.

In Shurgard, the District Court denied a motion to dismiss a CFAA claim brought by an employee that took employer information from the computer system

17

with him to his next job. Id. at 1129. The court relied on the Restatement (Second) of Agency, § 112 (1958), to hold that when the plaintiff's former employees accepted new jobs with the defendant, the employees "lost their authorization and were 'without authorization' [under the CFAA] when they allegedly obtained and sent [the plaintiff's] proprietary information to the defendant via e-mail"). Shurgard, 119 F. Supp. 2d at 1125. The court examined the Senate report accompanying Congress's 1996 amendments to the CFAA, and concluded that Congress intended the statute to have "broad meaning" that was intended to cover the situation under dispute. Id. at 1129. But the 1996 amendments were of little relevance to the authorization issues in Shurgard or here, as those amendments replaced the term "federal interest computer" with "protected computer." 18 U.S.C. § 1030(a)(2)(C) (2008). In contrast the district court in Werner-Masuda relied heavily on the 1986 Senate report accompanying the CFAA. Werner-Masuda, 390 F. Supp. 2d at 497-499. The 1986 amendments are the relevant ones because those are the amendments that added the term "exceeds authorized access." 16 U.S.C. § 1030(a)(2)(C) (2008). This is the term at issue here because it is the part of the statute that reaches insiders who are allowed access for some purposes, but not for others. For this reason, Werner- Masuda's take on the legislative history of the CFAA is far more persuasive than that of the court in Shurgard on the critical issue of whether Defendant Drew gained unauthorized access or exceeding authorized access.

A few cases find that, in the civil employment context, the principles of agency mean that an employee accesses a computer "without authorization" if, without knowledge of the employer, the employee uses the employers computer system in a manner adverse to the employer's interests. See, e.g., Int'l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418, 420-421 (7th Cir. 2006); ViChip Corp. v. Lee, 438 F. Supp. 2d 1087, 1100 (N.D. Cal. 2006). Several earlier cases also found a CFAA violation for non-employees, but only after clear and repeated warnings that the user's conduct was not authorized, and only under circumstances where the user

18

either had a fiduciary duty to the computer owner or where the access was for competitive commercial gain, facts significantly absent in this case. See EF Cultural Travel BV v. Zefer Corp. 318 F.3d 58 (1st Cir. 2003), (rejecting a CFAA claim based on a "reasonable expectations" test but stating in dicta that "a lack of authorization could be established by an explicit statement on the website restricting access"); EF Cultural Travel BV v. Explorica Inc., 274 F.3d 577 (1st Cir. 2001) (finding CFAA liability where the defendant poached an ex-EF employee, who in turn revealed confidential information about his former employer which improved the competitor's use of automated tools to search and "systematically glean company's prices from [competitor's] website"); Southwest Airlines Co. v. FareChase Inc., 318 F. Supp. 2d 435 (N.D. Tex. 2004) (defendant created an automated tool that "scraped" web site information and allowed corporate travelers to search online for airline fares, including Southwest's. despite the plaintiff's "repeated warnings and requests" to cease); Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y. 2000) (court enjoined automatic searching of the registrant contact information contained in domain registry database after lawyers specifically objected to the defendant's use and sent out a terms of use letter to the defendant), aff'd in part as modified by Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004) (reversing the trial court's CFAA finding on the basis that there was insufficient likelihood of showing the $5,000 damage threshold necessary for private claims, but upholding a trespass to chattels claim); America Online Inc. v. LCGM, Inc., 46 F. Supp. 2d 444 (E.D. Va. 1998) ("AOL"), (the defendant transmitted more than 92 million unsolicited and bulk e-mail messages advertising their pornographic Web sites to AOL members in violation of AOL's email policies and terms of use).

These civil cases are readily distinguished from the criminal prosecution of Defendant Drew here because all but AOL involve actual prior notice to the defendant that their computer access was unauthorized, rather than the mere posting of terms of service on a website which could be ignored or violated by a user. These

19

cases also all involve use of the plaintiff's computer service for the defendant's commercial advantage to the detriment of the computer system owner. See Lemley, 91 Minn. L. Rev. at 476-77 (noting a greater willingness of some courts to enforce terms against businesses than against consumers). Here, Defendant Drew allegedly failed to provide truthful and accurate registration information; failed to refrain from using any information obtained from MySpace services to harass, abuse, or harm other people; failed to refrain from soliciting personal information from anyone under 18; failed to refrain from promoting information that she knew was false or misleading; and failed to refrain from posting photographs of other people without their consent. The indictment does not allege even that Defendant had seen or knew of these terms in the MySpace TOS, but she certainly did not receive any direct warnings to stop. Nor was she acting for commercial advantage in a way that could be seen as unfairly competing with or harming MySpace's business, factors important to the decisions in virtually all the above cases.

Apart from these important factual distinctions, for the reasons stated, these cases were wrongly decided, in light of the plain language and the legislative history of the CFAA.

F. The Rule Of Lenity Requires The Narrower Interpretation Of The CFAA's "Access" Language
The rule of lenity should guide the construction of section 1030 (a)(2)(C) in this case because the CFAA is first and foremost a criminal statute. See Leocal v. Ashcroft, 543 U.S. 1, 12 n. 8 (2008); United States v. Thompson/Center Arms Co., 504 U.S. 505, 517-18 (1992). The rule of lenity "requires a court confronted with two rational readings of a criminal statute, one harsher than the other, to choose the harsher only when Congress has spoken in clear and definite language." Shamrock Foods, 535 F. Supp. 2d at 965-67 (plain language of the statute, legislative history and rule of lenity support a narrow view of the CFAA); see Pasquantino v. United States, 544 U.S. 349, 383 (2005); McNally v. United States, 483 U.S. 350, 359-60

20

(1987).

Here, because Congress has not proactively specified that the CFAA's "access" provisions criminalize mere violations of terms of service, the rule of lenity requires that courts adopt the "less harsh" interpretation. See, e.g., United States v. Miranda-Lopez, 2008 WL 2762392 at *5 (9th Cir. July 17, 2008) ("the 'longstanding' rule of lenity requires us to resolve any ambiguity in the scope of a criminal statute in favor of the defendant" (citations omitted)). This is the approach taken by the court in Shamrock Foods Co. in adopting the narrower interpretation of "accesses . . . without authorization or exceeds authorized access." The court there used the rule of lenity to reject imposition of CFAA liability on a disloyal former employee, concluding "[t]he approach advanced by Shamrock would sweep broadly within the criminal statute breaches of contract involving a computer. . . . The Court declines the invitation to open the doorway to federal court so expansively when this reach is not apparent from the plain language of the CFAA." Shamrock Foods at 967 (emphasis added). United States v. LaMacchia reached a similar result as the rule of lenity would require. Because Congress had failed to criminalize non-commercial distribution of copyrighted materials, the Government was not entitled to stretch a broader statute regulating a different kind of conduct to punish admittedly bad conduct. LaMacchia, 871 F. Supp. 535 (D. Mass. 1994). If Congress wanted to criminalize the conduct at issue here, it could have. If Congress wanted to give the force of law to terms of service agreements, it can. But it did not, and the rule of lenity does not permit the Government to use the CFAA to reach that result.

G. The Government's Previous Attempt In This District To Expand Civil Cases Interpreting the CFAA into the Criminal Context Led To The Wrongful Conviction And Incarceration Of An Individual For Constitutionally Protected Activities
In a disturbingly similar expansion of civil CFAA cases to support a criminal prosecution under a different section of the CFAA, 18 U.S.C. § 1030(a)(5)(A), the United States Attorney's Office in this district from 2001 to 2003 prosecuted

21

computer programmer Bret McDanel, United States v. McDanel, Ninth Circuit Case No. 03-50135, Central District of California Case No. CR-01-638-LGB. McDanel worked for a Tornado, a Los Angeles firm that provided Web-based email and voice mail services. While employed there, he discovered a serious security flaw in the company's email system, which intruders could exploit to read customers' private messages. He brought the flaw to the company's attention, but it wasn't fixed. After he left Tornado, McDanel sent an anonymous email to Tornado customers, describing the security flaw, and directing customers to a website McDanel had set up providing more information. The Government indicted McDanel for violating the CFAA, alleging that because he sent emails to customers' Tornado.com email addresses, and these emails gave customers information that the company did not want its users to have, McDanel intentionally caused damage to the integrity of Tornado's email server. The Government relied heavily on Shurgard's agency law theory, arguing that McDanel acted without the best interests of Tornado in mind, so his emails were improper. McDanel was convicted and sentenced to 16 months in prison.

On appeal to the Ninth Circuit,7 the Government reversed its position, "confess[ed] error," and moved to dismiss the charges against McDanel. (See United States v. McDanel, Government Brief, attached as Exhibit A, at 6, 8). While McDanel sent information to Tornado's servers, and while that information caused harm to Tornado's business (by reducing customer confidence in the privacy and security of their messages), the Government admitted that that type of harm could not be a CFAA violation unless it was intended to help someone illegally access the system or change data there. Id. at 8. The flaw in the current prosecution and that of McDanel is the same. The Government seeks to extend the reasoning of disfavored civil law cases from the employment or commercial context to argue that any use of

22

a computer server in a manner contrary to the interests of the server owner is a crime.

As with the prosecution of Mr. McDanel, this prosecution is in error.

II. APPLYING THE CFAA TO DEFENDANT'S CONDUCT IN THIS CASE WOULD CONSTITUTE A SERIOUS ENCROACHMENT ON FUNDAMENTAL CIVIL LIBERTIES, INCLUDING FREEDOM OF SPEECH

A. The First Amendment Assures The Right To Speak Anonymously Online
Individuals have the qualified right to speak anonymously, including on the internet, so criminal prosecution for failing to supply accurate identifying information to an online communications service endangers First Amendment rights. Yet one of the alleged violations of the MySpace terms of service on which the Government bases this Indictment is Defendant's use of a fictitious name in registering for an account. See Indictment at 6.

Average internet users may have numerous valid reasons for wanting to keep their identities secret. Individuals may want to protect themselves from unwanted attention or from unwanted advertising, even while the service providers hope to sell customer's personally indentifying information or send advertising. They may wish to avoid having their views stereotyped according to their racial, ethnic or class characteristics, or their gender. They may be associated with an organization but want to express an opinion of their own, without running the risk that readers will assume that the group feels the same way. They may want to say or imply things about themselves that they are unwilling to disclose otherwise. And they may wish to present provocative ideas that they fear could subject them to retaliation. Not surprisingly, in a recent survey, almost one-third of social network users admitted to providing false information to protect their identities. Antony Savvas, Social Network Users Hide Identities, Computer Weekly, Sept. 25, 2007.

The Supreme Court has consistently upheld the right to anonymous speech in a variety of contexts, noting that "[a]nonymity is a shield from the tyranny of the majority . . . [that] exemplifies the purpose [of the First Amendment] to protect

23

unpopular individuals from retaliation ... at the hand of an intolerant society." McIntyre v. Ohio Elections Comm'n, 514 U.S. 334, 357 (1995); see also id. at 342 ("an author's decision to remain anonymous, like other decisions concerning omissions or additions to the content of a publication, is an aspect of the freedom of speech protected by the First Amendment."); Gibson v. Fla. Legislative Investigative Comm., 372 U.S. 539, 544 (1963) ("[I]t is ... clear that [free speech guarantees] ... encompass[] protection of privacy association ..."); Talley v. California, 362 U.S. 60, 64 (1960) (finding a municipal ordinance requiring identification on hand-bills unconstitutional, and noting that "[a]nonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind.").

The First Amendment applies fully to internet communications, including email and the World Wide Web. Reno v. ACLU, 521 U.S. 844, 870 (1997) (there is "no basis for qualifying the level of First Amendment protection that should be applied to" the internet). Numerous courts have specifically upheld the right to communicate anonymously on the internet. See, e.g., Doe v. TheMart.com Inc., 140 F. Supp. 2d 1088, 1092 (W.D. Wash. 2001) ("The right to speak anonymously extends to speech via the internet. Internet anonymity facilitates the rich, diverse, and far ranging exchange of ideas."); ACLU v. Johnson, 4 F. Supp. 2d 1029, 1033 (D.N.M. 1998); ACLU of Ga. v. Miller, 977 F. Supp. 1228, 1230 (N.D. Ga. 1997); see also ApolloMEDIA Corp. v. Reno, 526 U.S. 1061 (1999), aff'd 19 F. Supp. 2d 1081, 1085 n.5 (C.D. Cal. 1998) (protecting anonymous denizens of a web site at www.annoy.com, a site "created and designed to annoy" legislators through anonymous communications); Global Telemedia Int'l v. Does, 132 F. Supp. 2d 1261, 1267 (C.D. Cal. 2001) (striking complaint based on anonymous postings on Yahoo! message board based on California's anti-SLAPP statute).

It is true that the constitutional privilege to remain anonymous is not absolute. Plaintiffs may properly seek information necessary to pursue reasonable and meritorious litigation. Columbia Ins. Co. v. Seescandy.com, 185 F.R.D. 573, 578

24

(N.D. Cal. 1999) (First Amendment does not protect anonymous internet users from liability for tortious acts such as defamation); Doe v. Cahill, 884 A.2d 451, 456 (Del. 2005) ("Certain classes of speech, including defamatory and libelous speech, are entitled to no constitutional protection."). Also, individuals can choose to waive their free speech rights, and courts may enforce confidentiality agreements over a First Amendment defense. See Snepp v. United States, 444 U.S. 507, 510 (1980) (per curiam). However, the law does not presume a waiver of constitutional rights in contract so courts give heightened scrutiny to the enforceability of such agreements. Ohio Bell Tel. Co. v. Public Utilities Comm'n, 301 U.S. 292, 307 (1937). To enforce such a contract, the waiver must not undermine the relevant public interest. See D. H. Overmyer Co. v. Frick Co., 405 U.S. 174, 187-88 (1972).

In this case, even assuming, arguendo, that the MySpace TOS is privately enforceable in spite of its contractual infirmities and restrictions on protected anonymous speech, monetary damages, not criminal convictions and prison sentences, "are always the default remedy for breach of contract." United States v. Winstar Corp., 518 U.S. 839, 885 (1996) (plurality opinion). "Our system of contract remedies rejects, for the most part, compulsion of the promisor as a goal. It does not impose criminal penalties on one who refuses to perform his promise, nor does it generally require him to pay punitive damages." Canada Dry Corp. v. Nehi Beverage Co., 723 F.2d 512, 526 (7th Cir.1983 ). Yet the Government's construction of "without authorization or exceeds authorized access" in this case, based in part on Defendant Drew's alleged failure to supply "truthful and accurate registration information," Indictment at 5, 7, would make the assertion of protected anonymity the basis for criminal liability. While "[t]he Government may violate [the First Amendment] in many ways, . . . imposing criminal penalties on protected speech is a stark example of speech suppression." Ashcroft v. Free Speech Coal., 535 U.S. 234, 244 (2002).

The First Amendment problems begin with, but do not end with, the right to

25

speak anonymously. Under the Government's construction of the CFAA, speech that violates any terms of service would be unauthorized or in excess of authorization and potentially criminal. If the comment policy of a web site specified "no comments favorable to Democrats" or "no comments that are off-topic" or "no bad stuff" those expressions too would be swept into the reach of the CFAA.

B. Constitutional Avoidance Dictates A Narrow Reading Of "Access" Under The CFAA
This Court need not decide whether enforcing the CFAA would violate the First Amendment in this case. The mere fact that the question arises, however, requires this Court to interpret "exceeds authorized access" narrowly, so as to avoid a potentially unconstitutional application. "'[I]t is a cardinal principle' of statutory interpretation . . . that when an Act of Congress raises 'a serious doubt' as to its constitutionality, `this Court will first ascertain whether a construction of the statute 62 is fairly possible by which the question may be avoided.'" Zadvydas v. Davis, 533 U.S. 678, 689 (2001) (quoting Crowell v. Benson, 285 U.S. 22, 62 (1932)). A narrow construction of "unauthorized access" and "exceeds authorized access" one which does not punish the failure to use truthful identification information when using online services that indicate an interest in collecting this data in their terms of use is both possible and otherwise compelled by the statutory language and history of the CFAA.

III. APPLICATION OF THE CFAA WHEN A USER IGNORES OR VIOLATES WEBSITE TERMS OF SERVICE WOULD VIOLATE DUE PROCESS AND RENDER THE STATUTE VOID FOR VAGUENESS AND LACK OF FAIR NOTICE

Grounding criminal liability under section 1030(a)(2)(C), as the Government seeks to do here, on an interpretation of "access without authorization" and/or "exceeds authorized access" that is based entirely on whether a person has fully complied with the vagaries of privately created, frequently unread, generally lengthy and impenetrable terms of service would strip the statute of adequate notice to citizens of what conduct is criminally prohibited and render it hopelessly and

26

unconstitutionally vague. If the Government's proposed construction of 18 U.S.C. 1030(a)(2)(C) in this case is correct, not only the defendant but also potentially millions of otherwise innocent internet users would be committing frequent criminal violations of the CFAA through ordinary, indeed routine, online behavior which they have been given no reason to believe would make them felons. The lack of notice under the Government's interpretation is stark; counsel for amici are not aware of a single criminal prosecution or conviction in the entire years of the CFAA's existence that has attempted to base criminal liability on disregard for the contractual terms of service on a website.

The Supreme Court has stated that,

"[i]t is a fundamental tenet of due process that '[n]o one may be required at peril of life, liberty or property to speculate as to the meaning of penal statutes.' Lanzetta v. New Jersey, 306 U.S. 451, 453 (1939). A criminal statute is therefore invalid if it 'fails to give a person of ordinary intelligence fair notice that his contemplated conduct is forbidden.' United States v. Harriss, 347 U.S. 612, 617 (1954)."
United States v. Batchelder, 442 U.S. 114, 123 (1979); see also Grayned v. Rockford, 408 U.S. 104, 108-09 (1972). A plurality of the Supreme Court has further specified that "[v]agueness may invalidate a criminal law for either of two independent reasons. First, it may fail to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; second, it may authorize and even encourage arbitrary and discriminatory enforcement." City of Chicago v. Morales, 527 U.S. 41, 56 (1999) (Stevens, J., plurality opinion).

In the Ninth Circuit, "[t]o survive vagueness review, a statute must '(1) define the offense with sufficient definiteness that ordinary people can understand what conduct is prohibited; and (2) establish standards to permit police to enforce the law in a non-arbitrary, non-discriminatory manner.'" United States v. Sutcliffe, 505 F.3d 944, 953 (9th Cir. 2007) (quoting Nunez v. City of San Diego, 114 F.3d 935, 940 (9th Cir. 1997). "Vague statutes are invalidated for three reasons: '(1) to avoid punishing people for behavior that they could not have known was illegal; (2) to avoid

27

subjective enforcement of laws based on 'arbitrary and discriminatory enforcement' by government officers; and (3) to avoid any chilling effect on the exercise of First Amendment freedoms.'" Humanitarian Law Project v. Mukasey, 509 F.3d , 1122, 1133 (9th Cir. 2007) (quoting Foti v. City of Menlo Park, 146 F.3d 629, 638 (9th Cir. 1998)).8

Nothing in § 1030(a)(2)(C), its legislative history, or the case law interpreting it provides any sort of "fair notice" to citizens, including the defendant here, that such everyday behavior could constitute a federal crime. For at least the following four reasons the interpretation advanced by the Government would fall short of providing required notice and avoiding vagueness. Given that courts should adopt a narrow construction of a statute to avoid vagueness and other unconstitutional infirmities, see Zadvydas v. Davis, 533 U.S. at 689, the Government's proposed view of the CFAA must be rejected.

A. Web Site Terms of Service are Routinely Ignored or Not Fully Read or Understood
The fallacy of any notion that internet users are on "fair notice" that disregarding the terms of service of the many web sites and web services they visit puts them at risk of serious criminal liability is revealed by the widespread (and widely accepted) understanding that large numbers of users never read these terms, or read and understand only limited portions of them.

First, terms are often poorly accessible. Many web sites or web-based services post their terms behind a "legal notices" or "terms of service" hyperlink which users can only access by scrolling to the bottom of the page and clicking on the link. To access the MySpace terms of use, for example, one must scroll down to find a hyperlink labeled "terms". See MySpace.com Home Page, http://www.myspace.com/

28

(last visited July 28, 2008). Nothing about the link indicates that it is exceptionally important, much less that failure to click on it and read the underlying terms could subject the user to criminal penalties.

Second, the terms of service presented by many web sites and other online services are lengthy and impenetrable. In one particularly daunting example, Network Solutions, the domain name registrar, has a TOS that takes up 115 pages when pasted into a single spaced, 12-point font Microsoft Word document. See Network Solutions Terms of Service, http://www.networksolutions.com/legal/static-service-agreement.jsp (last visited July 28, 2008). The MySpace terms at issue here contain over 60 separate paragraphs or subparagraphs and takes up roughly ten pages when pasted into a Word document. See Terms and Conditions--MySpace.com, http://www.myspace.com/ index.cfm?fuseaction=misc.terms (last visited July 28, 2008).

Not surprisingly, then, many commentators recognize that few consumers actually take the time to read and understand digital terms of service (or similar software download agreements) before saying they agree to them. See Restatement (Second) of Contracts § 211, cmt. b (1981) ("Customers do not . . . ordinarily understand or even read the standard terms."); Robert L. Oakley, Fairness in Electronic Contracting: Minimum Standards for Non-Negotiated Contracts, 42 Hous. L. Rev. 1041, 1051 (2005) ("Clickwrap licenses are ubiquitous today, and most people click to accept without reading the text."); Robert A. Hillman & Jeffrey J. Rachlinski, Standard-Form Contracting in the Electronic Age, 77 N.Y.U. L. Rev. 429, 429-31 (2002) ("with increasing alacrity, people agree to terms [in clickwrap contracts] by clicking away at electronic standard forms on web sites and while installing software"); Michael I. Meyerson, The Reunification of Contract Law: The Objective Theory of Consumer Form Contracts, 47 U. Miami L. Rev. 1263, 1269 & nn. 28-29 (1933) (citing cases recognizing the failure of most consumers to read form

29

contracts).9 In one notable example, public disregard for license terms was graphically illustrated by a software company that surreptitiously inserted into its license agreement an offer to pay $1000 to the first person to send an email to a particular address. It took four months and more than 3000 installations before someone noticed the offer and claimed the prize. Jeff Gelles, Internet Privacy Issues Extend to Adware, Newark Star-Ledger, July 31, 2005, at 5. See also Ting v. AT & T, 182 F. Supp. 2d 902, 930 (N.D. Cal. 2002) (holding a customer service agreement procedurally unconscionable because lack of notice contributed to surprise, the court acknowledged that "AT & T's own research found that only 30% of its customers would actually read the entire CSA [consumer service agreement] and 10 % of its customers would not read it at all").

Similarly, empirical research confirms that, in the online context, a majority of users ignored the EULA entirely when installing such popular software as Google Toolbar on their home computers. Nathaniel Good et al., Commentary, User Choices and Regret: Understanding Users' Decision Process About Consensually Acquired Spyware, 2 I/S: J.L. & Pol'y for Info. Soc'y 283, 321 (2006). Furthermore, even the few people who do read the terms of service are unlikely to take notice of more than a handful of the provisions. Due to human cognitive limitations, even rational consumers will be ignorant of non-salient terms in form contracts. Melvin Aron Eisenberg, The Limits of Cognition and the Limits of Contract, 47 Stan. L. Rev. 211, 244 (1995).

Moreover, as noted earlier, most website terms, like other form contracts, are long, written in impenetrable legalese and poorly organized. See Robert W. Gomulkiewicz, Getting Serious About User-Friendly Mass Market Licensing for

30

Software, 12 Geo. Mason L. Rev. 687, 692-94, 701-02 (2004). Such contracts often written at a level of difficulty that exceeds the ability of most consumers to understand. See Alan M. White & Cathy Lesser Mansfield, Literacy and Contract, 13 Stan. L. Rev. 233, 235-42 (2002). Drafters of these agreements give little attention to readability, instead relying heavily on legal boilerplate and including restrictive terms primarily designed to limit the company's exposure to liability. See Gomulkiewicz, supra, at 692-94, 701-02; Russell Korobkin, Bounded Rationality, Standard Form Contracts, and Unconscionability, 70 U. Chi. L. Rev. 1203 (2003). Given the difficulty of comprehending form contracts, and the typically low-dollar amount of the transactions to which they apply, a consumers' decision to forego reading a website's terms of use is not only common, but entirely rational. Eisenberg, 47 Stan. L. Rev. at 240-44; Meyerson, 47 U. Miami L. Rev. at 1269-70. Thus, even persons who are conscientious about reading the terms of service may be unaware of some of the provisions. Under these circumstances, whatever the validity of holding such contracts enforceable for purposes of contract law, the transformation of their terms into the defining criteria for serious criminal violations creates serious risks of criminal sanctions for unwitting violations that cannot pass vagueness and notice review.10
B. Web Site Terms Are Frequently And Arbitrarily Changed By Site Owners With Little Or No Likelihood Of Actual Notice To Users
Many terms of service contain clauses which state that the website owner can unilaterally change the terms at any time, and that continued use of the website implies acceptance of the new terms. For example, the MySpace terms at issue here, even if actually read and understood by a user when he or she visits or signs up for

31

an account, expressly state that they can be changed without further notice to the user merely by updating the agreement on the MySpace website the user is then presumably obligated to review the entire terms for changes every time he or she visits. See Terms and Conditions--MySpace.com, http://www.myspace.com/index.cfm?fuseaction=misc.terms (last visited July 28, 2008) ("MySpace may modify this Agreement from time to time and such modification shall be effective upon posting by MySpace on the MySpace Website. Your continued use of the MySpace Services after MySpace posts a revised Agreement signifies your acceptance of the revised Agreement. It is therefore important that you review this Agreement regularly to ensure you are updated as to any changes.")11 Under the Government's expansive view of the CFAA, a person's access to MySpace would be unauthorized or would exceed their authorization if that person used MySpace and inadvertently violated a newly added or updated provision of the terms that had been inserted since the last visit. However challenging such a view of notice to a contract's terms may be for civil contract law, it fundamentally cannot be said to constitute adequate "fair notice" for due process vagueness purposes. See Douglas v. U.S. Dist. Court for Cent. Dist. Calif., 495 F.3d 1062, 1066 & n.1 (9th Cir. 2007) (holding that website users are not required to continually monitor a site's terms of use for possible changes).

32

C. Web Site Terms May Themselves Be Arbitrary, Vague, or Frivolous And Are Created by Private Site Owners for a Myriad of Business or Personal Reasons Having Nothing To Do With Regulating "Access" for CFAA Purposes
Many web site terms contain conditions that are themselves vague, arbitrary or even fanciful. They are not written by their private drafters with the precision and care that would be expected -- indeed required -- of operative provisions in a criminal statute. Yet operative criminal provisions are precisely what routine business terms would be transformed into under the Government's interpretation of § 1030(a)(2)(C). This fact multiplies the likelihood that such an interpretation cannot satisfy the due process requirement that a statute not "fail to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits," Morales, 527 U.S. at 56, since the statute will itself in turn rely for its essential meaning on the existence and clarity of separate contractual terms.

Web site owners and internet businesses draft specific web site and web service terms of use provisions for a variety of reasons that have nothing to do with regulating "access" to their sites, and certainly nothing to do with preventing the sort of unauthorized hacking or trespass or theft of private data with which the CFAA is properly concerned. Google, for example, presumably included the terms of use provision described earlier barring use of its services by minors -- to protect itself against liability and to try to ensure its terms were binding in the event of a litigated dispute. Surely it did not mean or imagine that tens of millions of minors in fact would never use its services to obtain information or would do so at the risk of criminal liability. In another example, YouTube's Community Guidelines, expressly incorporated into the site's terms of use, prohibit "bad stuff." YouTube Community Guidelines, http://www.youtube.com/t/community_guidelines (last visit July 28, 2008). Uploading "bad stuff" would violate YouTube's terms which, under the Government's theory here, would constitute unauthorized access or exceeding authorized access to the site. Surely YouTube did not draft the "bad stuff"

33

prohibition with CFAA access control in mind. The meaning of "bad stuff" is the essence of vagueness, and it is not even clear whose determination --YouTube's? A jury's? -- would be required. To make sense and to avoid fatal vagueness problems, the terms "without authorized access" and "exceeds authorized access" in the CFAA must be limited to clear, proper purposes consistent with the statute's goals, and not whatever commercial or personal purpose motivates a site owner to draft a provision in a terms of service document.

D. Basing Criminal Liability On Private Contract Terms Inevitably Will Lead To Arbitrary And Discriminatory Enforcement
Allowing the provisions of privately created, sometimes arbitrary or even frivolous web site terms of use to prescribe the legally critical CFAA standard for when a person has gained unauthorized access or exceeded authorized access to computers can only lead to arbitrary and discriminatory enforcement of the CFAA. Statutes that create the likelihood of such arbitrary and discriminatory enforcement are invalid. See, e.g., Coates v. City of Cincinnati, 402 U.S. 611, 614 (1971) (law disallowing three people to congregate if it is annoying to others was unconstitutionally vague, "not in the sense that it requires person to conform his conduct to an imprecise but comprehensible normative standard, but rather in the sense that no standard of conduct is specified at all").

Choosing, as the Government has here, to prosecute under the CFAA a single, isolated instance of violating terms or service out of literally millions of similar, ongoing violations illustrates the dangers of arbitrary enforcement. In a world where each violation or neglect of a web site's terms could constitute unauthorized or excessive access and be the basis for criminal prosecution, there simply is no limiting principle that would restrain the exercise of this enforcement discretion and prevent arbitrary or discriminatory application of the law.

34

CONCLUSION

Megan Meier's death was a terrible tragedy, and there is an understandable desire to hold the Defendant somehow accountable for it, if Defendant's conduct was as alleged. But a dangerously overbroad construction of the CFAA would criminalize the everyday conduct of millions of internet users. The novel -- indeed, unprecedented in the history of the CFAA -- interpretation of § 1030(a)(2)(C) advanced in the indictment cannot be squared with the plain language of the statute, its legislative history, and the constitutional requirements that criminal statutes provide citizens fair notice, avoid vagueness and comport with the First Amendment. Consequently, amici urge the Court to dismiss the Indictment.

DATED: August 1, 2008

By ______________________
Jennifer Stisa Granick (California Bar No. 168423)

ELECTRONIC FRONTIER FOUNDATION
[address, phone, fax]

35

Certificate of Compliance with Circuit Rule 32-1

Pursuant to Rules 29(c)(5) and 32(a)(7)(C) of the Federal Rules of Appellate Procedure and Ninth Circuit Rule 32-1, I hereby certify that the foregoing brief uses 14-point Times New Roman spaced type; the text is double-spaced; and footnotes are single-spaced. This brief complies with the type-volume limitations of Federal Rules of Appellate Procedure 29(d) and 32(a)(7)(B) because there are no limits on the length of party briefs in support of motions to dismiss in criminal cases under Rule 12. This brief contains approximately 11,000 words.

DATED: August 1, 2008

By ________________
Jennifer Stisa Granick For Amici Curiae Electronic Frontier
Foundation

APPENDIX A

LAW FACULTY AMICI CURIAE

Amici file this brief in their individual capacities, and not as representatives of the institutions with which they are affiliated. Institutional affiliations are listed for identification purposes only.

Susan Brenner
NCR Distinguished Professor of Law and Technology
University of Dayton School of Law

Lauren Gelman
Executive Director
Center for Internet and Society
Stanford Law School

Llewellyn Joseph Gibbons
Associate Professor
University of Toledo College of Law

Eric Goldman
Assistant Professor of Law
Director, High Tech Law Institute
Santa Clara University School of Law

Mark A. Lemley
William H. Neukom Professor of Law
Stanford Law School
Director, Stanford Program in Law, Science and Technology

Phillip R. Malone
Everett Street
Cambridge, MA

Paul K. Ohm
Associate Professor of Law
University of Colorado Law School

Malla Pollack
Professor of Law
Barkley School of Law
Paducah, Kentucky

Michael Risch
Associate Professor of Law
Project Director - Entrepreneurship, Innovation and Law Program
West Virginia University College of Law

Jason Schultz
Acting Director
Samuelson, Law, Technology & Public Policy Clinic
UC Berkeley School of Law

Brian G. Slocum
Associate Professor of Law
University of the Pacific
McGeorge School of Law

Daniel J. Solove
Professor of Law
George Washington University Law School

William McGeveran
Associate Professor
University of Minnesota Law School

Robert Weisberg
Edwin E. Huddleson, Jr. Professor of Law
Director, Stanford Criminal Justice Center
Stanford Law School


1 The Missouri legislature amended the statute following this case in recognition that the laws in effect at the time would not prohibit the conduct alleged here. The new statute, which requires proof of intent to do harm to another (as the First Amendment requires), may or may not criminalize Defendant's alleged conduct.

2 Accord United States v. Czubinski, 106 F.3d 1069, (1st Cir. 1997) (reversing CFAA and fraud convictions for browsing through IRS files but not sending or obtaining any information, the court added "a cautionary note. The broad language of the mail and wire fraud statutes are both their blessing and their curse. They can address new forms of serious crime that fail to fall within more specific legislation. . . . On the other hand, they might be used to prosecute kinds of behavior that, albeit offensive to the morals or aesthetics of federal prosecutors, cannot reasonably be expected by the instigators to form the basis of a federal felony. The case at bar falls within the latter category.")

3 Another issue is whether the Government must plead and prove that Defendant intended that her access be unauthorized, or merely that she intended to access, and the access also happened to be unauthorized. Criminalizing unintentional computer trespass raises serious due process problems, but amici do not take up that issue here.

4 This failure to allege that Defendant had any actual notice or awareness of the terms of service, her violation of which allegedly constitutes the sole basis for "unauthorized" use and criminal CFAA liability, would appear to undermine the sufficiency of the indictment, given Section 1030(a)(2)(C)'s requirement that one "intentionally" access a computer without authorization or exceed authorized access, However, amici do not focus further on this issue.

5 It is of no import that the Government might not bring these cases. The inability to distinguish in a meaningful and principled way between the terms of service violations of the Defendant here and the myriad other similar violations of terms like those of MySpace or Facebook that occur every day starkly reveals the unconstitutional vagueness and potential for arbitrary enforcement the statute would suffer under the Government's interpretation. See Section III, infra. Moreover, because the CFAA provides for a civil cause of action, the Government's interpretation would enable Google and Facebook and any other affected web site owner to bring suit.

6Of course, a plaintiff may be able to bring a valid claim under state law for misappropriation of trade secrets. That claim would be subject to the safeguards built into the trade secret liability rules, including allowances for reverse engineering and for disclosure of information that is not, in fact, secret. The CFAA violation has no safeguards; under the Government's view in this case it would put all the power in the hands of the corporation drafting the terms of use.

7 Jennifer Granick, Civil Liberties Director with amicus Electronic Frontier Foundation, represented Mr. McDanel on appeal.

8 See also United States v. Wunsch, 84 F.3d 1110, 1119 (9th Cir. 1996) (finding that requirement in state bar statute incorporated in local rule to "abstain from all offensive personality" was unconstitutionally vague in the context of district court sanction of attorney).

9 In fact, research has shown that even participants in sophisticated business transactions routinely fail to read the terms of form contracts. Andrew Robertson, The Limits of Voluntariness in Contract, 29 Melbourne L. Rev. 179, 188 (April 2005) (surveying empirical research).

10See Mark A. Lemley, Terms of Use, 91 Minn. L. Rev. 459, 465, 475-76 (2006) (observing that in civil cases "in today's electronic environment, the requirement of assent has withered to the point where a majority of courts now reject any requirement that a party take any action at all demonstrating agreement to or even awareness of terms in order to be bound by those terms.") (emphasis added). A similar lax view simply cannot provide "fair notice" in the criminal context.

11See, also e.g., West Terms of Use, http://west.thomson.com/about/ terms-of-use/default.aspx?promcode=571404 (last visited July 28, 2008) ("By accessing, browsing, or using this website, you acknowledge that you have read, understood, and agree to be bound by these Terms. We may update these Terms at any time, without notice to you. Each time you access this website, you agree to be bound by the Terms then in effect."); AOL Terms of Use, http://about.aol.com/aolnetwork/ aolcom_terms (last visited July 28, 2008) ("You are responsible for checking these terms periodically for changes. If you continue to use AOL.COM after we post changes to these Terms of Use, you are signifying your acceptance of the new terms.")


  


An Amicus Brief: Issues in the Cyberbullying Case That Affect You - Updated 3Xs | 411 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections Here
Authored by: SirHumphrey on Saturday, November 29 2008 @ 06:05 AM EST
If needed.
Please include the correction in the title.

[ Reply to This | # ]

Off topic
Authored by: SirHumphrey on Saturday, November 29 2008 @ 06:07 AM EST
Anything that's not On Topic, but please.... no OFF topics

[ Reply to This | # ]

News Picks
Authored by: SirHumphrey on Saturday, November 29 2008 @ 06:12 AM EST
Please place title of News Pick (or GNU's PICK) here.
Clickys are helpful.

And don't mention hat tricks

[ Reply to This | # ]

Did they call it the CFAA because they couldn't spell Stasi?
Authored by: SirHumphrey on Saturday, November 29 2008 @ 06:28 AM EST
http://en.wikipedia.org/wiki/Stasi Stasi

[ Reply to This | # ]

Too many people hate free speech
Authored by: Winter on Saturday, November 29 2008 @ 06:50 AM EST
I see this as another example of general hostility against other people saying
what they want.

There is such a long history of continued harassment of critics that anonymous
speech is a prime requisite for free speech. Killing anonymity is just a small
step from killing free speech itself.

Rob

---
Some say the sun rises in the east, some say it rises in the west; the truth
lies probably somewhere in between.

[ Reply to This | # ]

"If you think EULAs were bad"
Authored by: Anonymous on Saturday, November 29 2008 @ 08:01 AM EST
What, EULA's like the one Apple are applying to Pystar?

Just wonderin'...

:-P

[ Reply to This | # ]

Another In A Series Of Goofball Website Rules
Authored by: TheBlueSkyRanger on Saturday, November 29 2008 @ 08:14 AM EST
Hey, everybody!

This is the primary reason why I don't find myself really rooting for Google.
Admittedly, Google hasn't "done evil," but you never really know until
you cross some line you aren't aware of and they are. I know some will aruge
about reading the EULA, but there are times when you go, "THAT'S what you
meant in the EULA?"

A buddy of mine, during the early days of the Windows revolution, had an AOL
account. He found himself banned for life when a friend of his (no, not me, I
wasn't online at the time) sent him a picture from Playboy to his private e-mail
account. He was told he violated the standards and decency policy.

As a result, I tend to approach with great caution or shy away from websites
that have EULA's that read like the Magna Carta. I flat out avoid websites that
don't really seem to uniformly enforce (or at least give credence to others'
arguments) their own TOS.

I've been practicing drawing, and a friend of mine suggested I get a DeviantART
account. I flat out told him no. I have heard too many stories of selective
enforcement (Nazi symbols are covered by Freedom Of Expression, but they pounce
on nude studies unless you pay the fee), people who get people banned because
they gave constructive criticism of a piece, and a really weird stance on
fanworks/copyright. As a video game nut, I saw an artist who did a fan work of
a character from a fighting game series I play. The problem? It was copied
from a Japanese comic book (I know -- I have it). The kicker? He was being
accused of stealing the image by another guy, who had copied the image himself!

There was a comic book publishing company long ago that set itself up as the
ultimate haven for artists looking to create original work. But it quickly
became apparent that, while the owner believed this, he wasn't putting effort
into it. It was disorganized, had trouble meeting its shipping schedules, and
ultimately was gone within a year.

I really think that most of the web sites out there view this stuff as toys --
they are things to play with and do whatever with, instead of something to be
taken seriously, so they don't see anything wrong with undermining rights in the
digital realm as they don't see them as "real". Freedom Of Expression
applies to IRL, not cyberspace.

And as long as people don't treat this stuff like it's (say it with me) SERIOUS
BUSINESS, it's going to keep going this way.

Dobre utka,
The Blue Sky Ranger

[ Reply to This | # ]

Horrible Terms of Use
Authored by: Anonymous on Saturday, November 29 2008 @ 08:36 AM EST
Actual example of somebodys "Terms of Use", copied from the www on Nov
29 2008.



"By accessing or using our web site at www.facebook.com or the mobile
version thereof (together the "Site") or by posting a Share Button on
your site, you (the "User") signify that you have read, understand and
agree to be bound by these Terms of Use ("Terms of Use" or
"Agreement"), whether or not you are a registered member of
Facebook."

Ridiculous and horrible!



I may publish my own Terms of Use on my own website:

My Terms of Use

Paragraph 1
Solely by accessing this webpage, for any reason, you are legally bound by
my Terms of Use, whether you read my Terms of Use or not, whether you accessed
this page intentionally or accidentally or not.

Paragraph 2
Permission to read my webpage will not be given.

Paragraph 3
You acknowledge an agree that any information provided by you to me is
non-confidential and shall become the sole property of me. I shall have the
exclusive rights thereof.

Anything you say to me, I will then deny you the right to say it again.

Paragraph 4
Breach of Terms of Use .. etc.


[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You
Authored by: SilverWave on Saturday, November 29 2008 @ 08:41 AM EST
pj- "what about prosecutors? Is society in safe hands if prosecutors get to
broadly interpret a law retroactively in creative and aggressive ways to make it
apply to activities that have nothing to do with what the law was written to
address?"

In broad I would say that this is a tendency that I can discern in a lot of
cases in the US courts. This could just be my showing my bias being based in the
UK, but I don't think it is.

It does seem to follow from some of the way things are set up in the US, i.e
some of the prosecutors seem to need publicity and to win at almost any cost.

Warning huge generalisation follows ;)
I think it would also be fair to remark that citizens of the USA as viewed from
the outside are, more then most, noted for their competitiveness. This is not
necessarily a bad thing a "Can do" attitude can be a refreshing change
in some walks of life :)

But when a powerful prosecutor exhibits this competitiveness in the courts to
extend a law in such a ways as this, well things get ugly. It looks to an
outsider that this prosecutor is playing to the mob.

The idea of an adult mentally bullying a child is beyond the pale and should be
punished. But if there is a missing law then create a new law to allow such
behaviour to be punished, don't pervert existing laws.

Looking at this problem from the UK could such a person not be charged via
"stalking" laws?





---
RMS: The 4 Freedoms
0 run the program for any purpose
1 study the source code and change it
2 make copies and distribute them
3 publish modified versions

[ Reply to This | # ]

An Amicus Brief
Authored by: om1er on Saturday, November 29 2008 @ 09:19 AM EST
This brief was brilliant. I am so happy to learn that a law cannot be vague, or
arbitrarily enforced, and that it must be able to be read. I've seen some
mention lately of "secret laws," related to the war on terrorism in
the United States, and wondered how in the world those could be enforced. By
reading this brief, I now know that secret laws cannot be enforced, simply
because only laws that can be read by citizens can be enforced. I hope that is
true.

Beyond that, I see how, if this case is not thrown out, it will shut down the
Internet - totally and completely - in the United States, anyway. I refuse to
re-read the Terms of Service on every web site I visit, every time I visit each
site. If this case stands, I would have to do just that. Just reading a TOS
one time is usually torture. To have to re-read it every visit would be cruel
and unusual.



---
August 10, 2007 - The FUD went thud.

[ Reply to This | # ]

"They make the law and if you mess up, you go to jail. "
Authored by: tiger99 on Saturday, November 29 2008 @ 10:11 AM EST
Sorry to have to mention politics, albeit not the kind that many of us would support, but that is plainly Fascism. We have seen it already with the RIAA/MPAA, and possibly other cases too, where corporate interests are, in effect, setting and enforcing criminal law.

It has to stop, and the correct people to stop it are the elected government. I think that if you are a US citizen, your best option is to write to your elected representatives about this. It does seriously undermine the democracy which both main parties believe in, so I don't see why any politician would want to support it.

I fear that if this lunacy is not stopped, the next place it will manifest itself is the UK.

[ Reply to This | # ]

Its now on the BBC
Authored by: tiger99 on Saturday, November 29 2008 @ 10:34 AM EST
L ink

A fairly concise account of the case, I think. What they don't (can't?) explain is how violating the terms of a website becomes a criminal offence.

Normally there is a clear line of demarcation between civil and criminal law, although they overlap in areas like copyright, in many countries. Yet we have seen some kind of highly improper activity, which may be fraud, or worse, perpetrated by SCO for over 5 years, without it becoming criminal (yet?). And look what M$ have done over the years. (One of Gates' first acts, stealing computer time, ought to have been dealt with by the due process of criminal law, and the world would have been a better place as a result.) We could mention other industries too, like Monsanto.....

Yet an individual violates the civil terms and conditions of a website, and gets charged with violating criminal law. It is just not right. It is making me angry.....

But as I said under the previous article, parents do need to spend more time with their children, and that includes knowing what they are up to on the internet. This tragedy could have been avoided, but clearly not by the application of the law.

[ Reply to This | # ]

The Randal Schwartz case
Authored by: swmcd on Saturday, November 29 2008 @ 11:01 AM EST
This sort of thing has happened before.

Back in the '90s, a contractor working as a system administrator for Intel was
successfully prosecuted for "unauthorized access" under an Oregon
computer crime law.

There as well, a private company got to decide what was "authorized",
and then bring down the force of law on someone who they deemed to have crossed
their line. See

http://www.lightlink.com/spacenka/fors/
http://world.std.com/~swmcd/steven/rants/merlyn.html

[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You
Authored by: drh on Saturday, November 29 2008 @ 11:18 AM EST
If you take this scenario, apply it to governments, you end up with much the
same situation we have today. What is legal in Facebook is not in MySpace. What
is legal in the US is not in France.

Governments though DO have the right to enforce their Terms of Service, usually
called Laws. Do they have the right to enforce those Terms of Service beyond
their borders? No. Do they try to enforce their laws outside their borders? Yes.
The US has actually invaded foreign countries, grabbed a foreign national, and
returned him to the US for prosecution. They are not alone.

So now websites could have this power to criminally prosecute their users.
Sounds a lot like SCO. What are their borders? It used to be the confines of
their site, and enforcement was constricted to that. Now, if their terms of use
include linking in from outside sites, they have arbitrarily and apparantly
legally expanded their borders to include the linked site. Which now brings them
into conflict with the terms of service of the site that holds the link.

This can only end badly.

---
Just another day...

[ Reply to This | # ]

No, No, and No!
Authored by: Anonymous on Saturday, November 29 2008 @ 12:21 PM EST
On this one I have to disagree with PJ, and apparently with everybody else. So
here goes.

This is not a First Amendment case, the issue is conduct not speech.

Fact 1. An adult knowingly and intentionally set out to cause injury and pain to
a specific child.

Fact 2. This conduct was not a single impulsive act but a calculated pre-planned
series of acts intended to injure that child.

Fact 3. This conduct was so 'successful' that it killed the child.

To use a variation on the theater example, if you stand up in a crowded hotel
lobby and intentionally (and knowing it to be false) yell 'bomb!' and someone
dies in the resulting stampede, or simply of heart failure, you have committed
at the very least manslaughter. The first amendment doesn't even get a look in.
There is no 'right' to kill or injure people by 'speech'.

In this case I think the amicus have become fixated on their specific interest,
and have lost sight of the larger context.

To wit: If you use the internet to knowingly and intentionally inflict injury on
a child, and as a direct consequence of that injury that child dies (even if by
suicide) you have committed a crime and properly should expect prosecution,
conviction, and punishment.

If you didn't do that, you don't.

There was a comment that this was a tragedy, not a crime. That's backwards and
wrong.

A tragedy is a consequence of a flaw in the character of the protagonist. Does
someone want to identify what character flaw this child possessed that justifies
her death?

No?

This was a crime, arguably murder. It is not lawful for an adult to drive a
child to kill herself. Period.

That someone out of state, and at the Federal level had to dig down for this
charge against a murderer is ... depressing.

I'll shut up now.
JG

[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You
Authored by: tknarr on Saturday, November 29 2008 @ 01:11 PM EST

To me the biggest problem with the decision is that it puts the decision about whether someone has authorization or not off until after events have unfolded. When you signed up MySpace said you were authorized to access their servers, but now the prosecution is going back and, not withdrawing that authorization, but making it never have happened. In essence, the prosecutor gets to rewrite history to suit his case. That's the real harm in this decision.

If someone comes to my house posing as a repairman, I let them in and leave them to their work and they go and steal my stuff, they (probably) can't be charged with breaking and entering. They can be charged with burglary and theft, but they didn't break into my house. I opened the door and gave them permission to come in, and I can't retroactively go back and not have opened the door. The fact that there's a crime I can't have them charged with that I could have had I done something differently isn't considered unfair.

I wonder if this could be turned around, though? If MySpace can decide after the fact that they never gave me permission, even though I've got the signed agreement saying they did, can I turn around and not give permission to a software package to install stuff on my computer even though they have the click-through agreement saying I did, on the grounds that they misrepresented their software and thus didn't really have authorization? I imagine a good lawyer could have a field day with that. Maybe it's time to stop fighting to stop these laws and start playing with them. Playing in the sense of "OK, if you're reeeeally sure those are the rules you want... <very big very evil grin&gr;".

[ Reply to This | # ]

why this is Evil Bad and Wrong
Authored by: LaurenceTux on Saturday, November 29 2008 @ 02:45 PM EST
lets say overnight somebody gets to PJ and does some sort of hypno-programming
(so she would actually do this) and She then in the morning decides to put up a
Terms Of Service page
as one of the static pages. In this TOS she puts a clause stating that any
website citing Groklaw is now to be charged a US$20.00 per person per day fee
for "use of content".

PJ would be richer than a most first world countries in days esp if she back
dates this charge to the beginning (how many times has groklaw been cited on
/.??)

Now im all for giving money to PJ but crippling the entire world economy in the
process is not good.

[ Reply to This | # ]

The Reverse Picture
Authored by: Anonymous on Saturday, November 29 2008 @ 02:57 PM EST
The reverse picture is that by sending javascript and CSS to the browser those
websites and their operators may also be subject to the website visitor's
policies.

Unauthorized access, etc.

[ Reply to This | # ]

Another opportunity for RIAA??
Authored by: pgetto on Saturday, November 29 2008 @ 04:42 PM EST
Since most ISP's, YouTube, etc have provisions in their TOS against posting
materials in violation of copyrights, it seems like this decision opens up a new
avenue of attack for RIAA. Couldn't they use this decision to push for criminal
CFAA prosecutions of those they claim violated their copyrights?

[ Reply to This | # ]

MySpace makes regulations, not law
Authored by: Anonymous on Saturday, November 29 2008 @ 05:20 PM EST
So, if you mess up MySpace regulations, you don't necessarily go to jail.
Cool down, PJ.

[ Reply to This | # ]

Crime
Authored by: Anonymous on Saturday, November 29 2008 @ 05:41 PM EST
From what I remember of this case what makes it a crime is that Drew is an adult
who wiht the help of others created an account of a 16 yr old boy (a minor) in
order to harass a girl who was also a minor. The fact that myspace is involved
is due to the fact that it is their servers that the crime was commited on.
Remember, a girl who was known to be instable killed herself because of what
this woman did. Cyberbullying occures a lot more than ppl think, and should be a
crime

[ Reply to This | # ]

  • Crime - Authored by: tiger99 on Saturday, November 29 2008 @ 06:11 PM EST
  • Crime - Authored by: PJ on Saturday, November 29 2008 @ 06:18 PM EST
  • Crime - Authored by: tknarr on Saturday, November 29 2008 @ 06:19 PM EST
  • Crime - Authored by: Anonymous on Sunday, November 30 2008 @ 08:35 PM EST
  • Crime - Authored by: Anonymous on Tuesday, December 02 2008 @ 12:03 AM EST
    • Crime - Authored by: Anonymous on Tuesday, December 02 2008 @ 12:11 AM EST
      • Crime - Authored by: Anonymous on Tuesday, December 02 2008 @ 07:31 PM EST
Civil suit
Authored by: DodgeRules on Sunday, November 30 2008 @ 03:43 AM EST
Hopefully this will get overturned and a civil suit is soon filed against Lori
Drew. The criminal case against her would have given her a few years in prison
and a few hundred thousand dollar fine. The civil suit will drag her name
through the mud even further and cost her millions, as well as whatever
reputation she may have left. Who would want to be known to "hang
around" with this woman after she bullied a teenager into killing herself?
And hopefully the courts won't allow her to change her name to try to avoid the
consequences of her actions such as not being able to find employment. I know I
wouldn't hire her as her presence would be a disruption to my business and would
actually cost me customers.

[ Reply to This | # ]

Let's wait for Judge Wu
Authored by: Tolerance on Sunday, November 30 2008 @ 04:21 AM EST
PJ offers the EFF amicus curiae brief, which would have turned her hair white.
I've now read it. If it wasn't already white it would have turned that way.

That said, before taking the position that the law was the wrong one, I'd like
to see the prosecutor's brief also. But even more, I'd prefer to wait till
Monday to see what Judge Wu decides, and why.

Meanwhile, looking at §1030, subsection (a)(5)(a), I see that the EFF complains
about the "without authorization" wording.

In plain terms both Ms Drew and Miss Meier created their accounts without
authorization (in the sense that they violated the terms of service). But the
EFF says that in previous cases "without authorization" means
something stronger, and where it didn't, bad decisions resulted.

The EFF's conclusion puts the position for PJ, as I understand it, in a
nutshell: "Megan Meier's death was a terrible tragedy, and there is an
understandable desire to hold the Defendant somehow accountable for it, if
Defendant's conduct was as alleged".

Except it wasn't. PJ observes the jury did not find Lori Drew guilty of any
felonious intent, not malice, in particular not stalking or harassment. If I'm
reading the Act correctly it uses the word "reckless" so under that
section, some sort of ill-feeling is a requirement for prosecution under the act
(as amended).

The EFF would have had the prosecution thrown out. That didn't happen but the
jury simply failed to declare her guilty of a felony. The really heavy penalties
therefore are avoided.

Personally I think that's astonishing, but even with the misdemeanors there's up
to three years (one for each misdemeanor) and $300,000, which is more than she
might get for manslaughter.

Anyway my opinion is worth little, I wasn't in the courtroom. PJ also finds a
moral and legal equivalence between the actions of Ms Drew and those of the
young suicide's mother, which to me is more frightening than the CFAA, but once
again opinions may vary.

What I would really like to know, something I asked in an earlier thread and
never got an answer to, is what would be the law covering death by practical
joke?

I'm sure this has happened often in US history. Just googling around found
this:<http://tinyurl.com/557nkb> -a man shot by three cigarette butts, no
malicious intent, the joker got manslaughter.

And then there's the 'eggshell' legal doctrine: it won't save you to say
"just a light tap on the skull shouldn't have killed her" if she has
an eggshell skull.

Where there is justice there should be a remedy - that old legal saw (Ubi jus,
ibi remediam) means somewhere in the cornucopia of state or federal law there
must have been some means for seeking justice. Not, I'm guessing, the CFA Act,
which is why PJ and the EFF are up in arms. But I'm quite sure John Adams - he
who wished for "a nation of laws, not men" - would have found no
difficulty in prosecuting Lori Drew.

---
Grumpy old man

[ Reply to This | # ]

Criminal Negligance?
Authored by: rsteinmetz70112 on Sunday, November 30 2008 @ 01:36 PM EST
In Louisiana, according to the statute:
Criminal negligence exists when, although neither specific nor general criminal intent is present, there is such disregard of the interest of others that the offender's conduct amounts to a gross deviation below the standard of care expected to be maintained by a reasonably careful man under like circumstances.
I would assume Missouri has some similar statute. I wonder why it wasn't used.

---
Rsteinmetz - IANAL therefore my opinions are illegal.

"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk

[ Reply to This | # ]

Scary
Authored by: Anonymous on Sunday, November 30 2008 @ 04:03 PM EST
Can we start putting up disclaimers that both EULAs and contracts of adhesion do
not apply to us unless there are copies signed in pen (not merely
electronically) by both parties?

Because I don't like that violating a EULA could now somehow be a federal crime.
I'm reasonably sure that I've violated the vague provisions of dozens, if not
hundreds, of them. And the only reason I have any idea is because I've read
some of them.

I mean, damn. Suddenly a quick off-topic reply to someone is a federal crime?
There's netiquette and then there's taking it too far...

[ Reply to This | # ]

just think what happens when a web site..
Authored by: Anonymous on Sunday, November 30 2008 @ 08:39 PM EST
just think what happens when a web site ties in its TOS with an
anti-Establishment like clause.

A web site's TOS says "to be a member of this web site, you have to be a
Christian." and if you are not, then you've committed fraud and will be
prosecuted under CFAA.

So, you're blogging away and happen to say something the owners of this web site
declare to be blasphemous.

Nothing will happen to you, right? No one has ever gone to jail from having
independent thought?

The Inquisition never condemned Copernicus, Galileo, and Kepler, right?



[ Reply to This | # ]

Interpretation of TOS
Authored by: Anonymous on Sunday, November 30 2008 @ 09:07 PM EST
This is an interesting situation. Normally if there is a contract or
contract-like agreement in dispute, the two or more parties to the contract get
to argue their positions in front of a court.

But now, TOS will be interpreted by the court with only one party to the
agreement present -- presumably the company that wrote them won't necessarily be
involved. The prosecutor will be expected to understand the agreement. How can
there possibly be a reasonable process to work out the meaning of vague and
contradictory sections? What if the government argues for a meaning which the
author of the TOS doesn't like? I see no way except for a friend of the court
filing for them to be involved... and may not even know about all the cases
involving their TOS because they aren't required to be notified.

[ Reply to This | # ]

To answer PJ's question in the update...
Authored by: drh on Sunday, November 30 2008 @ 09:22 PM EST
Excuse me for pointing this out, but shouldn't this mother also be prosecuted for violating MySpace's Terms of Use, now found a violation of a criminal statute, the Computer Fraud & Abuse Act?

My answer is: Yes.

Because the jury did not find intent to cause injury, it only found that violating the terms of service was the "crime", then the mother is indeed guilty of same through her own admission.

---
Just another day...

[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You - Updated
Authored by: Anonymous on Sunday, November 30 2008 @ 09:31 PM EST
Is anyone reminded of how Google accidentally included very inappropriate
language in the original EULA for Chrome? Just imagine going to jail because a
website owner forgot to delete a paragraph somewhere.

[ Reply to This | # ]

The effect on gaming console
Authored by: Anonymous on Monday, December 01 2008 @ 01:20 AM EST
The three major gaming console (Wii, Xbox360, PS3) all have an online component.
Most family set up one account for all their family members. Under the ruling,
the other family members are all committing a FEDERAL CRIME and should be jailed
for THREE YEARS!! That also applies to your friends who comes over to your house
to play.

Even if you make a separate account for everyone, what happen to multiplayer
games? Only one person can log in at a time, so any other players are committing
computer fraud. Games usually come with a ToS with the requirement that you
"play in a well lit room and away from the TV", so if your light bulb
goes out in a middle of a game you should go to jail.

Touching someone else's computer is a legal minefield. The person must disable
all and every automatic update program before going online, or it'll be a
CRIME!! For the mobile phone with advanced internet features, if you let someone
else use your phone it's also a CRIME. Everyone who use a computer in the US
will become a criminal.

Let hope the judge throw the case out.

[ Reply to This | # ]

A quarrel with the argument against.
Authored by: Anonymous on Monday, December 01 2008 @ 02:33 AM EST
You seem to be arguing prosecutors should be honourable and
not "do bad stuff", in this case, twist the law to suit their
purposes, in this case a moral agenda of extreme prudity. I would say a law that
can easily be twisted that way is in itself bad law and should be struck from
the books with extreme prejudice.

Mind, I don't disagree that this ruling should not be allowed to stand, but I'd
like to point at the discrepancy in argumentation nonetheless.

I might also note that there is quite a lot of bad law on the books, so agreeing
not to abuse it is perhaps more expedient, but a satisfactory solution it is
not.

[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You - Updated
Authored by: LuYu on Monday, December 01 2008 @ 02:54 AM EST

How is this any different than the copyright witch trials that have been happening in the US? Yes, the RIAA has been asking for civil penalties so far, but they could just as easily add criminal infingement to their list of charges. It is in the copyright act, and there is real jail time attached to these things -- especially considering the volume and scale of Internet based distribution (which the law could never have anticipated).

In Digital Copyright (2001), Jessica Litman made the point that a room full of copyright lawyers often had trouble with determining what was legal and what was illegal on many copyright issues. By extension, she argued that ordinary people, who had not read the Title 17 or spent years in law school studying copyright would be unable to reasonably determine which activites were legal and which were not. She said the assumption that copyright is fair and makes sense meant that most people would unknowingly violate copyright law.

This sort of overlegislation has been a part of US law for quite some time now. It seems that everyone is a criminal according to these laws.

So, cynically speaking, what has changed? You mean we have one more law -- of many -- that makes us all criminals? So? It is already too late, is it not? We are all already criminals anyway, right?

---

"Proprietary software is an antisocial practice."
-- Richard M. Stallman

[ Reply to This | # ]

PJ in support of fraud? A Right to Lie?
Authored by: Anonymous on Monday, December 01 2008 @ 10:20 AM EST
I'm not sure why PJ has jumped to extremes, but it seems like she is supporting a right to lie for deliberate effect and direct profit/gratification.

Drew lied when she created an account in the guise of a cute boy. She knew, or reasonably ought to have known that MySpace does not encourage lying (even if it cannot stop it). Then she (and her employees) used that account to harass a mark. Again, she knew (or ought) that that was against MySpace policy (and they actually ban people). This was fraud for personal gratification, no different from a sexual predator.

Drew might have had affirmative defenses like notice or tolerence for _one_ of these lies. But the combination indicates clear fraudulent intent. Wire fraud. When you lie, it had better be for justifiable reasons (protection) and not profit/gratification.

I'm surprised she was only convicted of a misdemenor.

[ Reply to This | # ]

Issue of Contracts versus Laws
Authored by: Anonymous on Monday, December 01 2008 @ 10:51 AM EST
The point is, I think, that a TOS/AUP is a contract between user and site; the
law is separate.

The law can make murder illegal; a site can make posting GOATSE unacceptable and
terminate the contract.

This balance has kept corporate intrusion out of our lives for some time.

Of course, I read Plato -- I'm not naive to the ongoing decline of our empire --
but I think we should preserve it as long as we can.

---
death metal

[ Reply to This | # ]

The sky isn't falling
Authored by: Anonymous on Monday, December 01 2008 @ 10:59 AM EST
The use of the internet is not going to get "decided-away" on the
basis of this extremely bad court decision.

PJ and the EFF are engaging in a highly-illustrative description of what the
consequences _could_ be if the reasoning is taken to its conclusion, and website
terms of service are really given the force of criminal law. I don't think PJ
really expects that five years from now, webmasters are going to be issuing
arrest warrants for trolls. This bad decision will draw attention to itself,
and eventually sanity will prevail.

[ Reply to This | # ]

Cyberbullying?
Authored by: Anonymous on Monday, December 01 2008 @ 11:56 AM EST
I think what people are neglecting to notice is the fact that there WAS NO
CRIME.

It doesn't matter that the internet was involved. If you call me something
unpleasant to my face and I go kill myself, that does not make you a criminal.
If I kill myself, I am the perpetrator, and I have taken the life of a person
who is totally defenseless before me. Ergo, I have murdered myself. It doesn't
matter that my motives *might* have involved my huge, overly vulnerable ego, or
my wounded pride. It doesn't even matter if you cheer me on and encourage me to
kill myself.

If I do kill myself, and you are blamed for it, that makes the law wrong. Anyone
who supports such a law is perverting justice in the name of convenient revenge.
The real perpetrator is beyond our reach, so we lash out at the convenient
target. This is a natural reaction, but it is not the morally correct one.

[ Reply to This | # ]

  • Cyberbullying? - Authored by: PJ on Monday, December 01 2008 @ 08:29 PM EST
  • Cyberbullying? - Authored by: Anonymous on Monday, December 08 2008 @ 01:59 AM EST
Oh My God The Sky Is FALLING!!!
Authored by: Anonymous on Monday, December 01 2008 @ 12:20 PM EST
No it's not. You people should really find a better case
before you get on your high horses and ride out to battle.
This lady was involved in something immoral and ended up
with a child killing themselves. She is hardly a poster
child for "e-rights" and freedom.

I think that is easy to agree this is a bad precedent. But
let's be real, what was done by the Drew's and their friend
was wrong. It was very wrong not for some abstract reason.
This girl was encouraged to kill herself and was done so by
an adult working with her child to pretend to be the love
of the little girls life and then working very hard to
convince her that everyone hates her and thinks she should
go away. That was the plan and they admitted as such
without any indication of remorse. They did all this based
on the suspicion (paranoia) that the Meier girl was
spreading gossip. The Meier girl wasn't any trouble for
others and was struggling to feel like she was a worthwhile
person in the first place. I'm not upset that prosecutors
used any tool they could to punish and I'm not upset that a
jury interpreted those same tools generously (abusively) in
order to punish them.

If this is the most egregious abuse of these laws then the
people on this site should breath a healthy e-sigh of
relief. Fighting for your "rights" is a worthy endeavor
but drawing the line in the sand too soon is just as fatal
to your cause as waiting too long. Drawing the line here
is drawing the line too soon. Sometimes we sacrifice a
little of our rights because those sorts of compromises
allow us to preserve the rights we really care about.

I think the lesson to be learned is that if you are an
adult harboring the intent to use the Internet to cause
emotional distress to a young child that you know to be
mentally unstable and if that child winds up doing harm to
themselves that you had better make sure you are following
those worthless EULAs because otherwise you could actually
be found in violation of a misdemeanor. Everyone else is
safe. Pretending that this case is just about EULAs is
living in an abstract world. Even the judge admitted as
much because he allowed the evidence about Megan's death
and the content of the communication. This is not a case
about EULAs and anyone who thinks otherwise is living in an
abstract legal world disconnected with the reality where
the law is a tool of society to codify morality. Sadly,
that's why it was conceptualized and that is what it still
does.

[ Reply to This | # ]

Bad situation all all around...
Authored by: HockeyPuck on Monday, December 01 2008 @ 12:41 PM EST
But the woman should be punished somehow. I don't care how. She is evil, period.
Who would not only encourage someone to cause someone else pain; but participate
in it as well? We are talking about a grown woman; not some stupid teenager
(even though they should know better). Here is what gets me. If I open a
account. Pretend to be a boy hitting on a young girl; I'm a predator. Why
couldn't she be charged the same way? She was impersonating a teenager with the
intent to do harm. Seems clear to me?

But as a juror, you have to look at the facts and try to parse the law as you
know it. Common sense and emotion will play into that decision. The woman needed
to be punished. I think they did the best they could. The decision may not be
the best; but it is the best we can do at this time until we fix this mess.

One final point. If a EULA is NOT enforceable; then why have one? So to all you
predators; its seems we are more interested in freedom of speech and fair usage
than protecting innocents. That means all you sick puppies should be able to
create bogus accounts and prey on innocents since EULA are not contracts and
cannot be enforced. Did I miss something?

[ Reply to This | # ]

Terms of Service as Criminal Law
Authored by: Anonymous on Monday, December 01 2008 @ 12:51 PM EST
Google should start charging royalties every time their trademark is used as a
verb.

[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You - Updated 3Xs
Authored by: Anonymous on Monday, December 01 2008 @ 05:34 PM EST
They way I see it, this case is about finding a way to punish the accused.

Suppose we alter the scenario just slightly. Rather that using MySpace, the
USPS is used. Should the defendant be brought up on mail fraud charges?

The quest for blood seems to have run a bit far afield....

[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You - Updated 3Xs
Authored by: Anonymous on Monday, December 01 2008 @ 08:38 PM EST
PJ quoted Andrew Grossman via the Christian Science Monitor. He wrote a nice article about the case back in September. You can find it here.

[ Reply to This | # ]

An Amicus Brief: Issues in the Cyberbullying Case That Affect You - Updated 3Xs
Authored by: Anonymous on Monday, December 01 2008 @ 11:04 PM EST
Okay, I've tried to find an appropriate comment to comment on, but there are so
many that I just gave and am starting my own. Sorry if there was one (or more)
appropriate one(s) already existing. I refer, of course, to one of the
guidelines: Try to reply to other people's comments instead of starting new
threads.

My take on this whole thing is this:

While the parents of the girl who committed suicide are responsible for allowing
her to use the Internet unsupervised, they did not cause the pain and anguish
that led to her actions. Those who are responsible are those who posted the
very unkind remarks on the site. I know how very mean kids can be to other
kids, as I think most, if not all, of you do, too. Therefore, I believe that
those kids are the responsible parties. If anyone should be punished for the
"cyber bullying", it seems to me that they (and THEIR parents,
assuming they knew about this) should be the ones to be punished, not the
mother, who has already lost her daughter, due to these actions.

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )