Lori Drew is the woman who, using Myspace in 2006, cyberbullied 13-year-old Megan Meier into committing suicide.
Drew’s actions were, without question, reprehensible. The interesting issue for this post, however, is the U.S. government’s decision to bring criminal charges under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. Section 1030.
Under CFAA, it is a crime to access a computer without authorization or in excess of authorization. The government alleged that because Drew created a false identity on Myspace, in violation of Myspace’s terms of service, to bully Meier, Drew violated CFAA in a manner that resulted in Meier’s death.
Although the jury found Drew guilty of misdemeanors under CFAA, the judge determined, as a matter of law, that CFAA was void for vagueness: Users cannot reasonably be expected to know that any conscious violation of any website’s terms of service constitutes a criminal act, and law enforcement would have too much discretion in enforcing the law. United States v. Drew, U.S. District Court for the Central District of California, 8/28/2009.
For some time, now, I, too, have thought that use of CFAA in this case was inappropriate, but for a different reason: In my opinion, Drew did not use Myspace’s computers without authorization or in excess of authorization – she used them under false pretenses, which is a different issue.
* * *
Follow-up: California’s equivalent to the CFAA is set forth in Penal Code Section 502.
This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly.