Saturday, November 29, 2008

GrokLaw is at it again

A friend of mine sent me a link to a GrokLaw article about the cyberbulling case. You know, the one where the mother of another child set up a fake friendster page and pretended to be a boy who was interested in a girl so that she could have the fake boy eventually crush the girl's spirit by breaking up with her or ending the fake friendship that had been nurtured online. That one. Well, she was found guilty of violating the Computer Fraud and Abuse Act (CFAA) because she violated Friendster's terms of service (TOS). The GrokLaw piece depending heavily on an amicus brief (i.e. a third party brief).

The amicus brief overstates things, and the groklaw piece overstates things even further. 

The central issue in the case is the nature of the false identity assumed by Ms. Drew, the defendant. Was it fraudulent and in violation of the terms of service to an extent that might make fall under the CFAA?

First, it obviously was not her full and real identity. 

Second, it was not an obviously anonymized identity (e.g. Publius, the name given as the author of the Federalist Papers, or my identity as "ceolaf"). 

Third, it was not a partially obscured version of her identity. That is, the brief says, "child safety advocates like the Child Exploitation and Online Protection Centre of the British government specifically encourage children to protect themselves by providing misleading identifying information instead of real names on social networking sites." Obviously, children are not expect to creating entirely fictional identities in such situations, but rather the obscure and mislead on some particularly identifying details while allowing them to still have their own personalities in their interactions. 

Fourth, it was not done for satire or any LAPS (i.e. literary, artistic, political or scientific) purpose.  (The LAPS test comes from obscenity jurisprudence.)

The groklaw article assumes, quite without any justification, that US vs. Drew would make all violations of websites' TOS into legal violations of the CFAA, as though it would be a black and white issue with that clear line. It assumes that then entire history of first amendment jurisprudence would be entire inapplicable, that there would be not room for judgement as to whether a particular TOS violation rose to the level of a CFAA violation. 

I don't buy it. I don't buy it for a second. 

Ms. Drew's violation of Friendster's TOS were gross violations of a flagrent degree. It violated the TOS in multiple ways, all of which were obvious violations. No reasonable person could believe that this behavior would be condoned or even allowed. Ms. Drew's behavior was the sort that is only justified by the immature claim, "It's a free country; I can do what I want," the kind of thinking that says that people can do or say whatever they want without any regard to its impact on others. The kind of thinking that says because we have freedom of speech we can yell "Fire!" in a crowded theater. 

As a matter of practicality, websites must be able to protect themselves with terms of service (TOS), or else they can be held liable for anything that users might put on their sites or use their sites for. I understand that the question here is whether such TOS violations could ever rise to criminal violations of the CFAA. That's the issue. 

But is not whether all TOS violations should be viewed as criminal violations. That law does not work that way in this country. Our courts recognize that many issues are NOT black and white, that there are shades of grey and varying contributing factors that must be taken into account when deciding whether something passes a threshold, and that there are human judgements to be made. 

Only small children and developmentally stunted adults cannot accept that. 

GrokLaw, it seems, does not.


I can see plenty of reasons why this might be a bad decision, or a bad precedent. Or reasons why TOS violations should be civil offenses and not criminal offenses. But I can also see the other side. More importantly, for the purposes of this post, GrokLaw's hyperbolic ranting entirely misses the the point. 

1 comment:

reppep said...

I think it's MySpace, not Friendster.

People shouldn't have to use painfully obvious names such as "John Q Smith" if they want to avoid using full legal identities.

I believe PJ (Groklaw) is worried that this judge has accepted that violation of private TOS constitutes a criminal act; this sets a precedent that any website you register for can retroactively criminalize you -- to the tune of $100,000 & 1 year in prison. That seems like a very bad breakdown of the civil/criminal distinction.

You may be confident that most judges will know better than to honor this precedent as generally inappropriate. I am not comfortable with it -- judges do not always make the right judgement call; the law and precedent should be as good as we can make them. Selective enforcement never ends up fair.

If in this case, MySpace's TOS were held over the First Amendment, then we cannot trust that the First Amendment will protect us from TOS in the future.

From another perspective, I don't trust MySpace, AOL, Facebook, Yahoo, MS (Live), Google, Hulu, HP, Amazon, B&N, Blizzard, and everybody else with a website, to not misuse the CFAA if they have it in their legal arsenal.

But thanks for calling PJ (and me) developmentally stunted!