I joined a group of law professors and public-interest groups that filed an amicus brief Friday in the case of United States v. Drew. That criminal case is a repercussion from the horrible and high-profile cyberbullying conducted through MySpace against a small-town Missouri teenager named Megan Meier, who committed suicide in response. Lori Drew, a 48-year-old neighborhood mother, had at least some role (details are contested) in the creation of a hoax profile of an imaginary boy who pretended he liked Meier and then abruptly turned on her. This nasty bullying is so pointlessly mean it gives you goose bumps. Drew was later indicted under the federal Computer Fraud and Abuse Act (CFAA).
The amicus brief, however, calls for the indictment to be dismissed.
Why? For that, I turn to that most wise and quotable of Supreme Court justices, Oliver Wendell Holmes:
Great cases, like hard cases, make bad law. For great cases are called great, not by reason of their real importance in shaping the law of the future, but because of some accident of immediate overwhelming interest which appeals to the feelings and distorts the judgment. These immediate interests exercise a kind of hydraulic pressure which makes what previously was clear seem doubtful, and before which even well settled principles of law will bend.
Megan Meier’s suicide is just such a hard case. I understand and share the desire to hold someone accountable for behavior toward her, especially an adult who participated. I can’t entirely believe I am aiding the defense, in however small a way. But in its efforts to satisfy the desire for accountability, the government proposes to distort the CFAA — to bend well settled principles, in Holmes’ phrase — in a way that could apply to future cases. In other words, to make bad law.
As the brief explains, Congress clearly enacted the CFAA to respond to black-hat hackers (really probably “crackers,” but never mind) who break in to computer systems for malicious purposes. The law imposes criminal penalties on anyone who “intentionally accesses a computer without authorization or exceeds authorized access.” The government’s case against Drew depends on the idea that creating the phony account and using it for bad ends might have violated MySpace’s terms of service. That’s the legalese attached to many web sites that purportedly defines the conditions for use of the site. Read them often? Me neither. Ever give false information to a web site to protect your privacy? Me too. If the government expands the CFAA as proposed here, any violation of terms of service could be a federal crime.
Maybe the Department of Justice would use its discretion and only prosecute bad actors who violate terms of service to do really horrible things like torment a teenage neighbor. But perhaps not. Which is why we define crimes very specifically in our country: exactly because we don’t want to trust in that discretion, and because no one should go to jail for violating an exceedingly vague law. Certainly we don’t want to outsource the definition of these crimes to the private-company lawyers who write terms of service.
We may need a stronger legal response to cyberbullying, though the area is fraught with complex implications for privacy, free speech, and protecting the intermediaries who provide open forums online. Turning every term of service into a criminal law is definitely the wrong response. I loathe what Lori Drew allegedly did, but loathing makes really bad law.