If The Drew Fits, Charge It?
Being fascinated with both the use (and misuse) of technology and criminal law in general, I have been intently following the Lori Drew case. For those of you who haven’t, however, Drew is the Missouri mother who — as a response to some animus between 13-year-old Megan Meier and Drew’s daughter — created a false persona, “Josh Evans,” on Myspace to flirt with and gain the trust of Meier, then insulted and demeaned her to the point where Meier committed suicide. Missouri state officials reviewed the case, but felt that there was no appropriate state statute under which to bring charges against Drew; federal prosecutors in Missouri declined to charge the case for similar reasons. However, federal prosecutors in California (where Myspace’s servers are located) disagreed; claiming jurisdiction, they charged and were subsequently able to indict Drew under 18 U.S.C. § 1030, the Computer Fraud and Abuse Act (CFAA). Specifically, the U.S. Attorney’s Office in California is charging her with violating 18 U.S.C. § 1030 (a)(2)(C), which makes it a crime for anyone to
intentionally access[] a computer without authorization or exceed[] authorized access, and thereby obtain[] . . . information from any protected computer if the conduct involved an interstate or foreign communication.
The indictment can be found here, if anyone is interested in reading it, but the gist of the argument that the AUSAs in California are making is that by giving fictitious profile information, Drew violated Myspace’s Terms of Service, thus “exceeding” the access authorized by Myspace. Then, as she used this fictitious profile to “obtain information” from Myspace’s servers — personal information about Megan, as best as I can tell — to commit the tort of infliction of emotional distress upon Meier, and since to access Myspace’s servers she was required to send packets of data across state lines, she met all the elements of the crime.