MySpace Hacking Case, by John W. Dozier
November 25, 2008
Dozier Internet Law has been involved in many, many civil and criminal hacking cases and legal matters arising under the Computer Fraud and Abuse Act, the statute under which the prosecution of the MySpace Suicide case is proceeding. First, the reaction from the legal blogosphere was to criticize the application of the statute in this case. Now, lawyers purportedly involved in cyberlaw have been commenting about how nobody, in their view, ever anticipated it would be used like this! It is a statute for hackers...those stealing passwords or using other means to act maliciously, they cry!
So, here is my post on this blog from a year and a half ago: Federal Hacking Laws. I point out, of course, exactly what those complaining now see. It is a statute (and states have similar laws) that is much broader than most think. But, I must disagree that no one saw this coming. Dozier Internet Law not only saw it coming, but we have been dealing with the same sort of claims made by private litigants in civil cases and US prosecutors and the FBI in criminal cases for years. And there are Circuit level civil court decisions that have been around for years (I argued one of the more prominent in the 9th Circuit). There is even a criminal prosecution appeal confirmed dealing with the statute in the 9th Circuit. While the Middleton case is distinguishable on its face factually...the principal of applying the statute to prosecute criminally is nothing new. I've tried two criminal cases myself dealing with the issue of unauthorized access under state laws.
So, for all of the late comers to the show, don't sit there and criticize the Judge, the prosecutor, or anyone else. The statute stinks to high heaven. That's reality. Surprised? These "cyberlaw experts" shouldn't be. It makes you wonder what area of law these so called "legal authorities" have been practicing.
Here is what I said a year and a half ago: "There is unauthorized access (similar to trespass) and then there is hacking (similar to assault and battery!). We need to get the legislators to understand the difference between the two, and pass some laws that are reflective of reality. Those that access a competing website by borrowing a roommate's password (like just about all college kids do) to see information thousands of others can see is likely trespassing, but he (sic) is not a hacker. Not by a long shot."
So, it is what it is. The law is on the books, strengthened even more in the post 9/11 Patriot Act, and even if Congress addresses the problem, similar laws now exist in many states subjecting those who violate a terms of use to criminal prosecution and civil liability. Indeed, at least four lawsuits were filed in the last 90 days in Federal Court asserting civil claims under the law. You can read about them at the Dozier Internet Law on Hacking blog.
I will say, however, that the facts of the MySpace Suicide case are ambiguous and complex, and I won't be surprised if the case is dismissed by the Judge post verdict or the jury returns a "not guilty" verdict. Don't take that as a statement that the law does not apply to those violating a terms of use on a website. In my opinion it clearly does apply. Now, let's get the new Congress to fix it like I suggested a year and a half ago.