If Eric Holder's Justice Department gets its way, it could become illegal to use a fake name on Facebook.
Declan McCullaugh wrote at CNET:
The U.S. Department of Justice is defending computer hacking laws that make it a crime to use a fake name on Facebook or lie about your weight in an online dating profile at a site like Match.com.
In a statement obtained by CNET that's scheduled to be delivered tomorrow, the Justice Department argues that it must be able to prosecute violations of Web sites' often-ignored, always-unintelligible "terms of service" policies.
What would that mean to computer users who frequent places like Match.com, Facebook, or pretty much any web site with terms of use agreements?
It means the federal government can arrest you if the website owner thinks you have violated those terms.
Picture this: You sign up to a forum using a fake name - like most people do these days - agree to the terms of use, but another user dislikes what you say, or the site administrator thinks you lied about yourself when you signed up.
If the site owner thinks you have violated any of the site's terms of service, you may become a felon.
McCullaugh adds:
Google says you can't use its services if "you are not of legal age to form a binding contract," which implies that millions of teenagers would be unindicted criminals. Match.com, meanwhile, says you can't lie about your age, criminalizing the profile of anyone not a model of probity.
"I do not see any serious argument why such conduct should be criminal," (GWU law professor Orin) Kerr says.
But authorities say it would help prosecute cyberbullies and others who abuse the Internet.
PCWorld added:
By outlawing terms of service violations, the department would have an easier time prosecuting cyberbullies such as Lori Drew, a 49-year-old woman who involved in a case where a 13-year-old girl committed suicide after interacting with a fake MySpace profile that Drew was involved with. Prosecutors got a conviction against Drew in 2008 for violating the Computer Fraud and Abuse Act, but the case was thrown out by a U.S. District Court judge.
"It basically leaves it up to a website owner to determine what is a crime," U.S. District Judge George Wu said in 2009. "And therefore it criminalizes what would be a breach of contract."
But an odd coalition including the ACLU and the conservative FreedomWorks sent a letter to the Senate Judiciary Committee in August arguing that the Justice Department's request would amount to a "gross misuse of the law."
The CFAA imposes civil and criminal liability for accessing a protected computer “without” or “in excess of” authorization, but fails to define “authorization.” This makes the definition of the precise activities that are punishable unavoidably vague. As a result of this lack of clarity, several courts have used companies’ network terms of use, which lay out contractual constraints on users’ use of those networks, to also define what constitutes criminal behavior on those networks. The consequence is that private corporations can in effect establish what conduct violates federal criminal law when they draft such policies.
Our primary concern – that this will lead to overbroad application of the law – is far from hypothetical. Three federal circuit courts have agreed that an employee who exceeds an employer’s network acceptable use policies can be prosecuted under the CFAA. At least one federal prosecutor has brought criminal charges against a user of a social network who signed up under a pseudonym in violation of terms of service.
The ACLU, FreedomWorks, and others, say these kinds of activities should not be "computer crimes" any more than they are real crimes in the real world.
"The CFAA should focus on malicious hacking and identity theft and not on criminalizing any behavior that happens to take place online in violation of terms of service or an acceptable use policy," the group adds.
The letter concludes with an admonition that the Justice Department should focus "on the malicious hackers and online criminals who invade others’ computers and networks to steal sensitive information and undermine the privacy of those whose information is stolen" instead of average computer users who wish to remain anonymous by using fake names.
Comments