Monday, May 26, 2008

MySpace federal prosecution in Missouri case may misuse federal law

The Washington Post this morning (May 26) is pointing out that the indictment of Lori Drew in the Megan Meier “teen impersonation” cyberbullying case by a federal grand jury in Los Angeles is based on a misapplication of a statute. The law is the Computer Fraud and Abuse Act, specifically USC 1030, “fraud and related activity in connection with computers,” link (at Cornell Law School) here.

The law, last updated in 2001 by the USA Patriot Act, was intended to prevent unauthorized access to classified information or personal information and to prevent hacking or infection of computers with malware. According to the Post, anyone who creates an “inaccurate” profile of the self on a social networking site, personal site or even Blogger is committing fraud and could be prosecuted. This would be a gross misrepresentation of the purpose of the law.

There have been other examples where laws have been challenged because of fears of gratuitous or "creative" prosecutions, such as the challenges to the CDA and to COPA, as well as the recent case of the "Protect" act last week.

The Editorial appears on p A16 and is called “Falsehoods on MySpace: Exaggerations, lies and harassment do not constitute computer fraud under federal law.” The online link is not yet available. Update (12:30 PM EDT). It is available now here.

Update: June 17, 2008

Ms. Drew plead not guilty in Los Angeles federal district court Monday and is free on $20000 bail. The AP story by AP Special Correspondent Linda Deutsch is here. Still, legal experts are calling this prosecution "creative use of the law" which was, as worded, intended to protect companies from fraud, not people from emotional harm.

Update: Aug 4

Electronic Frontier Foundation has posted a press release "MySpace Criminal Charges Risk Dangerous Ramifications for Consumers: Misuse of Computer Crime Law Could Turn Millions of Americans into Federal Criminals." It is dangerous to make a crime out of violating "terms of service" or "acceptable use policy," unless there is gross fraud. For example, in theory anyone under 18 us violating terms of service when using a search engine. The link is here.

The link for the amicus brief in United States District Court in CA is here.

Wednesday, May 21, 2008

A reaction to Frontline and teen safety on the Internet

Last night, PBS Frontline aired an hour documentary “Growing Up Online” about teenagers and the Internet. I reviewed it on my TV blog (look at my profile for links), but as for Internet safety, one general observation or conclusion strikes me “the day after.” That is, that teenagers have sometimes come to view the Myspace and Facebook world as “theirs,” something they can master and reside in when the real world is harsh with them. Indeed, there was coverage of their wanting to keep their activities away from their parents, a contradiction because the open nature of the Internet, with its search engines and generativity, makes it so easy for parents, teachers, principals and future employers or colleges to check up on them – the “reputation defense” problem.

I’ve said that learning to use online resources properly is a little bit like learning to drive a car safely. It happens in certain stages, and requires increasing maturity.

Online life should supplement the life in the real world, not replace it. This is particularly true for teens. Parents should let kids use it for personal purposes once they demonstrate they can take responsibility, and perform in school with decent academic results and some other legitimate “old world” activities, whether athletics, religious, service, chess, music, drama or anything else that gets “real” results and would have done so in the world before the 1990s. One consistent observation is that teens who can perform in public with any talent seem to mature faster in a “real world” sense. There is no real substitute for “performance.”

It gets more “interesting” if you try to make this “rule” for grown-ups. After all, the Internet can provide a real living, as it does now for millions. And, sometimes, teens (as Cameron Johnson demonstrated with his book (again, the books blog) or as two New Jersey teen brothers demonstrated by reverse engineering the iPod, really do create things of measurable economic and personal value. But it is a troubling question to ponder. Think about the fact that two young men recently reverse engineered a Prius to get 100 miles to the gallon.

Thursday, May 15, 2008

MO Myspace case now results in federal indictment in CA: charge includes inflicting emotional distress on a minor

Lori Drew has been indicted by a federal grand jury in Los Angeles on one count of conspiracy and on three counts of “three counts of accessing protected computers without authorization in order to inflict emotional distress” on a minor. This refers to the impersonation of a fake boyfriend on Myspace resulting in the suicide of a 13-year-old Missouri girl in October 2006. The prosecution was brought in California, where (a subsidiary of Fox) is located.

It was not immediately apparent which specific statutes in US Code were quoted (something related to 2242 “coercion and enticement” perhaps) but that will probably appear soon in further legal stories. There could be a danger later that the legal substance of the charges is too subjective and nebulous, unless the law specifically targets falsification or misrepresentation of personal identity on the Internet or in violation of a site’s “Terms of Service”. For example, if that is so, there could be additional grounds to prosecute most spammers (but there is already a 2005 federal law prohibiting forged headers).

The actual facts about what apparently happened in the Drew household are somewhat complicated, and will no doubt come out in trial or plea bargaining.

The ABC "World News Tonight" story by Scott Michel and Mary Fulginiti is "Neighbor Indicted in MySpace Sucide Hoax; Lori Drew Faces Federal Charges for Alleged Online Hoax That Led to Girl's Suicide," link here. All major news organizations will carry some version of this story tonight.

There are earlier stories on this blog about the Drew case, and about a somewhat similar impersonation case on Long Island, New York that ended in a tragic slaying.

Linda Deutsch has an AP story on the indictment here (May 16). The maximum sentence could be five years in prison. The AP also provides a historical timeline ("Key Events") for reference (with specific dates) here.

Some legal observers on National Public Radio were saying that the indictment represents "creative use of the law" and that actual conviction of the charges sounded like a long shot.

Friday, May 02, 2008

Local Police Department sets up Myspace page to be minors' "friend"

On Thursday, May 1, 2008, Julie Carry at NBC4 in Washington reported that the Arlington VA police department has created a Myspace page and wants to encourage area teenagers with such pages to include the Police Department as a Myspace “friend.” Then, the Police Department believes, other visitors would be deterred from attempting inappropriate contact with the minor. The Arlington Police Department Myspace page does have its own safety tips that are well worth visiting.

The NBC4 story can be viewed here as a two-minute video.

Daniela Deane has a story on p B5 Metro of the May 2 Washington Post "Police Try MySpace to Deter Sexual Predators: Department Hopes to Protect Children Online by Making 'Top Friends' of Them," link here.

Update: May 8

NBC4 has been pushing its Internet Safety video on "The More You Know," right here, warning teens not to post personal pictures or information online. It may be a little overdone.

Thursday, May 01, 2008

Captcha: a test that "you are human"; computers are becoming too smart?

Today, May 1, 2008, Paul Whoriskey has an important story in The Washington Post, “Digital Deception: With a test, Web sites let people in and keep out computers set to unleash spam attacks. Now, computers are cracking the code,” page D1 in print, Business Section, link here.

The story deals, of course, with the captcha, or “Completely Automated Public Turing Test to Tell Computers and Humans Apart,” based on British mathematician Alan Turning whose work helped the Allies break Nazi code during WWII. This is the "are you human" test. Turning himself is an important character in history. It is even possible that without Turing the War might have been lost. (Ironically, Turing was prosecuted in the early 1950s for “homosexual activity,” before Britain modernized its laws, and committed suicide, all of which is discussed in the Wikipedia article; in retrospect, this sounds like a “lesson of history”). The article also discusses the Turing Test(s).

Jonathan Zittrain provides some discussion of the Captcha in his book “The Future of the Internet,” review here.

The Captcha presents the visitor some numbers and characters in grossly distorted font, against a varied background, and makes the user key in what she sees. Captchas have been becoming more difficult to verity, as if is often hard to distinguish letters that are run together, to tell apart i and j, etc. They have been made more difficult to foil increasingly effective computer algorithms to break them. Some spammers have been trying to hire engineers to break them, according to the story.

Spammers sometimes try to generate blog entries or blog comments with multiple listings to the same domains to increase search engine rankings. However, search engine companies have proprietary algorithms to foil such schemes. Bloggers are encouraged to monitor or moderate comments (which I do). Use of captcahs in profiles will prevents some unwanted comments from getting sent into monitoring in the first place. Having to monitor comments is just a fact of life in blogging right now. I allow all comments that are “on subject” regardless of whether I agree with them or whether they are critical of me; I reject all comments that appear to be spam.

I do give links to support my points, and as much as practical I try to mix different sources within each entry.

I still think that major progress can be made with email spam by requiring Sender-ID verification and even by charging a microscopic postage amount for each email-destination sent.

Picture: I was trying to get a mockingbird to pose for me on the branch.