Feeds

Legal experts wary of MySpace hacking charges

'We are all felons if this flies'

SANS - Survey on application security programs

On October 16, 2006, 13-year-old Megan Meier fled from her family's computer, distraught over the cutting comments of her supposed "friends" on MySpace. Twenty minutes later, the troubled teen was dead; she had hung herself in her closet.

The story, widely reported, garnered the girl's family widespread sympathy on the Internet. The twist that Lori Drew, a 47-year-old neighbor and mother of a former friend of Megan's, had allegedly created the fake persona of a 16-year-old boy to befriend and later torment the girl brought outrage. Yet, state investigators could not find a law under which Drew could be charged.

More than a year and a half later, federal prosecutors finally have their case. On Thursday, the US Attorney for the Central District of California announced that Lori Drew, now 49 years old, was indicted on conspiracy and hacking charges. The indictment charges Drew, a resident of O'Fallon, Missouri, with three counts of unauthorized access by violation of MySpace's terms of service and one count of conspiracy.

"This adult woman allegedly used the Internet to target a young teenage girl, with horrendous ramifications," US Attorney Thomas P. O' Brien said in a statement announcing the indictment. "After a thorough investigation, we have charged Ms. Drew with criminally accessing MySpace and violating rules established to protect young, vulnerable people. Any adult who uses the Internet or a social gathering website to bully or harass another person, particularly a young teenage girl, needs to realize that their actions can have serious consequences."

Yet, legal experts argue that charging a person for violating computer-crime statutes because they broke the terms-of-service agreement of an online site could lead to the ability to charge nearly anyone with computer crime. Using residential broadband for business purposes? A violation of the terms of service and, thus, potentially a crime. Checking sports sites while at work? A violation of corporate policy and, thus, potentially a crime.

"'Hard cases make bad law' is an axiom in the legal world," said Mark Rasch, managing director of enterprise-services firm FTI Consulting and a former U.S. prosecutor. "This is a case where people have seen bad conduct and have said there must be something we can do, but if prosecution of this case is successful, every pseudonym and every minor violation of the terms of service becomes a computer crime."

According to the indictment, Drew and others allegedly conspired to violate MySpace's terms of service and intentionally inflict emotional distress on Megan, identified only as MTM in the court documents. The indictment alleges that Drew obtained a MySpace account under a fictitious name, used the account to garner information from a juvenile, and used that information to torment, humiliate and harass that member -- all violations of the social-networking site's terms of service.

While the US Attorney's office refused interview requests, a spokesperson said that the harm done to Megan is key to the case. Known as a "tortious act," the legal argument is generally the basis for civil lawsuits, but can be used as the basis of criminal prosecution. In this case, the tortious act elevates the unauthorized access charges from misdemeanors to felonies, FTI's Rasch said.

High performance access to file storage

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.