Legal experts wary of MySpace hacking charges

'We are all felons if this flies'

Yet, legal experts argue that, by trying to do right by Megan, U.S. prosecutors are doing the wrong thing.

At the center of the debate is the meaning of what is "unauthorized access," Orin Kerr, professor of law at George Washington University, said in an analysis of the indictment.

"The federal statute ... generally prohibits accessing a computer 'without authorization' or 'exceeding authorized access.' But what makes an access 'without authorization'?" Kerr stated. "If the computer owner says that you can only access the computer if you are left-handed, or if you agree to be nice, are you committing a crime if you use the computer and are nasty or you are right-handed?"

The indictment offers no guidance as to what type of violation might prod prosecutors to action, added John Morris, general counsel for the Center for Democracy and Technology, a Washington D.C.-based policy group.

"There is nothing in the indictment that differentiates between what is a serious violation of the terms of service and a trivial violation of the terms of service," Morris told SecurityFocus. "I would bet that the majority of U.S. Internet users have committed a federal crime, if the charges in this indictment are upheld."

While courts have upheld the enforceability of some terms-of-service and click-wrap agreements, many online click-to-agree contracts - especially those that accompany spyware - have not been found valid. Consumer studies have also found that people rarely read end-user license agreements (EULAs), privacy agreements and terms of service. For example, one study by the Helsinki University of Technology (pdf) found that less than 2 percent of users actually read through a software agreement while two-thirds of users rarely read such agreements.

Making a violation of such agreements a crime would allow prosecutors the ability to investigate nearly any Internet user, Scott Greenfield, a criminal defense attorney, stated in an online analysis.

"Violating a website's 'TOS' is carte blanche to an imaginative prosecutor," Greenfield said. "We are all felons if this flies."

Attorneys interviewed for this article believed that the charges in the indictment will be dismissed. GWU's Kerr described at least two major hurdles for the government's case: a great many people regularly violate terms-of-service agreements and the defendant Drew likely did not set out to violate the TOS.

In his own brief analysis, Daniel Solove, an associate law professor, also at GWU, agreed that the government's case will be difficult to argue.

"While Drew's (alleged) conduct is immoral, it is a very big stretch to call it illegal," Solove said.

A call to Drew's attorney, H. Dean Stewart, requesting an interview was not returned.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

Sponsored: Designing and building an open ITOA architecture