Quantcast

Could Lying on Facebook, Checking Out NSFW Stuff Land You in Jail?

Congress debates changes to cybersecurity law, some fear the language too broad

Get the WebProNews Newsletter:
Could Lying on Facebook, Checking Out NSFW Stuff Land You in Jail?
[ Social Media]

The internet community was rocked this week as one of the most important, coveted items in my lifetime finally hit the web. I’m talking, of course, about the Scarlett Johansson nudie pics.

How many people, do you think, while dutifully pecking away at their office keyboards, came across the news in passing? I’m sure millions cautiously looked over their shoulders, checking to see if the coast was clear, before quickly tabbing the grainy shots for future, undisturbed viewing.

What if that action could get you into trouble? No, not getting fired. I mean actual trouble – felony trouble?

How far should cybersecurity legislation go to protect both the private and public sectors? Let us know in the comments.

That’s what many are worrying about this week as the Senate Judiciary Committee debates changes to a 25-year-old bill that deals with cyber-crime.

How do some think we get from cyber-crime legislation to being thrown in jail for sneaking a look at Scarlett Johansson’s tush? First, a little background:

In 1986, the U.S. Congress passed a law, 18 U.S.C. chapter 1030, commonly known as the Computer Fraud and Abuse Act. The law was originally intended to help crack down on computer hacking and help the federal government with cases involving federal computer fraud – especially when it dealt with interstate commerce.

The law has been broadened in its scope multiple times since its passing, most notably in the early 2000s as part of the Patriot Act.

According to the law as it stands right now, here are some punishable offenses –

(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains (financial record information, info from any dept of the U.S. government, or info from any “protected computer”)

(4.) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

(5)
(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

(7.) intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any – (threat to cause damage or obtain information, or demand for money or other thing of value)

I apologize for the stuffiness, as that was directly from the statue. But there you have it – those are the main offenses as outlined by the Computer Fraud and Abuse Act. And the Justice Department is currently pushing to strengthen the law by broadening the scope a little more.

These changes would also institute stiffer penalties for the “cyber-crimes.”

Stiffer penalties

Right now, the Senate Judiciary Committee is debating a measure that has been held over for the past two days called S. 1151. According to the summary

A bill to prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

Among other things, this bill would “amend the federal criminal code to make fraud in connection with the unauthorized access of personally identifiable information a predicate for racketeering charges.” Well, there’s your stiffening of penalties.

I’m sure all this talk about security breaches and fraud makes you think about hackers and criminals attempting to access government and financial mainframes – and you would be right. What the Obama administration and the Justice Department want is to protect against electronic crimes that could have a detrimental effect on national security, infrastructure, or business. It’s widely accepted that cyber-threats are at an all-time high.

“Secret Service investigations have shown that complex and sophisticated electronic crimes are rarely perpetrated by a lone individual,” Pablo Martinez, Secret Service Special Agent in Charge told The Hill.

“Online criminals organize in networks, often with defined roles for participants, in order to manage and perpetuate ongoing criminal enterprises dedicated to stealing commercial data and selling it for profit”

I guess that would explain the emphasis on “racketeering” in the stricter penalties.

But that’s not what is getting people worried. The concern comes from perceived “side-effects” – abuses and misuses of the law.

“Exceeding Authorized Access” and the Scarlett Johansson thing

If you notice in the language of the Computer Fraud and Abuse Act, the phrase “exceeds authorized access” pops up a few times. That phrase really worries George Washington University Law professor Orin Kerr.

You see, the penalties for the crimes outlined in the Abuse act that “exceed authorized access” are currently misdemeanors. This new push would make them felonies.

And that’s scary, considering the phrase in question really is as cryptic as it sounds. Judges have been trying to determine exactly what “exceeds authorized access” means for years. Kerr wrote about this in the Wall Street Journal yesterday -

The problem is that a lot of routine computer use can exceed “authorized access.” Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include “terms of use” violations and breaches of workplace computer-use policies.

Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer? If interpreted this way, the law gives computer owners the power to criminalize any computer use they don’t like.

That’s where the Scarlett Johansson pics come into play. If the law is broadened, “exceeding authorized use” could mean breaking terms of use violations at work. So sneaking a look at some NSFW material or posting to Facebook at the wrong time could get you into more trouble than just being fired.

And what about any false claim that you make on the internet. Does that also “exceed authorized use” and break the “terms of service” of certain sites? Say I set up a dummy Facebook account, or use a stock photo for my eDating profile? Am I then commuting a criminal act by misrepresenting myself online?

Sure, jail time for lying about my weight online seems ridiculous – and it is, but the language of the law is concerning. Although federal prosecution for Facebooking at work is unlikely, it’s not out of the realm of possibility that prosecutors could stretch this law to its limits. It’s plausible that we could see some rather ridiculous cases in the future.

Chairman of the Senate Judiciary Committee Patrick Leahy (D-VT) also expressed his concerns about the proposed alterations to the law, saying “We want you [Justice Department] to concentrate on the real cyber-crimes, and not the minor things.”

Kerr closes with the suggestion, one that echoes Leahy -

Real threats to cybersecurity must be prosecuted. Penalties should be stiff. But Congress must narrow the Computer Fraud and Abuse Act before enhancing its penalties

In a nutshell: The law must clear a few thing up before you go and give it real teeth.

The Computer Fraud and Abuse Act in action – The MySpace case

Back in 2008, a case that drew national attention hinged on the Computer Fraud and Abuse Act.

In United States v. Lori Drew, prosecutors attempted to prosecute Lori Drew for violations to that law, but she was ultimately acquitted. The case dealt with a fake MySpace account and how it led a 13-year-old girl to suicide.

Drew, 49, heard that 13-year-old Megan Meier was spreading rumors about her daughter. The two girls had previous been friends, but that relationship had dissolved. After learning of this supposed rumor-spreading, Drew created a MySpace account under the name “Josh Evans.”

Under that identity, she carried out a relationship with Meier online – one that was described as “flirtatious.” After about a month of contact, “Josh Evans” told Meier that the world would be a better place without her. Meier subsequently hung herself.

The Judge in the case granted Drew’s motion of acquittal after the jury deadlocked and was only able to convict her of a misdemeanor violation of the Computer Fraud and Abuse Act. Here’s what he said regarding that –

In his opinion, Judge Wu examined the jury’s misdemeanor conviction by discussing each element of the offense. Judge Wu clarified that a misdemeanor conviction under 18 USC § 1030(a)(2)(C) requires that (1) the defendant intentionally accessed without authorization or exceeded authorized access of a computer, (2) the access of the computer involved an interstate or foreign communication; and (3) by engaging in this conduct, the defendant obtained information from a computer used in interstate or foreign commerce or communication.

Judge Wu found that many courts have held that any computer that provides a web-based application accessible through the internet would satisfy the interstate communication requirement of the second element. In addition, the Judge noted that the third element is met whenever a person using a computer contacts an internet website and reads any part of that website.

The remaining conflict centered on the first element. Specifically, the conflict revolved around the meaning of the undefined term of “unauthorized access.” Judge Wu acknowledged that the government conceded that its only basis for claiming that Drew had intentionally accessed MySpace’s computers without authorization was the creation of the false “Josh Evans” alias in violation of the MySpace Terms of Service. Therefore, Wu reasoned, if a conscious violation of the Terms of Service was not sufficient to satisfy the first element, Drew’s motion for acquittal would have to be granted for that reason alone. However, Judge Wu held that an intentional breach of the MySpace Terms of Service could possibly fit the definition of an unauthorized or exceeding authorization access to MySpace computers.

As you can see, the CFAA is quite the sticky law to navigate through when it comes to real world application. Although he ruled in Drew’s favor, that last part about violating MySpace’s terms of conditions possibly being grounds for “exceeding authorized access” is the part that would have many people worried.

Online attacks and fraud committed via the internet are serious issues. It just seems like there is a debate about how to go about the process of making the laws that deal with them.

What do you think about the current law and the attempts to broaden its scope? Necessary or dangerous? And do you think that the draconian scenarios envisioned by those like Kerr are comically preposterous – or do you think that we could actually see criminal prosecution for Facebook fibbing and workplace indiscretions? Let us know in the comments.

Could Lying on Facebook, Checking Out NSFW Stuff Land You in Jail?
Top Rated White Papers and Resources
  • Rick Carufel

    If the photos are real then there is the matter of copyright violation.
    If they are faked then they are art and belong to the artist.
    Corporations have been violating our rights to privacy with identity checking services for years. Any legislation will be another attack on individual constitutional rights and give the government and corporations more invasive powers. No law is a good law.

    • http://www.weswareonline.com BB Exp

      New laws will always be exploited and manipulated in the name of money and power, but surely you don’t truly believe that no law is better? Standard “rewrites” are pretty standard on broad-based laws to close loopholes (just like any other rule). This is why laws are always changing. Laws will evolve to meet society’s needs (the majority that is). No law would wreak even more chaos.

  • coyotech

    I believe the overly broad and undefined elements of this law will be (and currently are) used selectively by employers and agencies against employees for political, personal and discriminatory purposes. Hostile supervisors can take “Misuse” that is minor and normal in the work place to not only to fire an employee but to bring charges.

    The dangers of that scenario are obvious…

  • Roger

    WOW, fantastic research and summary. Thanks for this well-based article.

  • http://www.rippedoffonline.com Guy P

    I think this law is way to broad in scope as it is worded; a good lawyer could convict just about anyone, even the innocent. I have a few times in my younger years gone online under a pseudonym for things like dating sites where i do not want my real identity revealed until I am certain I want to reveal it. This law would make that a felony, and that is ridiculous. The law needs to be rewritten and be much more concise before it takes place, or else innocent people will pay the price, the courts will be overwhelmed and the prisons stuffed with more people that do not belong there; like the small time non-voilent dope dealers and users. The law should be for those who hide their identity in order to intentionally cause real harm; to a person, a business, a goverment, a computer, or whatever. There is also this “little” thing called the First Amendment and the freedom of speech that is supposed to protect what we say and allow us to say it annonimously; that includeds hiding behind a pseudonym. THe internet can be a dangerous place if you do not protect your identity. This law needs to be carefully worded, or like I said; the courts and prisons will be full of non-violent people that just wanted to maintain their privacy. It is going to come down to having every person using a computer online be fully versed in the laws pertaining to computer use, even your 14 year old. Now that’s asking too much.

  • http://chrisclement.com Chris Clement

    If something happens as a result of the computer activity, then the computer abuse could be a felony. If nothing resulted then we need to keep things in perspective so the punishment fits the crime.

    • http://megapixelpro.wordpress.com Jennifer Korol

      I agree with you there.

  • http://www.scriptadda.com ScriptAdda.com

    As an internet company, we think this is good

    www.ScriptAdda.com
    JOB READY SCRIPT, CLASSIFIED READY SCRIPT, MATRIMONY READY SCRIPT, PROPERTY READY SCRIPT, DIRECTORY READY SCRIPT, SOCIAL NETWORKING READY SCRIPT

    • Michael

      You suck as a SPAMMER though.

  • http://megapixelpro.wordpress.com Jennifer Korol

    I’m of the opinion that when you are using a social media website or any website to communicate on (such as a forum), you are indirectly using the server(s) of the admin who created these websites. Hence the need for Terms of Service and Guidelines. Ultimately, they are responsible for all activity that happens on their website (including a manipulative coercion that would drive one to commit suicide). Aside from that, I can agree that the users who act “irresponsibly” (I use the term loosely) on these websites should face some kind of charges for doing something as terrible as orchestrating another person’s suicide. Albeit far fetched, a good example would be allowing your teenager and his/her friends to do drugs in your home and not expect to be prosecuted. This is very much like saying everything we do on social media websites and how that effects others is not our fault should it involve any form of identity theft, hacking, or deaths. Some of you may remember Messy Mya. He was an outstanding comedian on Youtube. For what ever reason, a few people who didn’t like him got together to find his personal address. Eventually, they found him and murdered him. The point I made about Terms of Service and the example about an adults allowing teens to do drugs in their homes seem like separate cases, but it becomes all too real when the virtual world and the real world collide. Personally, I would say, let’s wait to see what stipulations the Government does and does not pass as far as cyber security legislation goes – and especially who it will end up protecting.

  • Brian Clark

    Its quite simple. The laws governing conduct and cybercrime can be turned back onto the legislation. For example – illicit pictures. A cyber-crime crackdown group places pictures on the internet in hopes of capturing and convicting people that go to the site. There are two draw strings to this, the mere fact that the crackdown group placed these pictures out there to begin with: puts them in the same category as a distributor, and this is in itself is punishable by law. Law, in general – unless the governing forces that be have changed the rules entirely, are put in place to protect EVERYONE. If these said pictures were accessable to the general public, meaning anyone could access them – they have now committed a crime against society as a whole. Children, teenagers, and adults could access this site on the grounds on innocence by browsing, accidentally, or link leads.

    Now officials may argue that there is no difference between this and drug busts: but there is a BIG difference, drug handlers and distributors are selling – and if an official buys this, even under false pretences – it is still a sale of an illegal narcotic. A well observed action by a law enforcement official, can be entered in as criminal offense. However, IP pinging, data collection, and identity theft are methods which some cyber-cops use – and these methods, are criminal against anyone who is being prosecuted under these methods.

    If I visit a site that was freely open to the general public, I am not a criminal. If there is criminal material on that site, whoever posted it is liable – it does not make me an accessory to that crime even if I dont report it, its not my site and the only connection I have to it is by going there because it was open to the general public.

    People when getting prosecuted for things such as this, dont know how to fight it alot of times – but if it looks like entrapment, and sounds like entrapment – it is entrapment. The judicial system needs to get some balls and do what they’re suppose to do, and stand by what the word “LAW” means.

  • Damian

    Seems to me that just about every law or change they try and make to restrict use of the internet winds up being potentially very dangerous and subject to abuse. Australia went through a similar ordeal (albeit with a different reason) just recently. My hope is that the internet stays as free as it is now and that this law does not get passed.

  • Bob

    “I’m sure millions cautiously looked over their shoulders, checking to see if the coast was clear, before quickly tabbing the grainy shots for future, undisturbed viewing. ”

    No Josh, I’m a church going man… I’d love to see her pics but not for any sexual satisfaction or anything… just art… where is dat site again? :-)

    Bob

  • http://www.unizikforum.com mr. o. Dika

    the idea is quite good. many firms spend up to 3 bn yearly on cyber security. i support it.

  • Lovinia

    Who is this Scarlett person anyway and why would someone like me – a woman – want to look at her naked or not? Yuk. I can be just as easily revolted by looking at myself naked and not break any laws.

    What a load of rubbish. If she didn’t want photos of herself naked why did she let someone take them? And if she didn’t know then that person should be off the friends list and on to the pervert list. Things people do for publicity.

    Cheers,

  • http://www.templeuvup.org Jonathan Peebles

    In cases such as United States v. Lori Drew it could also be considered decimation of character IF she was not spreading such rumors. However if she was than she is guilty of decimation of character BUT because Meier committed suicide Lori Drew in my eyes is a murderer and should be in Jail for murder yet she gets off the damn hook…

    Lovely Justice system…

  • Steve

    Another case of government reaches too far. We live in a land of laws, but those laws at times reach too far inside the lives of people. Do I think the pictures are wrong, yes? Have not seen them or even heard about them, but if one had stumbled on them (besides she probably allowed it anyway or didn’t stop it) it is wrong for government to say that is a felony… Besides if anyone looks at 18 USC under these laws they are too broad and people are hit by them all the time, Reason they exist is because of gangsters like Al Capone,,, they could not get him on anything else, so Government made the law so vague, no one can escape, or how about it is a felony to lie to an FBI agent, but they can lie all they want and it is okay. Cops can lie but in some states it will land you a felony to lie to them… I think the Feds are trying to micro manage lives and laws, and it is time the people say no IN fact this could be taken the wrong way and land someone in jail.. Anyone remember the Kent state massacre in 1070 67 rounds fired in 13 seconds.. 4 dead many wounded and some paralyzed over it… Why because no one wanted to hear the protests… Why don’t we let the Government tell us what and when we can eat, or when we can sleep, or what clubs you’re a allowed to go to, lets outlaw concerts, as brain damaging, TV’s should be outlawed… do you ever wonder when they will be satisfied with control? If the Government only takes a little at a time, no one will notice until your life is in their hands… Not wild thinking, just look at the rash of laws in the past ten years,, look at the IRS code, look at the courts, you as a violator will probably take the best deal as neither side wants to go to court, so even if you are innocent, you will get scared as to what you might get if you want to oppose the law and therefore make a deal; innocence has nothing to do with this… Its negations between two lawyers

    • Chuck

      Great points! I’m glad someone said all of this!

  • http://damescribe.hubpages.com Gin

    I can understand the need to enforce laws. There are victims of online stalking and harassment that most likely goes unreported. I think a lot of current laws should be allowed to be applicable to ‘cyber crimes’. Some people just don’t have common sense or respect for others and need a slap or more, like that US vs Lori Drew. If people can’t control themselves then let the law step up.

  • http://travellingandcooking.com Danae Loizou

    The law is already there. Now, I agree with Jonathan Peebles. Not every case is the same. If people don’t have the common sense to control themselves and respect the privacy of others then I believe the law should step up. But every case should be considered seriously. Not looked into so lightly because there is the law and can enforce it, if you know what I mean. for every stupid reason, one can go to jail. But, maybe this can make people think twice, who knows. it remains to be seen.

    • Candide43130

      The problem is not the extreme case that everyone agrees should be prosecuted, the problem is with the case that’s such a minor technical violation of the law that a person with a vendetta and the right connections trumps up into a precedence setting conviction of something so minor and commonplace that everyone does it and nobody thinks about it.

  • http://thetaxhavenreport.com/ Dennis

    If The Government wants to get you, they will get you.
    There are enough laws in the books to railroad anyone to jail.

    The only reason we are all not incarcerated is “Prosecutorial Discretion” –This is the doctrine that government prosecutors can pick and choose those cases that “need” to be prosecuted, and can ignore the same offenses even if they are universally committed by everyone else.

    The prosecutors can choose whom they want to make an example of. The PT answer is to be so low profile or invisible that no one knows your name or your address.

    PT? Visit my website for details.

    • Elaine G

      There is no way to be so low profile that your are invisible unless you are homeless, without a fixed address, no social security card, no job, no bank accounts, and no form of federal identification, i.e a drivers license. With any one of these items the government agencies can find you.

  • chris 54

    It think it should be enacted, and the first to be reviewed should be politicians and their supporters. That would quickly take out the noise from both sides.

  • http://www.mbaprograms411.com mba programs

    It’s just another feature of the new police state we all live in.

  • Chuck

    Identity theft is a huge problem and this part of the law should have been passed years ago. It should be a felony, period! We need a Privacy Act in this country, and the Patriot Act should be expunged and our legislators can debate a real Patriot Act, that does not punish the American people! The Privacy Act would prevent (and punish) those who access accounts in an unauthorized manner, would track down perpetrators, and would prohibit the constant selling of our addresses and phone numbers and other sensitive data. This is long overdue!

  • http://www.klsljamz.com Rick Tillman

    In our digital world we have to create protections. Since this is the World Wide Web information can be loaded from anyway in the world. How are we protected from foreign nationals? We have CERT (Computer Emergency Readiness Team from Homeland Security) Or think about how social networks use our information. Most social networks are FREE to use at the cost of selling user habits to advertisers. It’s going to be real interesting to see how congress handles this one.

  • http://trakim.biz/cl16 Keith Darby

    Whilst I respect and applaud the rights of parents to decide what their children see on TV or their computers, I object to any other adult whether Government or not, telling me what I can or cannot watch!
    I am sick and tired of all this “nanny state” and “politically correct”
    stuff.
    As a 73 year old adult I have the right to decide what is good for me and what is not. I believe there is too much gratuitous violence in many of the films today but nobody has the right to tell me I can’t watch them! I very rarely do as a matter of fact, I will be my own censor
    The language that some people use today, full of profanity
    shows to my mind a lack of education and discipline but it is nobody’s job to censor them. The best form of censorship is to ignore them, not to buy their products etc.
    With the state of the USA today, every government department should be spending every working hour on one thing only and that is, getting rid of that massive debt which is not only a millstone around the neck of all Americans but a likely catalyst to bring down the rest of the world as well. They should not have time to interfere in Internet affairs in any way whatsoever!

    Keith Darby

  • http://www.q3tech.com/technology.html Software development services

    Guess we’ll just have to be careful next time !

  • Cherie

    In my opinion I feel maybe the law could be too broad, but you have to take into consideration all the money being spent on employees who come in just for the paycheck, but don’t want to work so, they sit at the computers and act like it’s their personal computer at home wasting the company’s money and also risking their computers to hackers and viruses. Pictures are the easiest way for a hacker to hack a computer since most use the very vulnerable I frame technology to house the pics on the site. I have heard of lots of computers being toast due to a I frame attack. Employees should not have access to the internet at work period they are there to work not socialize or play on the computer and if internet is need for ones job that only the job related websites should be allowed. Companies can set up their internet connections, networks and proxies to restrict access. Instead of getting the pics the employee would get a scree telling them that they don’t have the privileges to access that particular site case closed. No time wasted, computer protected and no one goes to jail. I however, think that if people go to work and do what they are supposed to be doing which is making money for their boss and actually earning their pay the no one would need these laws. My point is this our irresponsible behavior and the lack of ability to police ourselves is what causes others to feel that we need to be policed. I’ve seen a lot of times people do wrong things that could have been avoided, but chose to do them anyway and someone else pays for the behavior and I feel that if your actions can in he future affect someone else then you need to be accountable to someone for your actions.

  • Bleh

    Wake up and smell the Tyranny…

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom