Facebook Troublemakers Beware: Hacking Someone’s Account Is Identity Theft

The decision against a California juvenile charged with identity theft has been affirmed by an appellate court. The identity that he was convicted of stealing just happened to be her Facebook identity...
Facebook Troublemakers Beware: Hacking Someone’s Account Is Identity Theft
Written by Josh Wolford

The decision against a California juvenile charged with identity theft has been affirmed by an appellate court. The identity that he was convicted of stealing just happened to be her Facebook identity.

Rolando S. used the female victim’s email password (which he had obtained via unsolicited text message) to gain access to her Facebook account. Once inside, he trolled around for a while, posting lewd messages on people’s walls and changing her profile information to include some pretty unsavory hobbies.

The official court document provides the NSFW specifics in a footnote –

Appellant posted, as the victim, on a male classmate’s wall: “I want to stick your dick in my mouth and then in my pussy and fuck me really hard and cum on my face.” On another male classmate’s wall he posted: “When we were dating we should have had sex. I always thought you had a cute dick, maybe we can have sex sometime.” On the victim’s profile description, appellant posted: “Hey, Face Bookers, [sic] I’m [S.], a junior in high school and college, 17 years young, I want to be a pediatrician but I’m not sure where I want to go to college yet. I have high standards for myself and plan to meet them all. I love to suck dick.”

Rolando’s crime was in violating a California statute (Section 530.5) – “willfully obtaining personal identifying information and using it for an unlawful purpose.” He was found guilty and sentenced to 90 days to a year in Juvi lockup and then probation.

His appeal claimed that his actions failed to satisfy the criteria on either account – “willfully obtaining” the information or “unlawful purposes.”

First, the appellate court declared that Rolando had “willfully obtained the victim’s password.” To the court, “willfully” means “intentionally.” And although the defendant received the email password through an unsolicited text message, his actions following that constituted intent.

By remembering the email password from the text message, Rolando satisfies the “willful” criteria. Furthermore, the court said that Rolando used the way in which Facebook allows users to reset their passwords via email conformation to gain access to the victim’s Facebook account –

The record makes no indication appellant received the victim’s Facebook
account password in another manner. It is reasonable to infer he used this process of
resetting the password through the victim’s email account to gain access to the victim’s
Facebook account. Not only did appellant willfully obtain the email password from the
text message, he also willfully obtained the Facebook account password by purposely
using the email account as a vehicle to alter the Facebook account password.

As far as the “unlawful purpose” part of the appeal, the court ruled that the messages posted were, in fact, unlawful. In the original hearing, the victim testified about the impact of the fake messages (via Ars Technica) –

“I used to love going to school,” she said. “Now, I dread dealing with this every day.”

Although the appellate court said that the lewd messages don’t constitute a violation of the criminal law of “annoying or molesting a child,” they do constitute libel – and that’s good enough.

However, we hold that intentional civil torts, such as libel, constitute an “unlawful purpose” for purposes of section 530.5(a), and affirm the judgment.

Moral of the story: Watch what you say when you are messing with people’s Facebook accounts. Or better yet, just don’t mess with people’s Facebook accounts. The whole thing is so 2005, anyways.

However, the specifics of this ruling make me wonder; how little effort would you have to put into accessing someone’s Facebook account for it to not be considered “willfully obtaining.” What if you happened upon (unsolicited, of course) someone’s actual Facebook password, instead of their email password. No trickery there – just typing it into the login screen. Is that willfully obtaining?

What if some idiot at the Apple store leaves his Facebook logged in?

The fact that the judge determined that saying someone “likes to suck dicks” on their “about me” section on Facebook is libelous is quite interesting to me. It suggests that our social media identities are more than just extensions of our real identities, but they have in fact become a mirror of our real identities.

Broadcasting a false, defamatory status via Facebook is the same as publishing it in a newspaper. Neat.

Check out the whole appellate decision below:

In Re Rolando S., F061153 (CA. Ct. App. July 21, 2011)

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us