The U.S. District Court of Oregon dismissed last month a suit brought by a middle school assistant principal claiming that, by creating fake social media accounts using his name and likeness, some students had violated the Computer Fraud and Abuse Act (CFAA).
Plaintiff Adam Matot is assistant principal of a middle school in Oregon. He claimed that two or more students there created fake social media accounts on Facebook and Twitter using Plaintiff’s name and likeness. The Facebook account had some seventy “friends,” which were allegedly able to see obscene pictures and read comments defamatory to the Plaintiff when accessing the fake account.
Plaintiff filed a first complaint last January, alleging computer fraud and abuse under the CFAA, 18 U.S.C. § 1030, and defamation.
He later filed an amended complaint, also naming the parents of one of the minors as defendants and claiming that they had negligently failed to supervise their child.
One of the parents filed a motion to dismiss the case for lack of subject matter jurisdiction which was granted by the District Court of Oregon on September 26.
Creating Parody Social Media Accounts Not a Violation of the Computer Fraud and Abuse Act
The CFAA is a federal law which prohibits access to a computer without authorization or exceeding authorization, with intent to defraud while using the computer.
§ 1030(a)(6) defines exceeding authorized access as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”
Congress enacted this law in 1984 to fight computer hackers, yet some plaintiffs over the years have been trying to expand the scope of the law to support various claims. However, interpreting broadly a criminal statute is dangerous for civil liberties. Just think of it: a teenager playing games past his curfew is accessing the family computer without authorization, but should he be tried in a federal court for that offense?
In our case, Plaintiff claimed that, by violating the Terms of Service of the social networking site, defendants used their services without authorization and exceeded their authorization and thus violated the CFAA. The computers allegedly abused were those operating social media sites.
But the Oregon District Court was not convinced by the arguments, citing a 2012 Ninth Circuit case, U.S. v. Nosal, about a breach of company policy forbidding disclosure of confidential information. Chief Judge Kozinski, who wrote the opinion, noted that interpreting the CFAA broadly would make shopping or playing games on company’s time, using the employer’s computer, a federal crime. The Ninth Circuit held that exceeding authorized access within the meaning of the CFAA “does not extend to violations of use restrictions” (Nosal at 863).
Bullying
In the United States v. Drew case the prosecution unsuccessfully argued that a woman posing as 16-year-old boy on MySpace had violated the site’s Terms of Service prohibiting users to lie about their age or name and therefore had violated the CFAA. In this case, the woman used the fake account to develop an online relationship with one of her daughter’s classmates, a 13-year-old who later committed suicide shortly after the fake 17-year old told her harsly he di not want to be friends with her anymore. Cyber-bullying is a serious issue, and may have tragic consequences.
Plaintiff described in his first complaint the teenagers who created the fake social media accounts as bullies. But how would you describe an educator who claimed that some of the children he is in charge of educating should face prison sentences because they mocked him?
Plaintiff went after Defendants, minors who were students at the school where he is assistant principal, with a very heavy hand, even claiming in the amended complaint, that he should be granted leave to state a claim under the Racketeer Influenced and Corrupt Organization Act (RICO) in case his claim under the CFAA would be dismissed…
As noted by Magistrate Judge Coffin in one of the two Findings and Recommendations that he filed, Congress enacted RICO to address organized crime and its economic consequences. Judge Coffin wrote that “Congress did not intend to target the misguided attempts at retribution by juvenile middle school students against an assistant principal in enacting RICO.”
While it may seem laughable that a federal law targeting organized crime should be a remedy for a (very) stupid student prank, I am also concerned about the negative consequence that such a suit could have on teenagers. Being sued in court under a federal criminal statute can be very scary, even for an adult.
Also, Plaintiff had asked the court for damages, punitive damages, limitation on the defendant’s Internet use and “forfeiture of equipment,’ which, I assume, are computers and/or hand-held devices used to create the fake accounts. He also asked the court to enjoin the teenagers from participating on social networking sites, at least for a “reasonable” period of time. Such a ruling would arguably have run afoul of the First Amendment.
Plaintiff also tried to characterize the material posted online as “pornographic and obscene material of a prurient nature.” Such speech is not protected by the First Amendment, but the Court was probably not convinced that the posts were pornographic. Plaintiff could have been more successful at pursuing a defamation claim in State court, but since the case was dismissed, one can only speculates on how a court would have ruled in this case.
Image is Computer on Fire courtesy of Flickr user Matt Mets pursuant to a CC BY 2.0 license.
by