Lori Drew Guilty: Overly Broad User Agreements May Land Users in Jail

By Dave Wieneke | in All in the name of kids, Big Ideas, Highlights, Online contract, Web 2.0: The Social Web | 27 Nov 2008 | No Comments

This morning, LinkedIn began promoting its new User Agreement.

#3 in its list of Don’ts is:

• (Don’t) include information in your profile or in Status Updates which reveals your identity such as an email address, phone number or address or is confidential in nature;

Of course, simply by linking to the User Agreement, I may be on the wrong site of Don’t #8:

• (Don’t) deep-link to the Site for any purpose, (i.e. including a link to a LinkedIn web page other than LinkedIn’s home page) unless expressly authorized in writing by LinkedIn or for the purpose of promoting your profile or a Group on LinkedIn.

So, how does one not reveal their identity on LinkedIn?

Your profile starts with your name, photo and geographic location. That’s a long way away from being anonymous; add in educational information, names of friends, former jobs, and you’ve pretty much revealed your identity. Isn’t that, in part, the point of LinkedIn?

Of course, the simple act of showing you an image of my profile seems to challenge Don’t #13:

• (Don’t) engage in “framing,” “mirroring,” or otherwise simulating the appearance or function of LinkedIn’s website;

Terms of use are carefully written by protective legal staff and then generally ignored by users. This creates an imbalance, where nice services go overboard to avoid any loopholes. Reasonable fair use, or the assumption people will actually use the service, are set aside in favor of having a very buttoned-down agreement.

Ignoring These Terms Could Land You In Jail

The harm latent in this imbalance is that violating terms of use (even silly ones) is starting to be criminalized. The Computer Fraud Abuse Act was created to prevent hackers, but it’s being extended to criminally charge people who overstep civil user agreements.

Lori Drew created a hoax MySpace account, which led to the suicide of a disturbed teen, Megan Meier. Mrs. Drew has been charged under the Computer Fraud Act by the state in which MySpace’s servers are hosted.  (In essence, MySpace is the damaged party in this case.) The state is drawing on section a(2)(c):

whoever … intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains …  information from any protected computer if the conduct involved an interstate or foreign communication …

Lori Drew may have broken MySpace’s terms of use by registering under a false identity. Of course the teen, Megan Meier, also broke the use agreement by falsifying her age when registering.  Out of a desire to see Mrs. Drew punished, Federal prosecutors connected these broad-use agreements to criminal prosecution. That means terms of use that might not pass muster in a civil court are being used as the basis for criminal charges.

The Blown to Bits blog asks:
Would the Feds go after anyone for such minor offenses? If Lori Drew is convicted under this law, they will have carte blanche to do exactly that. That is precisely the point — they don’t really care if Lori Drew created a hoax MySpace account, they want to get her for causing Megan Meier’s death. But they can’t think of a way to do that, so they are turning MySpace hoaxing into a federal crime.

By that standard, if they can’t get you for what you’ve really done, they may settle for jailing you for failing to update your Facebook profile when you change jobs. After all, you agreed to do that when you signed up:

[Y]ou agree to … provide accurate, current and complete information about you as may be prompted by any registration forms on the Site (”Registration Data”) … [and] maintain and promptly update the Registration Data, and any other information you provide to Company, to keep it accurate, current and complete.

This is an isolated case for now.  But it only takes a few rulings to set precedent, and to raise this as a serious issue to users, civil liberties groups and privacy advocates. Its time for those concerned with “customer experience” to ask their legal staff to create more judicious terms of use.