Politics and Law

Lori Drew, the woman convicted of using a hoax MySpace profile to harass a teenage girl to the point of suicide, was acquitted by a Los Angeles judge on Thursday, Wired reported.

Judge George Wu overturned Drew's guilty verdict, which was issued in November, saying that if Drew had been convicted of a felony in the case, she would already have been sentenced. But because she was convicted of three misdemeanors--a significantly lighter offense than prosecutors originally sought--the constitutionality of the guilty verdict was less clear.

Drew, a Missouri resident, had been convicted of three misdemeanor counts of "accessing protected computers without authorization to obtain information to inflict emotional distress," each of which could have resulted in a year of jail and a $100,000 fine. But she hadn't been convicted of conspiracy, a felony that could've led to up to 20 years in prison.

The tragic situation unfolded in 2006, when Drew, her teenage daughter, and an 18-year-old employee of the family created a fake MySpace profile for a fictitious teenage boy that they used to harass one of Drew's daughter's classmates, 13-year-old Megan Meier. Meier hanged herself.

This was a situation in which traditional law did not align smoothly with the realities of the digital world: the prosecutors' argument was rooted in a terms of service violation, since MySpace officially outlaws impersonation and fictitious accounts.

Last year, the Electronic Frontier Foundation urged the courts to dismiss the case because of the precedent it could set. "Criminal charges for a 'terms of service' violation is a dramatic misapplication of the CFAA (Computer Fraud and Abuse Act), with far-ranging consequences for American computer users," the EFF said at the time, and argued that it could result in criminal charges for something as innocuous as a minor using the Google search engine.

Drew's lawyers had argued that the law being used against the defendant was vague and flawed, which the judge upheld Thursday when he threw out the guilty verdict. The Computer Fraud and Abuse Act is typically used against malicious hackers.

According to Wired, the judge argued for nearly 45 minutes with U.S. Attorney Mark Krause over the specifics of the CFAA.

Social-networking sites and other Web services can't be held liable in a sexual assault on a minor that stemmed from a meeting online, according to a ruling in a California appeals court that consolidated a number of complaints against MySpace on behalf of teenage girls and their parents.

Reuters reported late on Wednesday that the Second District Court of Appeals in Los Angeles cited the Communications Decency Act in coming to the conclusion. Claiming negligence and product liability, the plaintiffs had alleged that MySpace had failed to put in place age verification software or to keep profiles on a "private" setting.

Other federal courts have come to similar rulings. Last year, a Texas court ruled that the family of a 14-year-old girl who was assaulted by a man she met on MySpace could not hold the social network responsible. The girl in question had lied about her age when she created a profile, claiming to be a legal adult, and the court ruled that it was her parents' job, not MySpace's, to keep her safe.

This week's ruling in Los Angeles received a thumbs-up from MySpace and parent company News Corp. It could also have repercussions across other social networks and community-based Web sites, which have been subject to scrutiny from authorities over both safety and decency standards. Craigslist, for example, has faced a crackdown on sex-related ads after both allegations of rampant prostitution and a high-profile case in which a Craigslist encounter allegedly ended in murder.

The situation can be different, if there is actual harassment conducted through the social network, rather than an offline assault. In that case, if it appears that a Web service isn't doing enough to keep members safe while using the site, it can, in some cases, be held responsible.

Facebook and MySpace are working with state attorneys general to keep registered sex offenders out of their user bases, following allegations from lawmakers that they weren't doing enough to maintain a safe environment for minors.

On Thursday, the sentencing is expected in another Los Angeles court for Lori Drew, who has been convicted of three misdemeanors after impersonating a teenage boy on MySpace and harassing a 13-year-old girl allegedly to the point of suicide.

Drew could be sentenced to up to three years in prison and forced to pay a fine of $300,000, a far lesser sentence than she originally faced.

The U.K. government is considering the mass surveillance and retention of all user communications on social-networking sites, including Facebook, MySpace, and Bebo.

Vernon Coaker the U.K. Home Office security minister, on Monday said the EU Data Retention Directive, under which Internet service providers must store communications data for 12 months, does not go far enough. Communications such as those on social-networking sites and via instant-messaging services could also be monitored, he said.

"Social-networking sites such as MySpace or Bebo are not covered by the directive," said Coaker, speaking at a meeting of the House of Commons Fourth Delegated Legislation Committee. "That is one reason why the government (is) looking at what we should do about the Intercept(ion) Modernisation Programme, because there are certain aspects of communications which are not covered by the directive."

Under the EU Data Retention Directive, from March 15, 2009, all U.K. ISPs are required to store customer traffic data for a year. The Interception Modernisation Programme, or IMP, is a government proposal, introduced last year, for legislation to use mass monitoring of traffic data as an antiterrorism tool.

The IMP has two objectives: that the government use deep-packet inspection to monitor the Web communications of all U.K. citizens; and that all of the traffic data relating to those communications are stored in a centralized government database.

The U.K. government has previously said communications interception is "vital" and has hinted that social-networking sites may be put under surveillance. And responding to a question from Liberal Democrat Parliament member Tom Brake, Coaker said all traffic data on social-networking sites and through instant-messaging services may be harvested and stored.

"The honorable member for Carshalton and Wallington will also know the controversy that currently surrounds the Intercept(ion) Modernisation Programme," Coaker said. "I look forward to his support when we present (IMP) proposals, which may include requiring the retention of data on Facebook, Bebo, MySpace, and all other similar sites."

Deep-packet inspection, the second strand of the IMP, involves intercepting and examining the contents of all data packets that flow over a network. In Monday's meeting, Coaker said the government still intends to have a consultation on whether to inspect and then store all Internet traffic data in a centralized government database.

"What is the point of having a consultation if, as the honorable gentleman implies, the government (has) already made up (its) mind to have a central database?" Coaker asked. "We have not made up our mind. We have said we will consult on a variety of options."

Opposition to the government's IMP proposal has been fierce. Cambridge University computer security expert Richard Clayton told ZDNet UK on Wednesday that the government proposal to monitor social-networking traffic was "extremely intrusive."

"The question is whether it's necessary or proportionate, and the short answer is no, it doesn't look that way," said Clayton. "If the government wants to make us safer, having a few more police on the electronic beat would be a good idea."

Clayton said the problem for the government is that the Data Retention Directive applies only to data held by Internet service providers, but that a large number of people don't use ISPs' systems to communicate, instead using online services such as Web mail and social-networking sites. Servers may be located in different jurisdictions, Clayton said, and data retention times may be short.

"The government wants to collect all of this data on everybody, just in case," Clayton said. "Suppose you use (an e-mail service based in Pakistan), and you blow up the Houses of Parliament. The government would have to persuade the Pakistani authorities to turn over the logs, which may then turn out only to have been retained for three days."

However, Clayton believes that the cost of harvesting this information, which would involve all U.K. Internet infrastructure providers and ISPs having "black boxes" to monitor data, would be prohibitively expensive. Clayton said taxpayers' money would be better spent on the police, who could target investigations to those they suspect of criminal activity, rather than on performing blanket surveillance of everybody.

"To deploy deep-packet inspection equipment isn't cheap--the word 'billion' is appropriate," Clayton said. "It took the Home Office the best part of a year to find 3 million pounds for the Police e-Crime Unit. That's what is wrong with this picture."

Web inventor Sir Tim Berners-Lee also opposes the use of deep-packet inspection to inspect people's data. Berners-Lee told ZDNet UK last week that the Internet should not be "snooped" upon.

"If (third parties) are using the data for political ends or commercial interest, there we have to draw the line," Berners-Lee said. "There's a gap between running a successful Internet service and looking inside data packets."

Tom Espiner of ZDNet UK reported from London.

The Connecticut attorney general's office on Friday served MySpace a subpoena demanding that MySpace hand over the identities of registered sex offenders it claims the social-networking site discovered and subsequently removed from its roster of members.

Connecticut Attorney General Richard Blumenthal also told CNET News that his office is reviewing independent research about registered sex offenders said to still populate the site. Blumenthal declined to comment on whether he plans to take further action.

Hemanshu Nigam, MySpace's chief security officer, said in a statement provided via e-mail that MySpace was using "state of the art technology to aggressively identify and remove registered sex offenders from our site." He added that MySpace was cooperating with Blumenthal and other state attorneys general requesting information.

Law enforcement officials and parents are concerned that sex offenders can easily find victims on social networks. From deleted profile information, officials can see whether sex offenders have violated parole by joining a social network and whether they have been communicating with minors on the site.

This screenshot shows a registered sex offender on the Texas registry Web site.

(Credit: Texas Department of Public Safety)

Friction between MySpace and the states around this issue is not new. Some attorneys general have criticized the company for failing to do more to keep sexual predators off its site. A couple of years ago, MySpace initially rebuffed efforts to share sex offender data, but the service finally agreed to provide officials with the requested information. It then reportedly removed 29,000 sex offenders from the membership rolls. A year ago, when MySpace reached an agreement with the attorneys general, it said it would cooperate with law enforcement officials and develop technology for age and identity verification.

As social networks have grown in popularity (MySpace had 125 million unique visitors in December), law enforcement agencies have warned about the potential danger to minors posed by sex offenders trolling through cyberspace. Politicians, who have picked up that battle cry, have urged social networks to put in place tougher measures to protect minors.

Politics aside, the threat is not just theoretical. Steve Rambam, who is the director of private investigative firm Pallorium, said he found 100 registered sex offenders with MySpace profiles. One man used his mug shot as his main photo, while another, who was convicted of using the Internet to solicit a minor for sex, lists a 15-year-old girl as a friend on his MySpace page.

In carrying out his research, Rambam said he ran a list of 40,000 registered sex offenders against more than 2 million MySpace member pages. He came up with nearly 12,500 likely matches. After comparing the MySpace member photos with mug shots on a registered offender database, Rambam found 100 confirmed matches and said he would have found more if he had continued the research.

Among those matches, CNET News confirmed that at least half a dozen included registered sex offenders. One member's MySpace profile headline read, "Daddy, Oh My Goodness," while another featured a photo caption that reads, "Never accept a ride from a stranger, unless they give you candy first." A third member, who was convicted of sexual assault, uses violent, misogynistic language on his profile page.

"Based on the number of hits we're getting as a percentage of genuine MySpace users we believe that there are anywhere from 3,000 to 39,000 sex offenders on MySpace," Rambam said on Friday.

This is the MySpace page of what appears to be a registered sex offender who used his mug shot (see image above) as his profile photo.

(Credit: MySpace)

MySpace is using technology from a company called Sentinel Tech to help find and remove registered sex offenders from the site. According to MySpace, the company takes information members provide when they sign up and information they put on their profile and runs it against Sentinel servers that contain information about registered sex offenders, and follows up with manual checks of suspicious members.

John Cardillo, chief executive of Sentinel, questioned Rambam's methodology.

"We audit our database against all the sites out there, against the states' registries and the federal government registries... It could just be an issue of an individual maybe entering false information and we'll catch them down the road. Without seeing (the research), I can't really comment on it," Cardillo said. "MySpace deploys the most robust and impressive scrubbing apparatus in the business."

Rambam said he stands by his research. "We have a high degree of confidence that the first 100 matches we've compiled match on first and last name, city and state, exact age, and the photos clearly show the same person," he said. "Because of certain information and certain technology we have available to us, we were able to de-anonymize a lot of data and then do a second scrubbing run."

The matches all came directly from state sex offender registries and from the Megan's Law sex offender database, all publicly accessible data, Rambam said.

Rambam did the MySpace research on behalf of California lawyer Gary Kurtz, who is representing a company called Blue China Group in defending itself against a spam lawsuit filed by MySpace. "As part of that defense we are investigating a number of aspects about MySpace, and this pedophile issue popped up as something astounding," Kurtz said.

"These sex offenders and the efforts to find them are a small portion of a year-long investigation we conducted into MySpace," Rambam said.

"MySpace filed a complaint against Blue China Group in federal court in Los Angeles alleging that BCG repeatedly phished and spammed millions of MySpace users," MySpace Chief Security Officer Nigam said in his statement. "Unfortunately, while that lawsuit continues, BCG has apparently decided to raise this unrelated issue without providing any data to support its assertions."

Rambam said two state attorneys general offices have been in contact with him regarding his research. He found hundreds of potential matches from one of the states on MySpace and is preparing a report to give to that agency next week, he said, declining to name the states.

"This ongoing evidence completely refutes claims that child predators are an overblown threat," said Blumenthal, who is on a panel of 11 state attorneys general who have been investigating MySpace and other social-networking sites. "This is the tip of the iceberg."

A report issued last week by the Internet Safety Technical Task Force concludes that minors are less vulnerable to sexual predation than previously believed.

A number of nifty applications have popped up in response to the 2008 elections, like Google's tool to search political speeches and the Obama iPhone application. One more social-networking application is attempting to gain from the current political fever with a very speculative electoral map. For an application with only 321 active monthly users on Facebook, the myPicks U.S. Election 2008 electoral college map looks surprisingly (though certainly not completely) reasonable.

Developed by the Indian company Pramati Technologies, using the Sun Microsystems' social-application tool zembly, myPicks U.S. Election 2008 is a game that lets you "run" for office. The game, which runs on Facebook and MySpace, was developed after a strong response to myPicks Beijing 2008 on Facebook.

The myPicks Election 2008 electoral college map has Obama winning with 286 electoral votes as of October 9.

The point of the game is to accumulate points to move up in the political ranks. A player starts out as a lowly citizen with zero points but quickly earns them by participating in polls, answering trivia questions, and getting "donations" from other users of the application. It takes 2,500 points to put you in the running for school board and 10,000 makes you a candidate for mayor, but the ultimate goal is to become a presidential candidate with 1,000,000 points.

The application asks each player to give their state and to choose a campaign slogan. For the uninspired, it has a handful of generic slogans it offers up like, "Preparing for the future" and "Tomorrow is looking great." It then asks you to answer whether you will be voting for John McCain or Barack Obama, and which of the two you think will win.

The game shows what the electoral map would look like if the presidential election were held that day, based on the answers given by users of the application. Given the application's paltry following, the electoral map clearly cannot represent any sort of reality. On October 9, the application had Obama winning a solid 286 electoral votes and McCain earning 152, with 100 electoral votes left as a toss-up.

The electoral projection map from FiveThirtyEight.com has Obama winning with 346 electoral votes.

(Credit: FiveThirtyEight.com)

As it turns out, though, the map does not look too different from serious predictions being made at sites like FiveThirtyEight.com, which as of October 8 had Obama winning 346.8 electoral votes and McCain winning 191.2. Both maps have critical states like Nevada and Ohio in Obama's camp, while the traditionally Republican-voting Virginia appears as a solid Obama state on both maps.

There are, of course, some wacky outcomes on the myPicks map, such as the tie between Obama and McCain in Louisiana. Perhaps it just goes to show that Obama needs to work the Facebook crowd if he wants to win over more red states.

The annals of history are replete with examples of teenage angst and unrequited love. It took the state of New York to make those a crime.

State prosecutors decided to charge Isaiah Rodriguez, 18, of aggravated harassment and endangering the welfare of a child over a series of MySpace.com messages professing his ardent devotion to a 14-year-old girl.

The messages said, in part: "I love you;" "we need to be together;" I will see you every day;" and "I will never stop trying to talk to you."

That, according to the solons in the New York state attorney general's office, amounts to a violation of Section 240.30 of the state penal code. It says: "A person is guilty of aggravated harassment in the second degree when, with intent to harass, annoy, threaten or alarm another person...causes a communication to be initiated by...electronic means...in a manner likely to cause annoyance or alarm."

Fortunately, the New York City criminal court thought otherwise. In a ruling on April 4, Judge Michael Gerstein in Brooklyn wrote this, which I've excerpted (thanks to Santa Clara University law professor Eric Goldman for the tip):

The words "we need to be together;" "I will never stop talking to you;" and "I love you" are not threats, but appear to be merely the symptoms of unrequited love--the same hopeless affection that, among countless others, Dante felt for Beatrice; Don Quixote for Dulcinea; Cyrano for Roxane; Quasimodo for Esmeralda; Young Werner for Lotte; Jay Gatsby for Daisy Buchanan; and that Charlie Brown felt for the Little Red Haired Girl. While these romances do not usually end well for the pursuing party, the People have cited neither statute nor case law that might punish the communication of unrequited love, even if such is undesired.

Teenagers are especially vulnerable to the "madness most discreet" that makes sad hours seem long. Mere pages before he met Juliet, Romeo pined for Rosaline; Adrian Mole longed for Pandora Braithwaite in volume after volume of his "secret diaries;" and Dion implored of the skies up above, "why must I be a teenager in love?" vowing, just a few verses later, that "if you should say goodbye, I'd still go on loving you." When teenagers fall in love, as song lyrics and studies show, they are more likely to exhibit almost manic behaviors, take risks, act compulsively, and sometimes pursue, with reckless abandon, the objects of their affection. While the actions of a love-struck teenager may well be foolish, reckless, or otherwise acts which might not be expected from a mature adult, they are not, without more, elevated to crimes.

The allegations in the Complaint merely establish that Defendant declared his feelings for the Complainant. Conversely, the Complaint is devoid of allegations that the Defendant knew his declarations would be coldly received. The alleged messages that form the basis of the charge of Aggravated Harassment were transmitted through Myspace, a social networking website that allows each user to choose which friends will be part of his or her network. When another Myspace user receives an invitation to be friends, he or she must choose whether or not to communicate with the requesting user. At any time, a Myspace user may remove friends from his or her network, or may block unwanted communications. Thus, while it is reasonable to assume that at some point, Complainant added the Defendant, under his nom de plume"looking 4 the right one in my life," to her list of friends, the Complaint contains no allegations that Complainant attempted to quell Defendant's love by blocking Defendant's messages or by asking him to cease writing her. We therefore find that the Complaint fails to show that the Defendant intended to alarm, threaten or annoy the Defendant.

Although the court didn't go there, another problem is that the state law violates the First Amendment and New York state's constitution. That's because the First Amendment protects even annoying speech--otherwise some overtly political Web sites, let alone sites like Annoy.com, might not even be able to exist.