Lori Drew Guilty of 3 Misdemeanor Violations of the Computer Fraud & Abuse Act

By Eric Goldman

According to news reports (WSJ Law Blog, LA Times, AP), the jury has declared Lori Drew guilty of “three misdemeanor counts of accessing a computer without authorization.” I would like to parse the actual jury verdict form to make sure we understand what the jury actually said. For now, some preliminary observations.

First, the jury verdict is not the last step in the process. For example, the judge could still dismiss the case notwithstanding the jury verdict. Personally, I think it was a mistake for the judge to let this case go to the jury; overturning a jury ruling is always a dangerous move for a trial judge, and it would be especially awkward here for the judge to kick the case out now given the high emotions and heavy press coverage for this case. There could be a retrial (especially on the fourth charge, which resulted in a hung jury). It is also possible the jury verdict could be reversed on appeal. Finally, if none of those occur, a sentence that didn’t include jail time would still be a travesty but would still have let the people have their vengeance while reducing the injustice to Drew. So it’s hard to assess the meaning of the jury verdict because it’s only 1 chapter in a longer story.

Second, I am even more convinced that it was a travesty of justice for the government to bring this case at all. The facts elicited at trial demonstrated the illogic of the government’s argument that Lori Drew made unauthorized uses of MySpace’s servers, including the facts that:

* Lori Drew did not create the MySpace account at issue (Grills, the babysitter, did–but she got government immunity for testifying against Drew)

* Lori Drew did not click OK to the MySpace user agreement (Grills did)

* Lori Drew did not send the final fateful message (Grills did)

* some of the messages at issue were not even sent through the MySpace network (they were sent through AOL)

These facts severely undercut the government’s theories about the Computer Fraud & Abuse Act. They should also frighten each of us who may have broken an online user agreement, intentionally or not, at some point in our lives, by showing how easy it could be to violate the CFAA. The tenuousness of the law’s application to the facts reinforced that the real trial was over Lori Drew’s moral culpability for Meier’s death…though that wasn’t supposed to be on trial.

Third, regardless of how this case turns out, I remain frustrated by how pro-regulatory forces are using Meier’s death–a tragic but highly anomalous situation–as grist for their pro-regulatory agendas. In particular, the push to legally prohibit “cyberbullying” baffles me. I don’t even understand the term, but I do know that we cannot legislate people being nice to each other, online or off, and we don’t even try in most offline circumstances. Further, as the expansive interpretation of the CFAA highlights, restrictions against “cyberbullying” could chill many socially beneficial and protected activities. So, I hope we can resist the pro-regulatory temptations. Ironically, a guilty verdict for Lori Drew might have that salutary effect by showing that existing laws can punish “bad” actors, even if legal justice is being denied to Lori Drew in the process.

UPDATES: More coverage: NYT; NYT #2 (news analysis), Christopher Soghoian (pointing out examples of egregious user agreements that convert many site users into criminals).

Private investigators are stressing about this ruling.