Category Archives: cybercrime
Question: Can I sue someone for impersonating someone on the Internet?
I received this question via email from a reader:
Dear Ask a Cyber Lawyer:
My boyfriend is stationed over seas in the Air Force, and we usually use the internet to communicate. It turns out that his ex-wife has been using an old account of his, and pretending to be him. I just found out that while I thought I have been chatting with him, I was really chatting with his ex. This has caused me a lot of emotional anguish. Is there any way I can sue her?
My response is this. With out knowing anything else about the case, it is possible that there could be several causes of action that could be brought against her by both you and your boyfriend.
First, in some jurisdictions it is actually a crime to impersonate someone on the internet. So it might be worth while to involve the police.
Second, there are civil causes of actions you can bring up. One is the tort of Intentional Infliction of Emotional Distress, or IIED. Intentional Infliction of Emotional Distress occurs when the Defendant intentionally or recklessly commits extreme and outrageous conduct which causes the plaintiff to suffer emotional distress (in some jurisdictions this action must be done in public). If you were induced by this person to commit some sort of act, such as send money, there are fraud actions which may be available as well.
Your boyfriend may also have causes of action available. First, anything she said while impersonating him is likely actionable as defamation. Likewise he may also have an invasion of privacy claim for portraying him in a false light.
My advice is call my firm, or an attorney in your area and make an appointment to discuss the specifics in this matter.
Disclaimer: This blog post contains no actual legal advice. It is difficult to dispense comprehensive legal advice on the internet. If you find the information on this site interesting and insightful, great. But before you rely on any of this advice, please consult a legal professional with the specific details of your case or controversy.
Missouri Supreme Court strikes down part of Cyber-bullying law
In general I am opposed to setting aside separate laws for “cyber-bullying”. Bullying is bullying, and while it is easier to do it anonymously online, it should be treated the same as if it were through any other medium, such as random phone calls, and anonymous letters. The problem is, they are usually extremely broad and vague, such as the Tennessee version I have blogged about in the past.
This is exactly what happened here. The law was partially struck down because portions were “void for vagueness”, and therefor violated due process clause the 14th amendment of the United States Constitution. The Missouri cyber-bullying law came about from a bizarre case five years ago when a teenager committed suicide after being humiliated by a classmate’s mother who was posing as a teenage boy she developed a relationship with.
This case dealt with criminal charges against defendant Danny Vaughn, who was charged with criminal burglary and harassment in 2010. According to the Washington Post, Vaughn entered into the residence of his former wife, and repeatedly made unwanted and harassing phone calls to her, which triggered the cyber-bullying portion of the statute.
Under the applicable portion of the statute(Section 565.090.1, RSMo Supp. 2008) harassment occurs when an individual.
(5) Knowingly makes repeated unwanted communication to another person; or
(6) Without good cause engages in any other act with the purpose to frighten, intimidate, or cause emotional distress to another person, cause such person to be frightened, intimidated, or emotionally distressed, and such person’s response to the act is one of a person of average sensibilities considering the age of such person.
The court ruled that both these portions are unconstitutional because they can be used to criminalize constitutionally protected free speech, specifically with the terms, “frighten”, and “intimidate”. They also opined that “Knowingly makes repeated unwanted communications” was both to broad, and could also be used to criminalize protected speech, especially political speech.
In my opinion though, even in its reduced form, the law could still have been used to prosecute that mother who harassed the teenage girl into committing suicide, so its original purpose remains intact. I do agree with the court that the constitutionally vague portions of the law must be addressed in the legislature.
New Legislation Replaces Dead SOPA and Dying PIPA
First there was the cumbersome named and even more cumbersome acronym, Comba
ting Online Infringement and Counterfeits Act (COICA). This bill died in committee. Then there was the more simply named and Stop Online Piracy Act (SOPA) and its brother in the Senate, Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA- originally PROTECT IP). SOPA was referred to committee on the House floor, PIPA was placed into permanent suspended animation in the Senate.
Now comes the Cyber Intelligence Sharing and Protection Act (CISPA). It doesn’t have the teeth of COICA, nor the cool acronym of SOPA and PIPA, but could it pass? It seems that every new version of this bill erodes the power and control of the federal government in exchange for either greater support or less opposition by corporate interests and digital rights advocates.
There are differences between SOPA and CISPA. First, CISPA does not put onus of enforcement on internet service providers. Under SOPA, ISP’s were required to strangle bandwidth from sites suspected of violating copyright. Instead the responsibility for protecting copyright is on the copyright holders themselves. CISPA also does not create a necessarily antagonistic relationship between internet companies and the government. Instead it encourages information sharing for the sake of increased cyber security. While shifting balance between privacy and cyber security will always be controversial, it may be necessary given the increase in cyber attacks over the past five years.
It maintains to be seen whether or not this bill can attain what SOPA and COICA couldn’t, enough bi-partisan support to pass and amend the national security act.
Fifth Amendment protects child porn passwords
Stories like this often upset readers. Nobody likes to hear the news that a child 
pornographer somehow slipped through the system. I tend to take a very different view, for if the law can be used protect the worst of society, it logically can be used to protect the best in society. This is the nature of law and we cannot cut it down just to receive a desirable end goal. Because if we can cut down the law to get at one person the law can be cut down to get at us as well.
The background of this case is pretty simple. A man was put on trial for possessing child pornography. The evidence is contained on his encrypted hard drive. Prosecutors get the judge to issue a court order compelling him to turn over the key to break the encryption. he refuses. The prosecution then offers him limited immunity in exchange for his turning over key. He again refuses and the court holds him in contempt. Legal issue is whether or not the court could hold them in contempt for refusing to turn over the pass key. 11th Circuit Court of Appeals has ruled that he does not have to turn over the pass key, because forcing him to do so would be a violation of his Fifth Amendment rights against self-incrimination. The Fifth Amendment provides that no one “shall be compelled in any criminal case to be a witness against himself”. In this case the defendant could not be compelled to turn over the pass key because doing would be a form of self-incrimination.
Interestingly this case raises many questions as it is applied to cyber law.recently laws have been enacted in several jurisdictions which compel individuals to turn over their cell phones to law enforcement officers during a traffic stop. If this cell phone is password-protected, does this ruling provide cover for the individual does not give the password to the law enforcement officer to prevent access to information on the phone?
The text of the full ruling can be seen on the 11th Circuit Court of Appeals website.
QUESTION: Is having a fake facebook page cyberstalking?
A Reader via email asks:
My daughter has had a “fake” Facebook page the past few years – not her real name, to stay anonymous but interact with people who like the same music she did. The fans are more than a little strange and she was only 19 at the time. She interacted with a young man on facebook and email approx 5 months who wanted a relationship with her, without ever divulging her real name/address/phone. She decided against it and ended contact with him a few weeks ago. Now he’s claiming my daughter was stalking him, impersonating someone she wasn’t and that he’s going to sue her for “anything my lawyers can think of.” I’m wondering what she might have done that could be considered illegal. I’m seriously concerned if this guy can actually hunt her down to our actual address with this threat of legal action.
Ok, here is the deal in plain terms. With the limited information I have, the only trouble your daughter probably caused was a violation of facebook’s terms of service. Facebook requires that users must be real persons and do not allow for any sort of pseudo-persons as users of their site.
The only way she could have stirred up some legal troubles is if she impersonated a real person, particularly a celebrity. This would possibly fall under the tort of invasion of privacy- appropriating a false identity. It doesn’t seem to be the case here.
As far as cyberstalking is concerned, the definition differs from jurisdiction to jurisdiction, but in general it is the unwanted and repeated intrusion into another person’s real-life vis-a-vis the internet. It does not look like she has done this, however, her accuser may be liable for cyberstalking himself. False victimization, or wrongly accusing others of cyberstalking is a form of cyberstalking in and of itself. Contacting her through the internet after she has made it clear that she does not want to be contacted is another, more obvious form of cyberstalking. If I were in your daughter’s situation I would make sure that he has no way of accessing her personal information.
Disclaimer: It is difficult to dispense comprehensive legal advice on the internet. If you find the information on this site interesting and insightful, great. But before you rely on any of this advice, please consult a legal professional with the specific details of your case or controversy.
NATO to Open Cyber Warfare Center
Military Intelligence is an area of interest of mine, particularly when it comes to cyber warfare and cyber security. A new cyber warfare center is opening in Estonia, the site of perhaps the first calculated cyber attack in history. In 2007, upset over the move of a war memorial in Estonia, Russian nationals coordinated an attack on the country’s internet infrastructure. The attacks crippled internet access in Estonia for a short period of time. This new NATO cyber warfare center aims to combat these types of coordinated attack. From British Forces News:
QUESTION: Three Questions on Illegal Downloading
A Reader from Colorado writes via email:
Dear Ask a Cyber Lawyer:
I have three questions on illegal downloading.
Q1: How do prosecutors prove illegally downloaded files are actually what their name says they are? For example, couldn’t BEATLESSONGNAME.MP3 be a garbage file? In which case no infringement occurred…
Q2: HOW do they know you downloaded? If they share to you, aren’t they also sharing?
Q3: If you only have part of a file, is it still illegal? If so, why?
Q1) Digital forensics rarely uses filenames as far as evidence is concerned aside of making it “human readable” for consumption by juries. If they have access to the file, they can simply play it. In file sharing cases, there is nothing preventing law enforcement or the RIAA (and friends) from accessing what you offer for download and playing it themselves.What is typical done with digital evidence is creating what is called a “cryptographic hash” of the file. This basically uses a complex mathematical formula to create a unique string of letters and numbers that shows the content of the file is unchanged. The mathematical formula is designed so that very small changes create very big differences in the hash value. Using this method, you can have a high-degree of confidence of what contents of a file (assuming you have a table) without having to worry about the filename. For instance, child pornography is usually archived by hash values by federal law enforcement and authorities can usually pinpoint a given picture to not only the victim, but the time and place of the assault.
Q2) The typical pattern of file sharing prosecutions or civil litigation is not to do “entrapment” (i.e. setting up a sharing site of their own and nailing everyone who downloads), but to find a hub of file sharing and see who is using it. This can be done a variety of ways from standard discovery or a wiretap order. If they have a wiretap order, they can simply see who connects to the fileshare, identify them, and go after them. If I worked for the RIAA (and I never will), wiretapping would be the primary tool I would use. (Under the provisions of the Patriot Act, a wiretap order is fairly easy to obtain)
Q3) That depends. It’s analogous to having “part” of a book. There is no bright-line between how much of a book you can use where fair-use becomes copyright infringement. I would imagine if you created 20-30 second cuts of a music file to distribute as ring tones (especially if you charged), then you could be liable for infringement. If you download a couple of random “blocks” of a music file that is unusable, I’m not sure that’s infringement. The two biggest things that get someone into trouble with copyright infringement is distribution and trying to “sell” content. If you aren’t doing one of those two things, you are “probably” ok. (I concur with this generally as a rule of thumb, that this would fall under fair use, just make sure that the clip is only a small portion of the entire song, especially if the track is short. The Beatles “Her Majesty” is only 23 seconds, so a 30 second clip would be the whole song and then some. This would not fall under fair use. However, no matter how long the song is, don’t use more than 30 seconds)
Disclaimer: It is difficult to dispense comprehensive legal advice on the internet. If you find the information on this site interesting and insightful, great. But before you rely on any of this advice, please consult a legal professional with the specific details of your case or controversy.
Update on Tennessee Cyberbullying law: State May Reconsider
Yesterday I wrote that the Tennessee ACLU was planning to sue the State of Tennessee over their new cybe
rbullying law, which was scheduled to go into effect July 1. Now it appears that the State may give another look. From the Daily News Journal:
We were told it doesn’t. And I still stand to be corrected,” Ketron said. “If it does, we’ll change it, because that was not the intent. The intent was to keep these kids from destroying other kids’ lives.”
The ACLU of Tennessee, which plans to file a lawsuit against the legislation, contends Public Chapter 362 violates free speech and expression guaranteed by the First Amendment. Ketron’s legislation is set to take effect Friday.
The ACLU says the law would make it a crime to post any image online that causes “emotional distress” to a person. Even though it was intended to curb online harassment, the law is too broad and sets no definitions for offensive or disturbing speech or images, the ACLU’s statement says.
They part of the law here is that the image causes “emotional distress”. I had mentioned void for vagueness before, but let’s put that aside for now, and look at the “emotional distress” issue. Emotional distress is a legal term of art, which arose out of tort law in the torts of negligent and intentional infliction of emotional distress. Since this type of crime would be a specific intent crime, the analysis would be more similar to Intentional Infliction of Emotional Distress (IIED). If we were to make the jump and relate the criminal aspect of this law to the “emotional distress” in tort, then the key element is “extreme and outrageous conduct”.
Back in March, the Supreme Court ruled on IIED and how it relates to the first amendment. The case, Snyder v. Phelps, Doc. No. 09–751, concerned the emotional distress inflicted upon those attending the funeral of a fallen Marine by the members of the Westboro Baptist Church, who were present there protesting. The Supreme Court concluded that the Freedom of Speech guarantee of the First Amendment protected the Westboro Baptist Church against the IIED tort. Taken to its logical conclusion, this means that Free Speech trumps the effect of emotional distress. This lends credence to the argument that the Tennessee anti-cyberbullying law is unconstitutional because the type of speech anticipated is protected by the first amendment, and that this protection is not surmounted by the emotional distress suffered by the individuals who may see the image.
With all this going against them, it is wise that the Tennessee legislature take another look at the law.
ACLU Plans to Sue Tennessee Over Internet “Harassment” Law
I wrote an article a few weeks ago about a new Tennessee law which would criminalize Internet “Harassment”. The main point of the article is that the new law would not pass constitutional muster. I included a rather long section about obscenity, the first amendment and “void for vagueness”. Seems like I was pretty much on point with all of my arguments. The American Civil Liberties Union (ACLU) is poised to sue the state once the law goes into effect on July 1, 2011. From the Daily News Journal:
This new law, which goes into effect on July 1, would make it a crime to post any image online that causes “emotional distress” to any individual.
“This new law creates a chilling effect on expressive political, artistic, and otherwise lawful speech and also turns political activists, artists and others into criminals,” said Hedy Weinberg, ACLU-TN executive director, in a press release. “In addition, anyone with an online presence, such as social media users, becomes vulnerable.”
The “offensive images” law was intended to curtail Internet harassment but provides no criteria for determining what is offensive or disturbing. The new law’s overly broad and vague language leaves everyone with an online presence vulnerable to prosecution, the ACLU press release said.
There are times when I agree with the ALCU, there are times where I disagree vehemently with the ACLU. This is one point where I am in agreement, not for any moral or libertarian reason, but because I believe the law to be objectively unconstitutional. The purpose of the doctrine is for lawyers, jurists, and especially laymen to understand what conduct is and is not lawful conduct, and this law fails at this miserably. I do agree that internet harassment is a problem, and there it needs to be curtailed, but this is will not work.
The end result, the law will probably be enjoined at the outset, and Tennesseans will immediately be able to go back to doing disgusting things on chatroulette. Don’t know what chatroulette is, and what it is for? Ask Jon Stewart.
Embed a Copyrighted Video, Go Straight to Jail
Let me start off by saying, unless Senators Amy Klobuchar, and Christopher Coons want to ensure that the Democratic Party is labled the anti-net-freedom party, this bill will never get out of committee (Yes Republican John Cronyn is also a co-sponsor, but he’s such a luddite, he may think the internet is a series of tubes). In short, the bill attempts to reconcile existing civil and criminal copyright law to extend to embedding videos on Youtube and other sites, where individual views may be considered considered “performances”. From Tech Dirt:
Supporters of this bill claim that all it’s really doing is harmonizing US copyright law’s civil and criminal sections. After all, the rights afforded under copyright law in civil cases cover a list of rights: reproduce, distribute, prepare derivative works or perform the work. The rules for criminal infringement only cover reproducing and distributing — but not performing. So, supporters claim, all this does is “harmonize” copyright law and bring the criminal side into line with the civil side by adding “performance rights” to the list of things.
If only it were that simple. But, of course, it’s not. First of all, despite claims to the contrary, there’s a damn good reason why Congress did not include performance rights as a criminal/felony issue: because who would have thought that it would be a criminal act to perform a work without permission? It could be infringing, but that can be covered by a fine. When we suddenly criminalize a performance, that raises all sorts of questionable issues.
The penalties for infringement are very harsh, according to the article, 10 “performances” could land an individual 5 years in prison. The definition of “performance” is ambiguous, but it could mean that if you post a copyrighted video on youtube, and it gets 10 “views”, it may be enough to get 5 year term. You can view the full text of the bill here.
James Skyles
