Thank You For Submiting Feedback!
The language of former 18 U.S.C.S. § 1030(a)(2)(C) (amended 2008) does not explicitly state (nor does it implicitly suggest) that the Computer Fraud and Abuse Act, 18 U.S.C.S. § 1030, has criminalized breaches of contract in the context of website terms of service. Normally, breaches of contract are not the subject of criminal prosecution. Thus, while ordinary people might expect to be exposed to civil liabilities for violating a contractual provision, they would not expect criminal penalties. This is especially the case where the services provided by a web service provider are in essence offered at no cost to the users and, hence, there is no specter of the users defrauding the provider in any monetary sense.
Defendant Lori Drew entered into a conspiracy in which its members agreed to intentionally access a computer used in interstate commerce without (and/or in excess of) authorization in order to obtain information for the purpose of committing the tortious act of intentional infliction of emotional distress upon Megan Meier. Defendant, and her co-conspirators, registered and set up a profile for a fictitious 16 year old male juvenile named "Josh Evans" on the www.MySpace.com website ("MySpace"). The conspirators contacted Megan through the MySpace network (on which she had her own profile) using the Josh Evans pseudonym and began to flirt with her over a number of days. Eventually, “Josh” told Megan that he no longer liked her. Megan killed herself. Subsequently, defendant was charged with one count of conspiracy in violation of 18 U.S.C. § 371 and three counts of violating a felony portion of the CFAA, i.e., 18 U.S.C. §§ 1030(a)(2)(C) and 1030(c)(2)(B)(ii), which prohibited accessing a computer without authorization or in excess of authorization and obtaining information from a protected computer where the conduct involved an interstate or foreign communication and the offense was committed in furtherance of a crime or tortious act. The jury found that the defendant was guilty of the “lesser included” misdemeanor CFAA violation of 18 U.S.C. §§ 1030(a)(2)(C) and 1030(c)(2)(A), but was acquitted of felony charges under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C.S. § 1030. Defendant moved for a judgment of acquittal pursuant to Fed. R. Crim. P. 29(c).
Did an intentional breach of an Internet website's terms of service, without more, constitute a CFAA misdemeanor violation, and if so, did the statute survive a vagueness challenge?