Lori Drew was convicted late last year on charges related to her role in a cruel hoax that led to the tragic suicide of thirteen-year old Megan Meier in Missouri in 2006. But today, at her sentencing, the judge threw out her convictions. Millions around the world were horrified by Megan’s fate, and many will probably be upset that Drew might go unpunished. But we need to separate three questions in this case:
- Should the federal anti-hacking law under which she was convicted really be applied in such cases?
- What, precisely, was Drew’s involvement?
- The key question: What should be done about the general problems of cyberbullying and cyberharassment?
Misuse of the Anti-Hacking Statute
Judge Wu has yet to issue his written opinion but seems to have agreed with the various experts on Internet law who argued that, however tragic the Meier case was, the Computer Fraud & Abuse Act (CFAA) should not have been applied to Drew. Most notably, the Electronic Frontier Foundation filed an Amicus Brief in support of Drew’s motion to dismiss the charges against her—summarized by Groklaw and the Harvard Journal of Law & Technology. Orin Kerr, a leading Internet law professor, felt so strongly about the consequences of using the CFAA to criminalize violations of privately written terms of service that he joined Drew’s defense team. Kerr demonstrated the problems of essentially allowing private parties to create the grounds for criminal offenses (if violated by users) by suggesting obviously ridiculous new terms of service for the Volokh Conspiracy, the group blog he writes on.
Hard as it may be for those who want to “see justice done” in this case, the CFAA just isn’t the right law to apply—which raises the question of whether new laws are needed, discussed below.
Uncertainty About Drew’s Role
The judge may also have been influenced by uncertainty as to Drew’s actual role in the case. Initial coverage of the story suggested that Drew created the fake MySpace persona of a teen boy (“Josh Evans”), then used that profile to woo Meier, a classmate of Drew’s daughter, only to deliberately—and cruelly—break her heart. After Missouri prosecutors and the FBI declined to press charges against Drew, federal prosecutors in California decided to do so, but Drew consistently maintained that it was not her idea to create the account.
When she finally went to trial, Ashley Grills, an 18-year-old friend of the Drew family, changed her story: Grills had initially claimed that creating the account was Ms. Drew’s idea, but admitted at trial that she (not Drew) created the fake “Josh Evans” account and that most of the conversations between Meier were with Grills, not Lori Drew. In particular, the final blow that seems to have driven the emotionally fragile Meier to suicide apparently came from Grils, not Drew:”You are a bad person and everybody hates you. Have a shitty rest of your life. The world would be a better place without you.”
We’ll probably never know exactly what actually happened, but it does appear that Drew was not the prime instigator behind the hoax, as she first appeared to be, but played more the role of a facilitator. Unconscionable as its for any adult, especially a parent to encourage, promote or even allow such behavior, it may not create legal liability.
Cyberbullying: What’s Next?
The real question here is how we should deal such cases more generally. Adam Thierer and I released a major study of these issues a few weeks ago: Cyberbullying Legislation: Why Education is Preferable to Regulation—which Adam recently dicussed at a Capitol Hill briefing. We distinguish among three problems that have been conflated in coverage of this issue:
- Cyberbullying: kid-on-kid abuse online
- Cyberharassment generally: people of all ages using the Internet to harass each other
- Adult-on-kid cyberharassment: the Megan Meier case
Confusion of these three issues has resulted in some very inappropriate responses to the problem. Most notably, Rep. Linda Sánchez has proposed the “Megan Meier Cyberbullying Prevention Act,” which would make it a federal felony with a sentence of up to two years to transmit “any communication… with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior.” While Sánchez claims uses the word “cyberbullying” (Problem #1), her rhetoric (and the title of the bill) is really focused on adult-on kid cyberharassment (Problem #3). Punishing that special kind of abuse by adults of children, who are particularly vulnerable, might well be something federal law should address. But Sánchez’s bill doesn’t do that; instead, it seeks to punish all cyberharassment (Problem #2). Sánchez’s fails in several other respects to clearly define its terms and scope, thus raising serious constitutional concerns about the bill’s effect on chilling constitutionally protected free speech, as well as about the due process rights of those who might be prosecuted under the bill.
In our paper, we highlight a number of substantial changes that would need to be made to create a narrowly-tailored bill appropriate to the problem of adult-on-kid cyberharassment. But we also explain why it’s probably not possible to craft a law consistent with the Constitution to address the general issue of cyberharassment: While state laws generally apply to cyberstalking (where a threat of physical harm is made or felt), it’s profoundly difficult to distinguish between “harassment” and simple online conversations.
We do think something can and should be done about the very real problem of kid-on-kid cyberbullying (Problem #1). But rather than treat kids as felons (the Sánchez approach), lawmakers could get serious about supporting online safety education, awareness-building efforts, prevention, and intervention. Such an approach would avoid thorny constitutional problems and has recently been floated in both chambers of Congress. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services. These agencies will also work in consultation with education, Internet safety, and other relevant experts to administer a five-year grant program, under which each grant will be awarded for a two-year period. Eligible non-profits may use the grants to:
(1) identify, develop, and implement Internet safety education programs, including educational technology, multimedia and interactive applications, online resources, and lesson plans;
(2) provide professional training to elementary and secondary teachers, administrators, and other staff on Internet safety and new media literacy;
(3) develop online-risk prevention programs for children;
(4) train and support peer-driven Internet safety education initiatives;
(5) coordinate and fund research initiatives that investigate online risks to children and Internet safety education;
(6) develop and implement public education campaigns to promote awareness of online risks to children and Internet safety education;
(7) educate parents about teaching their children how to use the Internet and new media safely, responsibly, and ethically and help parents identify and protect their children from risks relating to use of the Internet and new media
This is exactly the right approach. This bill truly deserves the name “Cyberbullying Prevention Act,” while the Sánchez bill might more accurately be called the “Cyberharassment (of all kinds) Punishment Act.” Rather than pursuing regulation through criminal sanctions that would chill protected speech, education is the better approach—something the federal government can help to support. As Adam and I conclude in our paper:
Again, real online safety and proper netiquette begin at home. We need to teach our kids to be good cyber-citizens. We shouldn’t expect the government (or even schools) to do it all for us. But to the extent government can do something constructive about this problem, it is education and awareness-building that will have the most profound, lasting results. Although more substantive penalties cannot be ruled out entirely, creating new classes of crimes to deal with this problem is unlikely to solve the scourge of cyberbullying.
Clearly, based on the emerging research, the young people who are involved in cyberbullying incidents—both as perpetrators and targets—have many problems. Addressing these painfully real issues will require applying effective risk prevention and intervention strategies. Instead of promoting such education, prevention, and intervention solutions, the Sánchez bill would simply create a new federal felony to address this problem. But criminalizing kid-on-kid behavior in whatever form will likely not solve the age-old problem of kids mistreating each other. Indeed, this problem has traditionally been dealt through counseling and rehabilitation at the local level. By contrast, the federal justice system generally works through criminal penalties. If federal criminal law has a role to play, it is in punishing clear cases of harassment of minors by adults in ways that do not chill free speech protected by the First Amendment and that are consistent with the Fourteenth Amendment’s due process guarantees.
Unlike the Sánchez bill, the Menendez bill is grounded in the need to implement such counseling and rehabilitation approaches in schools and communities. If members of Congress want to enact legislation that has a chance of effectively reducing truly harmful behavior—and which avoids constitutional pitfalls and subsequent court challenges—the Menendez bill provides the best avenue to accomplish that important goal at this time.