Just caught this LA Times editorial from a couple of days ago on the “Overreaction to Online Harassment.” The piece makes many of the same points that Berin Szoka and I stress in our PFF paper on “Cyberbullying Legislation: Why Education is Preferable to Regulation.” [Also, here’s a video of a debate on these issues that I took part in up on Cap Hill this summer.]

The Times editorial notes that, “Because of a past tragedy, lawmakers and prosecutors are becoming overzealous in combating noxious behavior on the Web.” Specifically, they are referring to the tragic case of Megan Meier, the teen who committed suicide after being harassed on MySpace. “Members of Congress often try to expand the powers of federal prosecutors and courts when state law doesn’t produce the results they seek, especially when confronted with cases as heart-wrenching as Meier’s,” the Times noted. For example, in may 2008, Rep. Linda Sánchez (D-CA) introduced H.R. 1966 (originally H.R. 6123), the “Megan Meier Cyberbullying Prevention Act,” which would create a new federal felony to deal with this concern.

But creating a federal crime for something that is mostly peer-on-peer activity seems like overkill. Moreover, the Times notes, “the bill is so vaguely written” that it “would have a hard time withstanding a 1st Amendment challenge if it ever became law.”  As you’ll see in our paper, Berin and I agree, but we also point out that cyberbullying is a very serious matter since evidence suggests the cyberbullying is on the rise and that it can have profoundly damaging consequences for children.

The Times would have been on stronger ground had they pointed out that fact as well the presence of a solid alternative to the Sánchez bill: Education and awareness-building efforts. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services.  That’s the more sensible — and constitutional — way to address cyberbullying concerns should federal lawmakers feel the need to act.

Finally, as the Times concludes in its editorial, “harassment is amply addressed by state criminal and civil laws.” Existing state statutes can be extended to cover the most problematic forms of online harassment, especially those that involved adult-on-child contact. We don’t need to make a federal matter, or crime, out of this.

The painful issue of cyberbullying has recently taken center stage in the ongoing debate about online child safety. Last week I wrote about Lori Drew’s acquittal on charges related to Megan Meier’s tragic suicide, suggesting that the judge in the case was right to overturn her conviction on a very expansive reading of the federal anti-hacking statute. While I think that decision was necessary on legal grounds, it’s sure to add “fuel to the fire” of calls for “action” in Congress.  Thus, I emphasized that observers of the case need to separate their understandable outrage from the from the questions of (1) whether that statute was properly applied and (2) how the law should treat such cases in the future.

On the second question, Adam and I recently released a major entitled, “Cyberbullying Legislation: Why Education is Preferable to Regulation.”  We distinguish among:

1. Cyberbullying: kid-on-kid abuse online
2. Cyberharassment generally: people of all ages using the Internet to harass each other
3. Adult-on-kid cyberharassment: For example, Lori Drew’s alleged (but still unclear) role in the Megan Meier case

In a nutshell, we argue that education is the better approach to cyberbullying (Problem #1)—an approach taken by a bill introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL) .  We go on to argue that, while it would be difficult to create criminal sanctions for cyberharassment generally (Problem #2) without infringing free speech and due process rights, it might be possible to craft laws narrowly tailored to cyberharassment of kids by adults (Problem #3).

By contrast, Rep. Linda Sánchez has proposed the “Megan Meier Cyberbullying Prevention Act, which by its title purports to deal with that problem (#3) but would actually create a sweeping Federal felony for all cyberharassment (#2). We noted the potential Commerce Clause problems with states trying to regulate Internet speech, and emphasized education as a superior approach at both the federal and state level that avoids constitutional problems, but suggested that, if Congress does ultimately conclude a criminal law is needed for Problem #3, it would well to do look to how the states craft cyberharassment laws before creating any federal penalty.

Just about the time we finished our paper, Tennessee enacted a new law (PDF) that makes it a misdemeanor (up to 1 year in prison and a $2,500 fine) for making threats made online (cyberstalking) as well as certain instances of cyberharassment, defined as communications:

1. Made with “the malicious intent to frighten, intimidate or cause emotional distress”;
2. Made in a “manner the defendant knows, or reasonably should know, would frighten, intimidate or cause emotional distress to a similarly situated person of reasonable sensibilities; and
3. That actually result in making that person “frightened, intimidated or emotionally distressed.”

Prong #1 is essentially the same as the Sánchez bill (with the addition of the word “malicious”), while Prongs #2 and 3 somewhat increase the evidentiary burden faced by any prosecution under the law. So the bill suffers from many of the same problems that the Sánchez bill suffers from, which we discuss in our paper—most importantly, the bill would chill protected online speech because it is unclear when it would apply, and some online speakers would fear prosecution under the bill.

But what’s really disappointing here is that the original Tennessee bill at least recognized the critical importance of drawing distinctions by age.  It would have applied to specifically to harassing communications “with another person who is, or purports to be, less than 18 years of age” or to communications that cause “another person to be frightened, intimidated, or emotionally distressed, provided that the person’s response is one of a person of average sensibilities considering the age of the person.” While neither approach is quite what we recommend in our paper—if we’re going to criminalize anything, it should be adult-on-kid harassment—the original legislation was certainly better to what finally passed, which would likely fail to pass constitutional muster.

In a related context, Adam and I recently released another major paper detailing the serious consequences for online free speech of well-intentioned efforts to expand COPPA’s privacy protections for kids under 13 to cover all adolescents. There as here, while children under a certain age might be uniquely vulnerable and therefore require special protection (such as special penalties for cyberharassment by adults), we can’t treat everyone like small children without severely compromising freedom of expression online and the future vitality of the Internet itself. Again, this is why education is generally a better approach than criminalization.

As I noted recently, Berin Szoka and I just released a big PFF white paper (PDF) entitled, “Cyberbullying Legislation: Why Education is Preferable to Regulation,” which examines two very different federal approaches to the issue. One approach is focused on the creation of a new federal crime to punish cyberbullying, which would include fines and jail time for violators. One approach, set forth by Rep. Linda Sánchez (D-CA) in H.R. 1966 (originally H.R. 6123), the “Megan Meier Cyberbullying Prevention Act,” would create a new federal felony: “Whoever transmits in interstate or foreign commerce any communication, with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior, shall be fined under this title or imprisoned not more than two years, or both.”

The other legislative approach is education-based and would create an Internet safety education grant program to address the issue in schools and communities. In mid-May, the “School and Family Education about the Internet (SAFE Internet) Act” (S. 1047) was introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL). The measure proposes an Internet safety education grant program that will be administered by the Department of Justice, in concurrence with the Department of Education, and the Department of Health & Human Services.

On June 12, the Family Online Safety Institute (FOSI) hosted a discussion about these bill on Cap Hill, which was moderated by FOSI CEO Stephen Balkam. Representatives from both Rep. Sanchez’s and Sen. Menendez’s offices were on hand to discuss their bills, and I provided some feedback based upon what Berin and I concluded in our paper.  It was a good discussion and I encourage you to watch the whole thing because there were some good questions from the audience later in the show.

Forget net neutrality and the growing Googleplex. The real threat to Internet freedom comes from plain old criminal law.

In three weeks time, Missouri housewife Lori Drew will face trial for entering false personal details when she signed up for a MySpace account. Her indictment alone, whether or not she is convicted, should frighten anyone who’s ever filled out a form online.

The case, which captured the tabloid media when it broke last year, turns on unusual facts. Drew, posting as a teenage boy, created the MySpace account to probe why a neighbor’s daughter, Megan Meier, had broken off a friendship with her own daughter. She gave a few others access to the account, and things quickly spiraled out of control. Before long, “Josh Evans” (the fictional teen) and Meier were an online couple, and soon after that, they were hurling insults at one another on public message boards.

Meier, already suffering from depression, was devastated by Josh’s turnabout. A final private message from the Evans account–“The world would be a better place without you”–pushed her over the edge. Twenty minutes after receiving it, Meier hung herself in her closet.

Even though she was not responsible for the worst of the messages (according to a prosecutor who investigated the case but declined to file charged), Lori Drew mislead an emotionally troubled youth, and that was surely wrong.

But it’s more problematic to say that it’s a crime.

The theory of the prosecutor behind this case would make all Internet users criminals. It goes like this: Drew lied when she created the “Josh Evans” account. That was a violation of MySpace’s terms of service (those slabs of legalese that nobody reads before checking the box on a sign-up form). And by violating those terms, she accessed MySpace without authorization. “Unauthorized access” is a felony under a federal statute, the Computer Fraud and Abuse Act of 1986. The statute was meant to target hacking, but its loose language leaves the door open for a much broader reading.

(And as I discuss in a National Review Online column today, that’s the same law that could be used to prosecute the person who hacked into Gov. Sarah Palin’s email account.)

To put it succinctly: Violate any website’s terms of service, and you could face five years’ jailtime. Include a conspiracy charge (Drew faces several), and the maximum sentence doubles.

As the Electronic Frontier Foundation spells out in a brief in the case, that formula spells an end to online anonymity. Using a fake name or making up any detail when creating an email account or anything else could be grounds for prosecution.

Even innocent exaggeration could be targeted. Adding an inch or two to your height is a violation of the terms of service on Match.com and most dating sites.

But that’s not the scariest part. This threat isn’t just about one law, twisted into absurd form by an aggressive prosecutor, but thousands of them. After decades of fast growth, there are at least 4,450 separate criminal offenses in federal laws, and perhaps tens of thousands more in regulations. And then there’s state law: Each state, to begin with, has its own copy of the federal anti-hacking statute Lori Drew is accussed of violating.

I discuss this issue, in the context of the Drew case, at some length in a recent paper. The problem, in brief, is this: Public pressure has led legislators to criminalize so much behavior in vague and broad statutes that probably all Americans are criminals under some dumb law. When there’s a tragedy–like the death of Megan Meier–prosecutions will follow, whether or not anyone had reason to believe that what went on was actually against the law.

Fixing this one statute won’t solve the problem.

Right now, the only thing that safeguards our online freedoms–anonymity, free speech, the right to access speech, and so on–is prosecutorial discretion that could be revoked for any one of us at any time for any reason. This isn’t a hypothetical–it’s happening today.