Unauthorized Use of Work Computers: It Might Get You Fired, but It’s Not a Crime

You may remember a story from a couple years ago about Lori Drew – she was a woman who, for whatever reason, decided to torment one of her teenaged daughter’s “enemies” (really, as a teenager, who in the world has any real enemies?), who was also a teenage girl. She did this by creating a fake MySpace profile, and posing as a boy who was about the girl’s age. Over a period of time, the girl fell in love with this fictional boy. When the time was right, Lori Drew revealed her trick, crushing the girl’s spirits. She committed suicide some time later.

As one might expect, the public was outraged when this happened, and demanded that the legal system “Do Something™”. State authorities came to the conclusion that there was no criminal statute under which Drew could be charged. A U.S. attorney, however, decided to charge her under federal law. Now, there is no federal cyber-bullying statute. In fact, there is really no federal law that directly deals with Ms. Drew’s conduct. So, the U.S. attorney charged her with violation of the Computer Fraud and Abuse Act, which makes any unauthorized access to a computer system a criminal offense. The prosecutor argued that, by accessing MySpace using a fake profile (a violation of the MySpace terms of service), Drew had gained unauthorized access to that computer system. She was convicted of misdemeanor charges, but her conviction was overturned by the judge.

An interesting case (PDF) (also reported here) on this same matter has just come out of an appeals court in New Jersey. A police officer accessed video files from a central computer that showed cameras in other squad cars. One officer, who apparently disliked another officer, accessed the files, and viewed a recording which allegedly showed him breaching protocol during a traffic stop (allowing a drunk driver to urinate in the bushes before being taken in). He then apparently showed the video to officers below the minimum rank allowed to view it, for the purpose of harming and embarrassing the other officer.

He was charged under New Jersey’s equivalent of the Computer Fraud and Abuse Act, which criminalizes unauthorized access to computer systems, and the court has dismissed the indictment.

Essentially, it reasoned that, without more, anyone who has been granted a password in good standing to that system, and accesses the information that is meant to be available to the user’s account, no crime has been committed. Now, the use that the user makes of the information might make it a crime, obviously. For example, he could disclose confidential material. However, in this case, the officer’s use was not sufficient to elevate it to criminal conduct.

In an increasingly wired world, this seems like a reasonable position to take. Every time we access the Internet, we’re constantly accessing a huge number of different computer systems, in the form of websites. And most major websites have terms of use. How many people actually read these walls of text? Not many, I’d wager.

While the conduct of Lori Drew was reprehensible, and this police officer doesn’t exactly come away smelling like roses, the law should not be twisted to criminalize conduct we don’t like, when no criminal law explicitly dealing with the subject exists.

Now, we’re starting to see laws designed to criminalize conduct like that of Ms. Drew, which I’ve previously discussed at length. I’ve so far concluded that the one legislative response I’ve seen has been pretty asinine, and probably unconstitutional. As for the conduct of the police officer, it seems like something that could be easily dealt with internally, through retraining or discipline, such as suspension or termination of employment.

I’m beginning to think that our society is becoming over-criminalized. That is to say, we’re trying to punish people criminally, even though they likely committed no crime (no matter how horrible the conduct was). There are some things, I believe, that don’t need to be crimes, and can be better dealt with by the victims seeking civil remedies, in the case of Lori Drew, or internal discipline, as in the case of the police officer.

We have to accept that, in a free society, a lot of things that we don’t like are going to be legal. We’re free to morally condemn those things, but knee-jerk criminalization is not the proper response.

What our clients think

At LegalMatch, we value our client’s opinion and make it a point to address their concerns. You can refer to our reviews page if you want to know what our clients have to say about us.