Cyberbullying: Proposed California law aims to criminalize online impersonations

I was interviewed yesterday for the local Fox affiliate on Cal. SB1411, which criminalizes online impersonations (or “e-personation”) under certain circumstances.

On paper, of course, this sounds like a fine idea. As Palo Alto State Senator Joe Simitian, the bill’s sponsor, put it, “The Internet makes many things easier. One of those, unfortunately, is pretending to be someone else. When that happens with the intent of causing harm, folks need a law they can turn to.”

Or do they?

The Problem with New Laws for New Technology

SB1411 would make a great exam question of short paper assignment for an information law course. It’s short, is loaded with good intentions, and on first blush looks perfectly reasonable—just extending existing harassment, intimidation and fraud laws to the modern context of online activity. Unfortunately, a careful read reveals all sorts of potential problems and unintended consequences.

A number of states have passed new laws in the wake of highly-publicized cyberstalking and bullying incidents, including the tragic case involving a young girl’s suicide after being dumped by her online MySpace boyfriend, who turned out to be a made-up character created for the purpose of hurting her feelings. (I’ve written about the case before, see “Lori Drew Verdict Finally Overturned.” )

Missouri passed a cyberbullying law when it turned out there was no federal law that covered the behavior in the MySpace case. Texas and New York recently enacted laws similar to SB 1411, though the Texas law applies only to impersonation on social media sites.

The problem with all these laws generally is that the authors aren’t clear what behaviors exactly they are trying to criminalize. And, mindful of the fact that the evolution of digital life is happening much faster than any legislative body can hope to keep up with, these laws are often written to be both too specific (the technology changes) and too broad (the behavior is undefined). As a result, they often don’t wind up covering the behavior they intend to deter, and, left on the books, can often come back to life when prosecutors need something to hang a case on that otherwise doesn’t look illegal.

Given the proximity to free speech issues, the vagueness of many of these laws makes them good candidates for First Amendment challenges, and many have fallen on that sword.

California’s SB 1411 as a Case in Point

SB1411, which last week passed in the State Senate, suffers from all of these defects. It punishes the impersonation of an “actual person through or on an Internet Web site or by other electronic means for purposes of harming, intimidating, threatening or defrauding another person.” It requires the impersonator to knowingly commit the crime and do so without the consent of the person they are imitating. It also requires that the impersonation be credible. Punishment for violation can include a year in jail and a suit brought by the victim for punitive damages.

First let’s consider a few hypotheticals, starting with the one that inspired the law, the MySpace case noted above. Since the boy whose profile lured the victim into an online romance that was then cruelly terminated was a made-up person (the perpetrators found some photo of a suitably shirtless teen and built a personality around it), SB 1411 would not apply had it been the law in Missouri. The boy was not an “actual person,” and, except perhaps to a thirteen year old with existing mental health problems, may not have been credible either. (The determination of “credibility” under SB 1411 would presumably be based on the “reasonable person” standard.) Likewise, law enforcement agents creating fake Craigslist ads to smoke out drug buyers, child molesters, or customers of sex workers would also not be violating the law.

Also excluded from SB 1411 would probably be those who use Craigslist to get back at exes or other people they are angry at by placing ads promising sex to anyone who stops by, and then gives the address of the person they are trying to get even with. In most cases, these ads are not credible impersonations of the victim; they are meant to offend them but not to convince a reasonable third person that they really speak for the victim. A fake Facebook page for a teacher who proceeds to make cruel or otherwise harmful statements about her students, likewise, would not be a credible impersonation.

The Twitter profiles being created to issue fake press releases purportedly on behalf of BP would also not be illegal under SB 1411. First, BP is not an “actual person.” Second, Twitter profiles such as BPGlobalPR are clearly parodies—they are issuing statements they believe to be what BP would say if it were telling the truth about its actions in relation to the gulf spill. (“We’re on a seafood diet- When we see food, we eat it! Unless that food is seafood from the Gulf. Yuck to that.”) Again, not a credible impersonation.

You also do not commit the crime by confusing people inadvertently. There are several people I am aware of online named Larry Downes, including a New Jersey state natural resources regulator, a radio station executive and conservative commentator, a cage fighter and a veterinarian who lives in a nearby community. (The latter is a distant cousin.) Facebook alone has 11 profiles with my name. Only one of them is actually me, but the others are not knowingly impersonating me just because they use the same name, even if some third person might be confused to my detriment.

Likewise, the statute doesn’t reach out to those who help the perpetrator, intentionally or otherwise. The “Internet Web sites” or providers of other electronic means aren’t themselves subject to prosecution or civil cases brought by the victims of the impersonation. So Craigslist, MySpace, Facebook, and Twitter aren’t liable here, nor are the ISPs of the perpetrators, even if made aware of the activity of their users and/or customers.

For one thing, a federal law, Section 230, immunizes providers against that kind of liability under most circumstances. Last week, Craigslist lost its bid to preclude a California lawsuit using Section 230 as its defense when sued by the victim of fake posts soliciting sex and offering to give away his possessions. The victim informed Craigslist of the problem, and the company promised to take action to stop future posts but did not succeed. But it lost its immunity only by promising to help which, of course, the site won’t do in the future! (See Eric Goldman’s analysis of the case.)

So there are important limitations (some added through recent amendments) to SB 1411 that reduce the possibility of its being applied to speech that is otherwise protected or immunized by federal law. (In the BP example, the company might have a trademark case to bring.) Most of these limits, however, seem to take any teeth out of the statute, and seem to exclude most of the behavior Sen. Simitian says he is concerned about.

Unintended Consequences

What’s left? Imagine a case where, angry at you, I create a fake Facebook profile that purports to represent you. I post material there that is not so outrageous that the impersonation is no longer credible, but which still has the intent of harming, intimidating, threatening or defrauding you. Perhaps I report, pretending to be you, about all of my extravagant purchases (but not so extravagant that I am not credible), leading your friends to believe you are spending beyond your means. You find out, and find my actions intimidating or threatening.

Perhaps I announce that you have defaulted on your mortgage and are being foreclosed, leading your creditors to seek security on your other debts. Perhaps I threaten to continue posting stories of your sexual exploits, forcing you to pay me blackmail to save you embarrassment.

Would these cases be covered under SB 1411? Perhaps, unless of course the claims that I am making as you turn out to be true. In the U.S., truth is a defense to defamation, so even if my intent is to “harm” you by revealing these facts, if they are facts then there is no action for defamation. That I say the facts pretending to be you, under SB 1411, would appear to turn a protected activity into a crime, perhaps not what the drafters intended and perhaps not something that would stand up in court. (The truth-as-defense in defamation cases rests on First Amendment principles—you can’t be prosecuted for saying the truth.)

Of course, much of the other behavior I described above is already a crime in California—in particular, various forms of intimidation, harassment and, by definition, fraud. The authors of SB 1411 believe the new law is needed to extend those crimes to cover the use of “Internet Web sites” and “other electronic means,” but there’s no reason to believe that the technology used is any bar to prosecutions under existing law. (Indeed, the use of electronic communications to commit the acts would extend the possible criminal laws that apply, since electronic communications are generally considered interstate commerce and thus subject to federal as well as state laws.)

For the most part, then, SB 1411 covers very little new behavior, and little of the behavior its drafters thought needed to be criminalized. For an impersonation to be damaging would, in most cases, mean that it was also not credible. Pretending to be me and telling the truth could be harmful, but probably a form of protected speech. Pretending to be me in order to defraud a third party is already a crime-that is the crime of identity theft.

Which is not to say, pun intended, that the proposed law is harmless. For in addition to categories of behavior already covered by existing law, SB 1411 makes it a crime to impersonate someone with the purpose of “harming” “another person.” There is, not surprisingly, no definition given for what it means to have the purpose of “harming,” nor is it clear if “another person” refers only to the person whose identity has been usurped, or includes some third party (perhaps a family member or friend of that person, perhaps their employer.)

Having a purpose of “harming” “another person” is incredibly vague, and can cover a wide range of behaviors that wouldn’t, in offline contexts, be subject to criminal prosecution. The only difference would be that the intended harm here would be operationalized through online channels, and would take the form of a credible impersonation of some actual person.

Why those differences ought to result in a year in jail doesn’t make much sense. Consequently, an attempt to use the law to prosecute “harmful” behavior would be met with a strong constitutional objection.

That’s my read of the bill, in any case. Since I posed this as an exam question, I’m offering extra credit for anyone who can come up with examples—there are none given by the California State Senate—of situations where the law would actually apply and that would not already be illegal and which would not be subject to plausible Constitutional challenges.

Copyright 2010 Center for Internet and Society, Stanford Law School