There has been a lot of talk in the news and in the blogosphere on the Megan Meier case in the last couple of days since the indictment [available here or].

To show a bit of the discussion: [], [], [], [].

The case is a sad/disturbing one but involves some very interesting legal issues. Many areas of the law are incorporated including Internet law, contract, tort, criminal, and even some reasonably significant constitutional issues. Some of the issues overlap in interesting ways.

In this initial post, I would like to limit my discussion to the area of cybercrime and personal safety on the Internet for a number of reasons. First, I have not had the time to really read up on the issues such as the autonomy on the Internet, etc. It is not that I don’t find these areas extremely interesting, but I am currently studying for exams and don’t have the time. I’ll stick to something I am more familiar with. That said, in the near future, I’d like to get a discussion going on the other issues. If you can’t wait for me, have a read about the issues from the links above. Some of it is very good. Finally, I have an Internet Law and Regulation Exam on Tuesday and one of the topics which will come up will be cybercrime and personal safety on the Internet in the US, Ireland, and the UK. The post may reflect my dual purpose of studying for that exam and discussing a very interesting case.

The facts of the case

A 49-year-old woman, Lori Drew, is alleged to have helped create a false-identity on a MySpace account to contact Megan Meier. Megan Meier was a 13-year-old girl who thought she was chatting with a 16-year-old boy named Josh Evans. Josh Evans was the false MySpace account holder. The Josh Evans account and Megan Meier engaged in flirtatious conversation for some period. The two had a falling out. Then after receiving cruel messages from the Josh Evans account, including one that stated the world would be better off without her, Megan Meier hung herself in October 2006.

Legal issues

“The indictment is not charging Drew with harassment. Nor are they charging her with homicide. Rather, the government’s theory in this case is that Drew criminally trespassed onto MySpace’s server by using MySpace in a way that violated MySpace’s Terms of Service (TOS). Here’s the idea. The TOS required Drew to provide accurate registration information, not to harass or harm other people, and not to promote conduct that was abusive. She didn’t comply with these terms, the theory goes, so she was criminally trespassing onto MySpace’s computer when she was logging into her account. The indictment turns this into a federal felony conspiracy charge by arguing that she did this in concert with others to obtain information and to further tortious conduct — intentional infliction of emotional distress — violating the felony provisions of 18 U.S.C. 1030(a)(2).” [Kerr at Volokh, see above link.]

Personal Safety on the Internet

The case falls under a category of cyberbullying. Harassment can happen quite easily on the Internet. It also might be less noticed by those not directly involved because of the nature of Internet use. The Internet has been quite an effective means of bullying.[1] So what are the legal remedies within the US, the UK, and Ireland for cyberbullying?

Within the US, there is no federal law on cyberbullying. Here are the options that have potential for this case on the criminal law side: Harassment, I believe, could have been charged under state law. There are also two US suicide-related crimes: causing someone to commit suicide and assisting someone with committing suicide. This would probably not have worked though, see reasoning. On the tort side: intentional infliction of emotional distress seems the likely candidate. Indeed, that is what the indictment used to go via 18 U.S.C. §1030. Under §1030, something “to further tortious conduct” is needed. The family would most likely have a tort claim, as has been stated by others (somewhere) in the blogosphere. §1030 is an odd way to go about the prosecution, see below.

Within the UK and Ireland, harassment is a criminal activity.[2] While the legislation is not Internet specific, there is no reason why it could not be applied as such. The harassment legislation could prove to be quite powerful if used to its full extent. On indictment and conviction, unlimited fines and 7 years imprisonment could be imposed under the Irish legislation. Intentional infliction of emotional distress would again seem to be the likely civil law remedy.

The weird way they are prosecuting the case

It appears as though the prosecutors are prosecuting in an interesting way. The prosecutorial reading of §1030 does not seem to the intended purpose of the statute. The case, if prosecuted similarly in the UK and Ireland, would seem equally as odd. The relevant statues in those countries would be the §5 of the Criminal Damage Act 1991 (IR) and the §1 of the Computer Misuse Act 1990 (UK). Basically, unauthorized access to data – the content of all these statutes – seems to intend to cover hacking and related crimes. It seems as though the prosecution is using §1030 to get it under criminal because the case is – quite obviously – one that is morally deplorable. But the way to go about it would be to bring the cause under some type of harassment / cyberbullying law. Here the UK and Ireland have the statute and would be able to successfully prosecute. The US federal law lacks this. However, I am still unsure why the authorities did not proceed under the state law. There is a reason – and it’s out there. I read it; I just forgot what it said. If you find it, comment. Ultimately I this way of prosecuting it will probably prove unsuccessful because making the contractual violation into a criminal offense is an extension that seems unwise. I generally agree with Kerr at

Much more to talk on this case, but hopefully there will be more to come from me and others.

– Timothy DeHaut

[1] see Hedley, The Law of Electronic Commerce and the Internet in the UK and Ireland, Cavendish, 2006 pg 151; see also ‘Modern bullies are seeking victims through cyberspace’, Times, 25 September 2004.

[2] Protection from Harassment Act 1997 (UK); Non-Fatal Offences against the Person Act 1997 (IR); see also Hedley, pg 152.