“E-personation” is a growing trend. It occurs when thieves, scam artists, or people who want revenge use the Internet to pretend to be someone else—either by creating a fake Facebook or web profile, or by communicating via email with third parties while pretending to be someone else.
In some cases, the object is to defraud, perhaps in order to gain confidential information. For instance, a thief might pretend to be someone’s distressed parent or friend who has been robbed on vacation, in order to convince his target to wire him money.
In other cases, the objective is to bully. One landmark 2006 e-personation case involved cyber-bullying. A 47-year old Missouri parent, Lori Drew, created a fake MySpace page for a fictional 16-year-old boy she created and named “Josh Evans.” Drew used the fake character of “Josh” to taunt her 13-year old neighbor, Megan Meier, an acquaintance of her daughter. The case made national news when Meier committed suicide after the imaginary Josh, who had earlier professed his love of Meier, seemingly turned against her, saying, “The world would be a better place without you.”
Drew was indicted under a federal computer fraud statute, with charges of accessing computers without authorization to inflict emotional harm, and misdemeanor charges of accessing computers without authorization. She was convicted only on the misdemeanor charges. The controversial prosecution was criticized for invoking a computer hacking statute to deal with e-personation.
In other instances, a person might create a fake online profile of the targeted person in order to damage his or her reputation. Jilted boyfriends or girlfriends, for example, might create profiles of their exes on dating or social networking sites and then, pretending to be the ex, post remarks or photos that portray the ex in a bad light.
For example, just this month, a Morris County, New Jersey judge ruled that a case would proceed to trial, based on 41-year-old Dana Thornton’s alleged creation of a fake Facebook profile about her ex-boyfriend, a police detective. The profile says that the ex-boyfriend gets high and has herpes, and included postings, supposedly from the detective but really from Thornton, such as “I hire prostitutes and escorts to satisfy my fetishes,” and “I’m a sick piece of scum with a gun.”
Thornton was arrested, and her case is being closely watched because she has been charged with identity theft. She faces up to 18 months in prison if she is found guilty.
Her attorney attempted to get the charges dismissed because the relevant law—an identity theft/impersonation statute—does not make specific reference to the Internet or the use of electronic communications. Rather, it broadly bars impersonation that causes “any injury or harm to another,” whether or not the victim was defrauded of money. However, the presiding judge held that the case could proceed.
In this column, I will assess the New Jersey case and explain why I think the court took the right approach in interpreting the statute. (However, whether this case should proceed in criminal court, rather than as a civil case, is a different issue). I will contrast the New Jersey court’s approach with that of California—where the legislature has enacted a new statute focused exclusively on online e-personation. I will argue that the California statute is unhelpful and that existing laws are likely to be sufficient to deal with cases of e-personation that is fraudulent, defamatory, or otherwise harmful to the victim.
Why the Court Ruled Against Thornton on Her Motion to Dismiss the Indictment
Thornton’s attorney, Richard Roberts—in a motion to dismiss the indictment—argued that “[I]n New Jersey, no courts have ever ruled that creating a profile of anyone online, without the individual’s consent, constitutes false impersonation. Under the New Jersey statute, there is no plain wording, commentary, memorandum, or any evidence of legislative intent to show that impersonating someone online or by electronic means is a crime.”
The judge, however, held that the state had presented sufficient evidence to the grand jury to support all the elements of the crime of impersonation, as set out by the statute, because Thornton allegedly assumed the character of another, and acted to injure her ex-boyfriend’s professional reputation and career as a police officer. The judge’s commonsense approach seems wise: The means of impersonation is surely not the key to applying the statute.
Calling the comments that Thornton allegedly posted about the detective “horrendous,” the judge noted that while the current law does not specifically address electronic communications, it clearly applies to a broad spectrum of impersonation techniques.
Reportedly, the New Jersey legislature now intends to amend its identify theft statute to further clarify that it does, indeed, apply to electronic communications.
California’s E-personation Statute
Other states have taken a different approach to e-personation. In January 2011, for example, California passed a new law, Senate Bill 1411, which states:
Any person who knowingly and without consent credibly impersonates another actual person through or on an Internet Web site or by other electronic means for purposes of harming, intimidating, threatening, or defrauding another person is guilty of a public offense punishable . . . by a fine not exceeding one thousand dollars ($1,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment.
In addition, victims may seek civil remedies in the form of compensatory damages and injunctive or equitable relief.
In a press release entitled “Malicious E-Personation Protection Effective January 1,” SB 1411’s author, State Senator Joe Simitian, said, “E-personation is the dark side of the social networking revolution. Facebook or MySpace pages, e-mails, texting and comments on Web forums have been used to humiliate or torment people and even put them in danger. Victims have needed a law they can turn to.”
Senator Simitian then went on to provide examples of what he views as harmful e-personation, such as these:
A teacher was impersonated by someone on Facebook whose posts made it seem as though the teacher was mocking a disabled student.
Jan Hoffman’s December 2010 New York Times article, “As Bullies Go Digital, Parents Play Catch-Up” highlighted a mother’s distress when she noticed her son’s emotional withdrawal and learned he was being ostracized at school because “someone had forged his identity” and created a fake Facebook page where other children were being bullied in his name.
In October, in one of the first prosecutions under the California law, Jesus Felix, a 22-year-old Los Angeles man, admitted to creating 130 Facebook pages and numerous Craigslist listings with sexually explicit photographs of his former girlfriend. Felix pled guilty to two counts of “e-personation” and one count of making harassing phone calls, and was sentenced to five years of probation and 30 days of community service.
Notably, too, In September, a California appellate court upheld a teen’s felony conviction for accessing a teen girl’s account, altering her profile and posting obscene messages and comments on her page and on the pages of others, while masquerading as his victim. The boy was one of several recipients of an unsolicited text message providing the password to the victim’s email account. The boy was found guilty in juvenile court, sentenced to a juvenile academy for between 90 days and one year, and placed on probation.
The statute under which the perpetrator was convicted—a regular identify theft statute—prohibits “willfully obtain[ing] personal identifying information and us[ing] that information for any unlawful purpose.” The teen defendant claimed that the legislature had intended the “unlawful purpose” language to refer to crimes, not civil torts. But the court disagreed, noting that additional language had been added to the identity theft statute, which had previously been limited to attempts to obtain “credit, goods, or services,” showing an intent to extend the law’s reach beyond identity theft for purely financial gain.
The court also found that the defendant had willfully obtained his classmate’s password even though he claimed that he received it through an unsolicited text message. The court noted that the boy “willfully obtained the victim’s password when he chose to remember the password from the text message, and later affirmatively used the password to gain access to the victim’s electronic accounts.”
Do We Need E-Personation Statutes?
At present, only three states—California, New York and Texas— have specific e-personation statutes. Texas’s is the narrowest; it only applies to e-personation via social networking sites.
Let’s hope that the trend of passing such statutes does not continue. When legislators start to try and create new laws in response to changing technological phenomena, there is always a risk that the law will be outdated quickly, will not properly capture all intended acts, and will cover acts that are already illegal or that already give rise to civil claims under common law or other statutes.
In addition, many are concerned that specific e-personation laws may conflict with First Amendment free speech protections. In some instances, when a website impersonates a person, or company, the impersonation may count as a means of satire or parody, both of which are protected by the First Amendment. If a Saturday Night Live comedian’s impersonation of a politician is constitutionally protected, so too should some forms of online impersonation be.
The Electronic Frontier Foundation, which has made this very point, notes that groups like the Yes Men—a collective of artists that uses online parody to raise awareness of various issues involving corporate behavior—are engaged in First Amendment activities. Yet there is some risk that corporations or politicians might use an e-personation statute to try to stifle legitimate criticism and parody by the Yes Men or similar groups. In response, proponents of SB 1411 contend that the law will not undermine online activism, and that existing First Amendment free speech protections will continue to protect parody, satire, and political speech online.
SB1411 requires that the impersonator knowingly commit the crime, and do so without the consent of the person he or she is imitating. It also requires that the impersonation be credible.
Would the California law apply to the Lori Drew/Megan Meier case, where Drew created a fake profile of a teen boy and encouraged Meier to commit suicide? At present, the California statute would not seem to cover impersonation of a fake character since the activity does not involve an “actual” person.
Other critics have noted that SB 1411 may also not reach those who use Facebook or Craigslist to get back at or hurt their exes, or others with whom they are angry, by placing ads promising sex to anyone who stops by, and then giving out the address of the person with whom they are trying to get even. These ads may not be treated as “credible” impersonations of the victim; they are meant to offend the victim, but may not convince a reasonable third person that the victim is truly making such an offer.
There is another interesting question here, as well: How would California’s law apply to cases where the e-personation involves someone who is speaking the truth about the person who is being e-personated? For instance, if Thornton’s case had occurred in California and her police officer ex-boyfriend had, in fact, used prostitutes, would SB 1411 apply? For First Amendment reasons, truth is a complete defense to a defamation claim; is it also a defense under SB 1411?
Existing Laws Already Provide a Basis for Prosecution or Civil Lawsuits
Much of the behavior that California’s statute intends to reach, is already covered by other statues. Existing criminal and civil laws cover various forms of harassment and fraud. The authors of SB 1411 believe the new law is necessary to reach such crimes when they involve the Internet and “other electronic means,” but there is no reason to believe that existing law would not apply simply because the Internet is the means by which the communications at issue are transmitted.
Impersonating someone and telling the truth could be harmful, but it is probably a form of constitutionally-protected speech. Impersonating someone in order to defraud a third party is already a crime: identity theft or criminal fraud statutes likely encompass harmful online impersonation. And these principles do not change simply because the Internet is involved.
Let’s hope that more states follow New Jersey’s lead and simply clarify existing laws and apply them in a commonsense way. If someone engages in e-personation in order to steal and commit fraud, then we should look to existing fraud and identify theft statutes. And, as for other types of harmful e-personation, those same statutes may suffice, as will statutes and common law claims focused on defamation, false light invasion of privacy, and wrongful impersonation.
Finally, defendants such as Thornton may find themselves prohibited from using networking sites such as Facebook. Thornton’s action violates Facebook’s terms of service, which prohibit opening an account on someone else’s behalf. Such solutions may be effective, and do not require the intervention of the courts.