We reported this past May in our Socially Aware blog about efforts of law enforcement authorities in the United Kingdom to adapt existing laws to police potential offenses committed via social media.  The UK government has just announced proposals that will make it easier to identify people who abuse social media.

The UK government’s somewhat surprising announcement came just after a recent case that highlighted the problem that some law enforcement authorities seem to be having in deciding when to get involved.  That case also illustrated that the social media industry could be quicker to self-police, were it not for the fear of legal action.  In part, the UK government’s move is a reaction to the need—from both the police and the social media industry—for a better legal framework in which to take action against social media abusers.

In the recent case, a woman who had been targeted by trolls with a campaign of online abuse won a UK High Court order requiring Facebook to reveal the names, emails and IP addresses of the individuals behind the abusive messages.  Interestingly, the court action began only after the woman’s local police force refused to take action and was undertaken with the apparent full support of Facebook.

The campaign of harassment against Nicola Brookes began when she posted a comment on Facebook in support of a contestant on the UK talent show “The X Factor”.  Immediately after Ms. Brookes had made the posting, she was subject to a campaign of harassment by anonymous Internet trolls who targeted her Facebook account, set up a fake Facebook profile in her name using her picture, and posted explicit comments that, among other things, branded her a pedophile.

Ms. Brookes quickly became frustrated by the lack of action from the Sussex Police and decided to take matters into her own hands by initiating a criminal suit against the anonymous trolls via private prosecution.  In order to do so, however, she needed to know who the perpetrators were.  To get that information, she applied to the High Court for a procedural order under UK law known as a Norwich Pharmacal Order—which the court quickly granted. 

A Norwich Pharmacal Order requires the person to whom it is directed (in this case, Facebook) to disclose particular documents or data.  Usually, Norwich Pharmacal Orders are targeted at individuals or companies who are somehow involved in wrongdoing, whether innocently or not, but are unlikely to be a party to a potential proceeding.  These types of orders are often used to identify the correct defendant in an action or to obtain information to bring a suitable claim.

Facebook is supportive of Ms. Brookes’ court order application.  Facebook reportedly shares information such as IP addresses and basic subscriber information when there is legal justification and an obligation to do so; however, given that it receives similar requests frequently, its policy is that all demands for information must be backed up by a court order.

Facebook will be required to release the information as soon as all of the procedural requirements (which include serving the court order on Facebook at its U.S. headquarters) have been complied with.  In a recent statement, the company noted:  “There is no place for harassment on Facebook, but unfortunately a small minority of malicious individuals exist online, just as they do offline.  We respect our legal obligations and work with law enforcement to ensure that such people are brought to justice.”

In a separate case, on June 11, 2012, a British court handed down a suspended jail sentence to an Internet troll who posted abusive tweets threatening a British member of parliament.

The cases of Ms. Brookes and Ms. Mensch are merely the latest in a series of UK cases involving lawsuits arising as a result of social media use. 

The UK government, as keen as any set of politicians to latch on to a populist bandwagon, reacted to this recent spate of cases.  As luck would have it, a draft Defamation Bill is already making its way through the UK legislative system—and rapidly. The government has announced an amendment that will require websites to identify people who have posted defamatory messages online and will give victims of Internet trolls a right to know who is behind malicious messages, without the need for costly legal battles.  The new laws will apparently offer a defense to defamation claims to any online provider that identifies the author of defamatory material when requested to do so.

It is far from clear, however, how the proposed legislation will work.  In theory, the power to compel disclosure will be balanced by measures to prevent false claims, but operators of websites and other social media platforms will also be concerned with not being placed in the position of having to make subjective judgments as to what meets the takedown or disclosure criteria.  There are further concerns that the legislation will find it hard to distinguish between abusers and genuine whistleblowers; and some futher doubt exists as to how the laws will apply to non-UK operated websites and online platforms.

Late last year, Superior Court Judge David Ironson in Morristown, New Jersey, declined to dismiss an indictment of identity theft against Dana Thornton, who allegedly created a false Facebook page that portrayed her ex-boyfriend, narcotics detective Michael Lasalandra, in a highly unfavorable light.  According to the prosecution, Thornton used the page to impersonate her ex-boyfriend, publishing posts through which the false “Lasalandra” admitted to using drugs, hiring prostitutes and contracting a sexually transmitted disease. 

Thornton’s defense attorney Richard Roberts did not deny that Thornton created the bogus Facebook page, but argued that the indictment against Thornton failed to “quantify or qualify” the injuries Lasalandra suffered because of the impersonation.  Roberts also argued that New Jersey’s impersonation and identity theft statute does not include “electronic communications” as a means of unlawful impersonation and that Thornton’s actions thus did not fall within the scope of activity that the statute proscribes.

Judge Ironson disagreed, holding that Thornton’s postings, by their nature, could harm Lasalandra’s “professional reputation” as a police officer.  He further held that New Jersey’s law is “clear and unambiguous” in forbidding impersonation activities that cause injury, and does not need to specify the means by which the injury occurs.  New Jersey’s impersonation and identity theft statute provides that a person is guilty if he or she “[i]mpersonates another or assumes a false identity and does an act in such assumed character or false identity for the purpose of obtaining a benefit for himself or another or to injure or defraud another.”  Judge Ironson construed this law broadly to include Thornton’s actions.  

As social media ambles from infancy into toddlerhood, the avenues for abuse available to users continue to increase.  Establishing a false Facebook page for the purpose of defaming another is part of a growing form of destructive impersonation through electronic means, sometimes referred to as “e-personation.”  E-personation requires far less information than many other forms of identity theft require.  In order to create a false Facebook page, a would-be e-personator does not need any of the victim’s personally identifiable information other than his or her name.  The power of the Internet to disseminate information, and the popularity of Facebook and other social media sites, make e-personation particularly harmful by enabling perpetrators to spread injurious statements much more quickly and effectively than would be possible using conventional, non-electronic means.

To combat this phenomenon, some states have begun to enact legislation that explicitly criminalizes e-personation.  New York’s criminal impersonation statute makes it illegal to impersonate somebody “by communication by internet website or electronic means.”  In January 2011, California added an entire e-personation statute to its penal code, which includes opening a “profile on a social networking Internet Web site in another person’s name” in the definition of “e-personation.”  The Texas penal code includes a narrower “online harassment” statute that is limited to barring impersonation on “commercial social networking sites.”  And most recently, Washington state enacted an e-personation statute.

New Jersey does not currently include any express e-personation provisions in its penal code, but an amendment that would specifically criminalize e-personation has passed the state Assembly and is currently being considered by the state Senate.  In Thornton’s hearing before Judge Ironson, Roberts attempted to use this fact to argue that Thornton’s alleged e-personation was outside of the scope of the current New Jersey statute.  Judge Ironson, however, agreed with prosecutor Robert Schwartz that the proposed amendment is only a clarification of the current law, under which e-personation already constitutes a form of injury-inducing impersonation.  As Schwartz stated, “In no way [is the current law] saying that electronic communication has been excluded.  No way did the Legislature ever intend for Ms. Thornton to get away with this kind of conduct.” 

As noted, a small handful of states currently have e-personation statutes, but Judge Ironson’s ruling in New Jersey demonstrates that even traditional identity theft and impersonation statutes can be applied by courts to prohibit e-personation.  This raises the issue of whether e-personation is an issue best dealt with through new legislation or under existing identity theft and impersonation laws, a question that has divided the Internet legal community.  Some legal scholars oppose express e-personation statutes, noting that laws attempting to respond to rapidly changing technology often become outdated quickly, may result in narrowing the scope of sufficient laws already in place, and can raise First Amendment issues.  Others call for e-personation statutes in all states in order to increase protection for victims of acts similar toThornton’s. 

In the coming months, there will likely be further developments in Thornton’s case.  Although Thornton and the prosecution did make some attempts at a plea bargain, the prosecution has now stated that it intends to take the case to trial, and will prosecute Thornton for fourth-degree identity theft, which carries a maximum sentence of 18 months in prison.  Last December, Roberts filed a motion to be removed as Thornton’s lawyer, so the trial has been delayed.  In any event, as Thornton’s case plays out, it will be interesting to see how different states react to its outcome in their approaches to e-personation, an ever-growing and evolving negative side effect of the social media revolution.