MEMORANDUM OF LAW IN SUPPORTOF CEASE AND DESIST PETITION

There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live—did live, from habit that became instinct—in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.

– George Orwell, 1984 3 (Signet Classic ed. 1981)

INTRODUCTION

Recently, this Court revised its Rules of Supervision/Probation to include Rule 14, which

states the following:

I will provide my Deputy Juvenile Officer all of my user IDs and passwords to my e-mail and any social networking sites that I use (i.e. Facebook, MySpace, Bebo, YouTube, etc.). I will not establish alternate social media sites under other names. I will not post on the Internet or send/text on a cell phone, by e-mail or any other electronic device any pictures, videos or content involving weapons/ammunition, gang signs, drugs, violent acts, alcohol, nudity or sexual activity.

St. Louis Cnty. Fam. Ct. R. Supervision/Probation 14 [hereinafter Rule 14] (emphasis added).

Although this appears to be an issue of first impression – likely due to the novel and emerging

landscape of social networking sites – this Court should harbor grave concerns about imposing

such a rule. As an initial matter, the language of Rule 14 is overly vague such that “men of

common intelligence” are left to guess at its meaning, and law enforcement is given broad

discretion to ensnare innocently-intended conduct. However, even if written in a more definite

fashion, Rule 14 encroaches on the privacy rights of the juvenile, and even more egregiously, on

the rights of the juvenile’s unsuspecting social networking site “friends” and the social

1

networking site itself. Furthermore, Rule 14 disregards the prohibitions set by Facebook1 in its

terms of use – which bind both the juvenile and the Deputy Juvenile Officer (DJO) when they

log in to the site. By accessing Facebook’s computer network in an unauthorized manner in

violation of Facebook’s terms, and thereby gaining information from Facebook’s network, the

DJO and this Court are also likely running afoul of federal and Missouri computer fraud statutes

and making the juvenile an accomplice. Finally, setting aside Facebook’s terms and any

computer fraud violations, this Court must follow proper judicial procedure for gaining access to

Facebook’s network and hundreds, if not thousands, of third-party profiles, which cannot be

achieved through the consent of a single juvenile member.

ARGUMENT

I. RULE 14 IS OVERLY VAGUE – IT FAILS TO SUFFICIENTLY DEFINE “ANY SOCIAL NETWORKING SITES” OR THE BROAD SCOPE OF THE VIOLATIVE CONDUCT – SUCH THAT MEN OF COMMON INTELLIGENCE ARE LEFT TO GUESS AT ITS MEANING, AND THIS COURT AND THE DJO ARE GIVEN TOTAL DISCRETION TO ENSNARE INNOCENTLY-INTENDED CONDUCT.

Just over 80 years ago, Justice Holmes famously articulated the necessity of clarity in

criminal “rule[s] of conduct,” stating, “[I]t is reasonable that a fair warning should be given to

1 For the purposes of clarity and brevity, and because it is arguably the most robust social networking platform, we will address Facebook specifically in the main text of the remainder of this Memorandum. However, MySpace, YouTube, Bebo, and other such sites share many common features. As such, we will include language from MySpace – and to a lesser extent, YouTube and Bebo – where particularly relevant.

This Memorandum does not attempt to scratch the surface of the problems inherent in disclosing login information to mega-site Google.com, which would grant this Court and the DJO unfettered and indiscriminant access to a juvenile’s Gmail, YouTube, Google+, Google Calendars, Google Docs, Picasa, G Chat, Google Checkout, Google Talk, Google Voice, Blogger, and more, see Products, Google, http://www.google.com/intl/en/about/products/index.html, not to mention private and/or confidential e-mails from the juvenile’s attorneys, banks, physicians, cell phone providers, credit cards, and/or government, and volumes of data accumulated prior to the offense leading to probation.

2

the world in language that the common world will understand, of what the law intends to do if a

certain line is passed. To make the warning fair, so far as possible the line should be clear.”

McBoyle v. United States, 283 U.S. 25, 27 (1931). The Supreme Court has since articulated three

variations of this “fair warning” requirement, one of which is the “vagueness doctrine,” which

“bars enforcement of a statute which either forbids or requires the doing of an act in terms so

vague that men of common intelligence must necessarily guess at its meaning and differ as to its

application.” United States v. Lanier, 520 U.S. 259, 266 (1997). Furthermore, the vagueness

doctrine provides “guidance, through explicit standards,” to law enforcement, thereby “avoiding

possible arbitrary and discriminatory application.” See State v. Young, 695 S.W.2d 882, 884 (Mo.

1985) (en banc) (citations to U.S. and Mo. Supreme Court cases omitted).

Viewed through the lens of fair notice and the vagueness doctrine, Rule 14 proves

problematic. First, Rule 14 does not define “social networking sites” – other than to list four

sites, followed by the open-ended “etc.” – yet it requires that a juvenile provide the DJO with all

user IDs and passwords to any social networking sites.2 A quick Google search for a "list of

social networking sites" demonstrates why this inexplicit definition leads to vagueness and

potential for sweeping enforcement. The first result is a link to Wikipedia with a list of

approximately 200 such sites. See List of Social Networking Websites, Wikipedia,

http://en.wikipedia.org/wiki/List_of_social_networking_websites.3 That page also links to a “list

of online dating sites” and a separate list of “defunct social networking sites.” See id. Absent

from the list are sites like Amazon.com (a shopping site that also allows shoppers to post

reviews), NYTimes.com (where members can post comments), CNN.com (where members can

2 In fact, Rule 14 does not even use consistent language, requiring juveniles to provide login information to their “social networking sites” but prohibiting the establishment of “social media sites” under an alternate name. See Rule 14 (emphasis added).3 We have removed the “(last visited Oct. ##, 2011)” parenthetical from each website citation for the sake of brevity. However, all websites were visited between October 13 and 30, 2011.

3

post comments and “iReporters” can actually post user-generated stories and video),

SnapFish.com (HP’s photo-sharing and printing site), and Wikipedia itself (“the free

encyclopedia that anyone can edit”), among others. The question for a juvenile faced with the

terms of Rule 14 is then, “Which website memberships fall under this Court’s ‘etc.’ umbrella?”4

Men of common intelligence will vary widely, and reasonably, on which websites with

interactive components constitute “social networking” sites. In the absence of more explicit

guidance, the DJO and this Court are given unpredictable discretion to enforce Rule 14.

Similarly, Rule 14 bars sending or texting by any “electronic device any pictures, videos

or content involving weapons/ammunition, gang signs, drugs, violent acts, alcohol, nudity or

sexual activity.” Rule 14 (emphasis added). In addition to the ambiguous nature of the term

“involving,” the scope of this Rule is overbroad, again leaving the DJO and this Court with

complete discretion to find violations – essentially setting a juvenile up for failure. Looking at

several of the elements individually highlights the nature of this problem: (1) postings about the

movie Star Wars, the National Anthem, the War in Afghanistan or the Second Amendment could

involve “weapons/ammunition;” (2) scenes from Disney’s Beauty and the Beast, SpongeBob

SquarePants and The Bible involve “violent acts;” (3) popular television shows like Friends,

Modern Family and SNL involve “sexual activity” (another highly ambiguous word, particularly

given the likelihood of teenagers sending love letters via e-mail); and (4) given that Budweiser is

a major St. Louis business entity, is likely an employer of many juveniles’ parents, and has

bestowed its Anheuser-Busch namesake on Cardinal Stadium and Judge XXXXXX’s own alma

mater law school, many innocuous postings could involve alcohol. Furthermore, a single posting

of any given rap, country or rock music video, even by one of the most highly-regarded artists

4 As we read over the list of social networking sites listed by Wikipedia, we also came to realize we are not even sure exactly how many sites we have joined in the past, only to forget about our memberships.

4

could easily involve most, if not all, of the prohibited content5 – as could any host of other

common cultural references prevalent in American life.

We are not suggesting the DJO or this Court will act maliciously to manufacture

violations of Rule 14, and we think this Court would likely consider most of the references above

innocuous. However, the language of Rule 14 could encompass any of the above references,

making even the most common, innocent online content a violation. Common men of ordinary

intelligence – not to mention children – are left to guess where the line is and when it is crossed.

Unsure of what constitutes a “social networking site” and what content violates Rule 14, even the

most well-intentioned juvenile is destined for failure, and the only truly safe choice is: “Do not

use the internet.” Such a choice would have an intense chilling effect on a juvenile’s freedom of

expression and association through a medium that has become integral to the daily life us all –

especially juveniles, whose social contexts and development have been tied to the internet for

most of their lives. This overarching inhibition on a juvenile’s ability to use the internet free

from constant and undefined scrutiny will have the same social, educational, and developmental

impact as not to learning to read, writing with a feather pen, or opting for a horse and buggy

instead of a driver’s license.

II.A. RULE 14 ENCROACHES ON THE PRIVACY RIGHTS OF THE JUVENILE PROBATIONER BY GRANTING THE DJO BLANKET PERMISSION TO ACCESS ALL OF THE JUVENILE’S SOCIAL NETWORKING AND E-MAIL COMMUNICATION WITHOUT ANY SHOWING OF REASONABLE ARTICULABLE SUSPICION OF AN IMPENDING CRIME.

5 For example, on her debut album with the chart-topping single, “Jesus Take the Wheel,” American Idol winner, country music star, and Sesame Street guest vocalist Carrie Underwood released another popular single entitled, “Before He Cheats” – a song about keying an SUV and then slashing its tires/seats and smashing its headlights with a baseball bat as revenge against a cheating lover who is at a pool hall trying to “get lucky” with a “bleached-blonde tramp” (who “can’t shoot whiskey” but is nonetheless declaring, “I’m drunk!”). See Before He Cheats Lyrics, CowbowLyrics.com, http://www.cowboylyrics.com/lyrics/underwood-carrie/before-he-cheats-16593.html; Some Hearts (Carrie Underwood Album), Wikipedia, http://en.wikipedia.org/wiki/Some_Hearts_%28Carrie_Underwood_album%29.

5

Although probationers do not enjoy the same reasonable expectations of privacy

accorded to every other citizen under the Fourth Amendment, see United States. v. Knights, 534

U.S. 112, 119 (2001); see also Griffin v. Wisconsin, 483 U.S. 868 (1987), it does not follow that

this Court may circumscribe all of a juvenile probationer’s reasonable expectations of privacy in

the contents and operations of her social networking and e-mail accounts.

Even in the public school setting, where a juvenile’s Fourth Amendment rights are

circumscribed by the school’s need to create an environment conducive to learning, juveniles

enjoy both a legitimate privacy interest in their personal belongings and person, and a threshold

requirement of articulable reasonable suspicion before a search can be made. See Safford Unified

Sch. Dist. No. 1 v. Redding, 129. S. Ct. 2633 (2009); New Jersey v. T.L.O., 469 U.S. 325, 338-

341 (1985). In determining that there existed a reasonable expectation of privacy in Redding, the

Supreme Court emphasized the subjective experience of the juvenile, finding a reasonable

expectation of privacy in part because the young woman who was strip searched found it

“embarrassing, frightening, and humiliating.” Redding, 129. S. Ct. at 2636. The Supreme Court

also made sure to note how the young woman’s “adolescent vulnerability intensifies the

exposure’s patent intrusiveness.” Id.

Similar emotions relevant to a juvenile’s reasonable expectation of privacy are implicated

by the notion that a DJO will have access to the juvenile’s most private e-mails, messages, and

information – not to mention that of all of her friends. It is precisely because access to this media

can be restricted by the user that juveniles use it extensively to communicate in ways they expect

to remain private. See, e.g., Amy Vorenberg, Indecent Exposure: Do Warrantless Searches of a

Student’s Cell Phone Violate the Fourth Amendment? (September 13, 2011), available at

6

http://ssrn.com/abstract=1926923 (a fortiori making a similar argument for a warrant

requirement with respect to cell phones).

Indeed in the criminal court context the Supreme Court held that reasonable articulable

suspicion is generally necessary to conduct a search of a probationer’s house. Knights, 534 U.S.

at 112, 120-21. Thus it implied some manner of individualized reason is required regardless of

the express conditions of probation. Id. at 121 (“Although the Fourth Amendment ordinarily

requires the degree of probability embodied in the term ‘probable cause,’ a lesser degree satisfies

the Constitution when the balance of governmental and private interests makes such a standard

reasonable.” (citations omitted)). Likewise in Griffin, the Supreme Court upheld a warrantless

search of a probationer pursuant to a state-wide regulation, but this regulation contained a

requirement that there be “reasonable grounds to believe the presence of contraband.” Griffin,

483 U.S. at 871. This is in keeping with the Court’s position that “a search or seizure is

ordinarily unreasonable in the absence of individualized suspicion of wrongdoing.” City of

Indianapolis v. Edmond, 531 U.S. 32, 37 (2000) (citing Chandler v. Miller, 520 U.S. 305, 308

(1997)). Furthermore, as the Court in Knights noted, “the degree of individualized suspicion

required of a search is a determination of when there is a sufficiently high probability that

criminal conduct is occurring to make the intrusion on the individual's privacy interest

reasonable.” Id. at 121 (emphasis added) (citations omitted). However, very little of the behavior

included in Rule 14 – namely posting content this Court deems inappropriate for juveniles– is

criminal. In fact, most of the conduct easily falls under the First Amendment protections for

speech and expression, at least in a non-probationary context.

Similar cases implying an individualized suspicion requirement for searches of

probationers abound throughout the circuit courts. See, e.g., United States v. Henry, 429 F.3d

7

603, 614 (6th Cir. 2005) (holding that a warrantless search of probationer violated the Fourth

Amendment because officer lacked articulable reasonable suspicion of a violation of a term of

probation); United States v. Yuknavich, 419 F.3d 1302, 1310-11 (11th Cir. 2005) (holding

warrantless search of probationer’s computer was legitimate where there was reasonable

suspicion of a crime); United States. v. Giannetta, 909 F.2d 571, 576 & n.4 (1st Cir. 1990)

(interpreting Griffin to require reasonable suspicion for a search where the probation condition

does not, and observing in a footnote that “a question of coercion would arise as to any

contention that ‘agreement’ to a probation search condition constitutes a general consent to

search”). In fact, the Eighth Circuit construes Knights to hold that “when a probationer is subject

to a probationary search condition, the Fourth Amendment permits an officer to search pursuant

to that condition without a warrant based only upon that officer's reasonable suspicion that

the probationer is violating his probation's terms.” United States v. Brown, 346 F.3d 808, 811

(2003) (emphasis added).6

Rule 14 grants a blanket permission for DJOs to conduct searches of a juvenile’s private

spaces without the constitutional protections afforded in either the school or adult probationer

contexts. Juvenile probationers, like adult probationers and students, admittedly give up some

expectations of privacy on account of their circumstances. They do not, however, forfeit the

protections of the Fourth Amendment against suspicionless searches, as Rule 14 demands they

do.

6 By contrast, the Supreme Court has determined that suspicionless searches of parolees are constitutional under California’s statutory scheme, rejecting an individualized suspicion requirement in favor of a general “reasonableness” inquiry. Samson v. California, 547 U.S. 843, 846 (2006). However, the Court positioned its holding vis-à-vis Knights based on the fact that “parolees have fewer expectations of privacy than probationers, because parole is more akin to imprisonment than probation is to imprisonment,” id. at 850 (emphasis added) – thereby preserving the possibility that individualized suspicion may be a constitutional requirement for a search of probationers.

8

II.B. RULE 14 ENCROACHES ON THE RIGHTS AND PRIVATE LIVES OF HUNDREDS, IF NOT THOUSANDS, OF OTHER INNOCENT AND UNSUSPECTING SOCIAL NETWORKING SITE USERS – THE “FRIENDS” OF THE PROBATIONER JUVENILE – AS WELL AS THE RIGHTS OF THE ACTUAL SOCIAL NETWORKING SITES.

It is important to distinguish Rule 14 from the other Rules of Supervision/Probation. Due

to the nature of social networking sites, this Rule does not merely involve the rights of the

juvenile signing the acknowledgement with this Court – it involves the rights of all of the

juvenile’s Facebook “friends” and Facebook itself. A physical-world analogy will likely prove

helpful to illustrate the magnitude of the Rule 14 and the rights of the parties involved. It is as if

this Court ordered a juvenile to agree to let the DJO enter her psychologist’s office at any time of

day or night, without ever notifying the psychologist, to rifle through the files of hundreds of the

psychologist’s other patients – all of which contain personal photos, videos, private thoughts,

conversations, religious and political views, links to outside websites, phone numbers, e-mail

addresses, and even contemporaneous GPS locations. Further, while the DJO visits the office, he

shape-shifts into the physical form of the juvenile and may be spoken to personally by any of the

other patients in the waiting room who mistake him for the juvenile. Upon leaving, it is

impossible for the psychologist or the juvenile to know that the DJO entered the office posing as

the juvenile. All the while, the unsuspecting psychologist is assuring his patients – and his

patients’ parents – that such activity is prohibited, and that he takes extra precautions to protect

the privacy of his 13- to 17-year-old patients. Finally, the time period of the DJO’s access to the

psychologist’s office is indeterminate. Independent of any agreements between the psychologist

and the juvenile and/or the other patients, logic would dictate that the juvenile simply may not

single-handedly give such permission to the DJO.

9

To fully understand the implications, it is important to understand how Facebook works.

When new users visit Facebook.com, they have the opportunity to sign up by providing their first

names, last names, e-mail address, genders and full dates of birth. See Sign Up, Facebook,

http://www.facebook.com. Once users become members, they can then create their Facebook

“profiles” where they can post various content about themselves. For example, Facebook has an

“info” section where members can elect to provide information about their cities of residence,

friends and families, education and work histories, philosophical / religious views, favorite arts

and entertainment, sports, contact information and other activities and interests. Furthermore,

members can post “status updates” about what they are currently doing or thinking, they can

include information about their current whereabouts, upload photos or video, share links to

outside websites, and even interact with their Facebook accounts using outside applications – for

example, a member can use the Nike + iPod chip in her shoe in conjunction with her iPhone to

contemporaneously post information about her run to her Facebook account to solicit

congratulations and encouragement from friends,see Nike + GPS, iTunes,

http://itunes.apple.com/us/app/nike-gps/id387771637?mt=8.

The most essential aspect of Facebook is that members can become “friends” with other

members and interact – hence the name, social networking. In order to become friends, a

member must locate another member by way of a search and send that member a request, which

that other member must then accept. Once these two members become friends, they can then

interact. For example, they can identify each other in photos or videos without seeking

permission to do so (called “tagging”), they can announce they “like” each other’s status updates,

and they can post comments on each other’s “walls.” Friends can send each other private

messages, much like e-mail, and participate in instant message “chats.” Furthermore, when a

10

member logs in, the first thing she sees is her “News Feed” – an interactive, multi-level news

ticker of her friends’ Facebook activity. At the same time, her friends can now see that she is on

Facebook, just as she can see which of her friends are on Facebook, due to the chat feature. In

short, Facebook friends have the ability to share an immense world of personal data in real time.

However, despite the social nature of Facebook, its information is not necessarily

“public.” Members can choose from a number of privacy settings to restrict who may view their

information.7 See Control Over Your Profile, Facebook,

http://www.facebook.com/about/privacy/your-info-on-fb#controlprofile. For example, members

can generally elect to make their profile information “Public,” visible only to their friends, or

even “Customize” their audience. Members can even selectively choose different privacy

settings for different content within their profile. See id. Facebook further explains, “Whenever

you post content (like a status update, photo or check-in), you can select a specific audience, or

even customize your audience.” Control Each Time You Post, Facebook,

http://www.facebook.com/about/privacy/your-info-on-fb#controlpost. Furthermore, members

can control “whether people who enter [a member’s] name on a public search engine may see

[that member’s] public profile (including in sponsored results).” See Public Search Engines,

Facebook, http://www.facebook.com/about/privacy/your-info-on-other#public_search.

Speaking to the issue of the expectation of privacy – both of the juvenile and her friends

– Facebook institutes automatic privacy settings for minors (ages 13-17) that use its site.

Facebook assures parents:

The only people who can see what teens post are their Facebook friends, friends of friends, and networks (like the school they attend). We maintain added protections and security settings for teens (age 13-17) that ensure their profiles

7 MySpace provides a number of comparable privacy setting options. See Privacy Settings on MySpace, MySpace, http://www.myspace.com/pages/privacysettings.

11

and posts don’t show up in public search results. Similarly, if teens share their location through Places, only their Facebook friends can see it.

Help Your Teens Play it Safe, Facebook, http://www.facebook.com/about/privacy/your-

info-on-fb#!/safety/groups/parents; see also Sign Up, Facebook,

http://www.facebook.com (“Facebook requires all users to provide their real date of birth

to encourage authenticity and provide only age-appropriate access to content.”). Just like

adult users, these juveniles can elect to use even more restrictive privacy settings than

those already mandated by Facebook, and many of them likely do so.8

As such, by logging in as a single juvenile Facebook member, the DJO and the

State would then have inside access to hundreds of profiles, comments, photographs,

videos and contemporaneous locations of adults and minors that the State would

otherwise be unable to see. This Court would be constructively imposing Rule 14 on

hundreds of unsuspecting and innocent people – many of which will not even be residents

of St. Louis or even Missouri, and are thus well outside of this Court’s jurisdiction. Nor

are these people necessarily fellow probationers with a similarly diminished – though not

extinguished – expectation of privacy; in fact, most probably are not. While Facebook

has warned its members that the transferability of online digital content makes it difficult

for Facebook to assure total privacy, by logging in as the juvenile who has been granted

access to her friend’s profiles, the State is obliterating all of Facebook’s privacy

safeguards without notifying Facebook or its users. And because of the highly interactive

nature of Facebook – no matter what the intent of the DJO – it would be literally

8 See also Privacy Settings on Myspace, MySpace, http://www.myspace.com/pages/privacysettings (last visited Oct. 13, 2011) (“If you are under 18, you can choose to make your Profile Content available only to your friends and other users under 18.”); Bebo Privacy Policy, Bebo, http://www.bebo.com/Privacy2.jsp (“For users identifying themselves as being under the age of 18, the default setting for profiles is private.”).

12

impossible to log on as a juvenile and only view that juvenile’s content. Thus, Rule 14

grants a sweeping permission for DJOs to violate not only the reasonable expectations of

privacy of juvenile probationers, without the constitutional requirement of individualized

suspicion, but also to violate the reasonable expectations of privacy of hundreds of non-

probationers as well.

III.A. RULE 14 IGNORES FACEBOOK’S TERMS,9 WHICH PROHIBIT SITE USERS FROM SHARING LOGIN INFORMATION, TRANSFERRING AN ACCOUNT TO A THIRD PARTY, ALLOWING A THIRD PARTY TO ACCESS A USER’S ACCOUNT, OR ACCESSING AN ACCOUNT BELONGING TO SOMEONE ELSE.

In its Statement of Rights and Responsibilities (“Terms”) – which can be accessed via a

link appearing at the bottom of every Facebook page – Facebook states, “This Statement of

Rights and Responsibilities . . . governs our relationship with users and others who interact with

Facebook. By using or accessing Facebook, you agree to this Statement.” Statement of Rights

and Responsibilities, Facebook, http://www.facebook.com/terms.php?ref=pf. For clarification,

Facebook further defines an “active registered user” as “a user who has logged into Facebook at

least once in the previous 30 days.” Id. § 17.8.10

Facebook goes to great lengths to prohibit access to its site via accounts other than a

user’s own authentic account. It states the following:

9 Rule 14 requires that a juvenile provide her login information to any social networking site to which she is a member. This Court could not possibly have read or considered the terms of service of all social networking sites before putting this Rule to use, leaving juveniles open to liability this Court has not even considered.10 MySpace adopts similar – if not stronger – user language:

By accessing and/or using the Myspace Services, you agree to be bound by this Agreement, whether you are a "Visitor" (which means that you simply browse the Myspace Services, including, without limitation, through a mobile or other wireless device, or otherwise use the Myspace Services without being registered) or you are a "Member" (which means that you have registered with Myspace). The term "User" refers to a Visitor or a Member. You are authorized to use the Myspace Services (regardless of whether your access or use is intended) only if you agree to abide by all applicable laws, rules and regulations (“Applicable Law”) and the terms of this Agreement.

MySpace.com Terms of Use Agreement, MySpace, http://www.myspace.com/Help/Terms.

13

Facebook users provide their real names and information, and we need your help to keep it that way. Here are some commitments you make to us relating to registering and maintaining the security of your account: You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission. . . . You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account. You will not transfer your account (including any page or application you administer) to anyone without first getting our written permission.

Id. § 4, 4.1, 4.8-.9. Conversely, Facebook states, “You will not solicit login information or access

an account belonging to someone else.” Id. § 3.5. Facebook further states, “If you collect

information from users, you will: obtain their consent, make it clear you (and not Facebook) are

the one collecting their information, and post a privacy policy explaining what information you

collect and how you will use it.” Id. § 5.7. The site then concludes by warning users, “If you

violate the letter or spirit of this Statement, or otherwise create risk or possible legal exposure for

us, we can stop providing all or part of Facebook to you.” Id. § 14 (emphasis added).11

Facebook has gone to equally great lengths in multiple locations on its site to be clear that

while user safety, security and privacy are of the utmost importance, it provides avenues for

proper disclosure of user information for law enforcement purposes. On its Facebook and Law

Enforcement page, Facebook acknowledges its willingness to work with law enforcement. See

11 MySpace also explicitly prohibits a user from allowing a third-person to log on to that user’s account, and conversely, a third-person from accessing a user’s account. MySpace.com Terms of Use Agreement, MySpace, § 4, http://www.myspace.com/Help/Terms (“You are entirely responsible for maintaining the confidentiality of your password. You agree not to use the account, username, email address or password of another Member at any time or to disclose your password to any third party. You agree to notify Myspace immediately if you suspect any unauthorized use of your account or access to your password.”). Myspace further explicitly states that it may terminate the accounts of – and pursue legal action against – users who engage in any of the following prohibited activities:

modifying, copying, distributing, downloading, scraping or transmitting in any form or by any means . . . any Content from the Myspace Services other than your Content which you legally post on, through or in connection with the Myspace Services; . . . impersonating or attempting to impersonate . . . another Member, or person or entity[;] . . . using the account, username, or password of another Member at any time or disclosing your password to any third party or permitting any third party to access your account; . . . or otherwise transferring your profile, your email address or URL. . . .

Id. § 8, 8.22, .27, .29, .30.

14

Facebook and Law Enforcement, Facebook, http://www.facebook.com/safety/groups/law (“We

work with law enforcement where appropriate and to the extent required by law. . . .”).

However, the site also recognizes that in order for it to disclose user information, law

enforcement must follow proper legal channels:

We respect and enforce applicable laws, and the limits they place on access to Facebook data. . . . Federal law prohibits Facebook from disclosing the contents of an account (such as messages, Wall posts, photos, etc.) except in response to a civil subpoena or court order. There are ways that we can provide a limited amount of information to help law enforcement officials do their jobs.

Id. (citing Stored Communications Act, 18 U.S.C. § 2701 et seq.). Furthermore, Facebook

provides a form through its Help Center, specifically for legal officials to contact Facebook. See

How Do I Tell Law Enforcement to Get in Touch with Facebook?, Facebook,

http://www.facebook.com/help/?faq=175909845799306#How-do-I-tell-law-enforcement-to-get-

in-touch-with-Facebook? (“Please ask law enforcement agents and legal professionals

investigating a civil or criminal matter to contact Facebook through this form.”); Law

Enforcement and Third-Party Matters, Facebook, http://www.facebook.com/help/?

page=211462112226850; Legal Inquiries, Facebook,

http://www.facebook.com/help/contact.php?show_form=legal_inquiries (“[T]his form is meant

for usage by officials only[:] . . . law enforcement agent[s], or member[s] of a law office/practice

or government agency. . . .”).

As the above language indicates, Facebook clearly instructs all users of its site –

including mere visitors – that users may not access the accounts of others. Furthermore,

Facebook prohibits users of its site from “consenting” to third party access to Facebook’s site

through a user’s account. And finally, Facebook is equally clear that law enforcement is to

request access to its site via proper legal channels.

15

Without question, Facebook and other websites have the legal authority to generally bind

their users to their terms of service if certain conditions are met. Although it is “an emerging area

of the law,” courts routinely uphold such agreements and “apply traditional principles of contract

law and focus on whether the plaintiff had reasonable notice and manifested assent to the online

agreement.” Major v. McCallister, 302 S.W.3d 227, 229 (Mo. Ct. App. 2009) (quoting Burcham

v. Expedia, Inc., 2009 WL 586513, at *2 (E.D. Mo. Mar. 6, 2009)). These agreements can

generally be broken into two groups: (1) “clickwraps,” where a user must click a box or a button,

and (2) “browsewraps,” where there is an indication “in some fashion that use of the site

constitutes acceptance of its terms of service.” Id. at 229-230 (extensive citation omitted).

“Courts usually uphold browsewraps if the user has actual or constructive knowledge of a site’s

terms and conditions prior to using the site.” Id. at 230 (citing Southwest Airlines Co. v.

BoardFirst, LLC, 2007 WL 4823761, at *5 (N.D. Tex. Sept. 12, 2007), quoted in Burcham, 2009

WL 586513, at *3 n.5 and Hines v. Overstock.com, Inc. 668 F. Supp. 2d, 362, 367 (E.D.N.Y.

Sept. 8, 2009)).

When first signing up for Facebook, the final submission button to create a member

profile is located directly above a statement that says, “By clicking Sign Up, you are indicating

that you have read and agree to the Terms of Use and Privacy Policy,” and provides a hyperlinks

to the relevant Terms pages. See Sign Up, Facebook.com, http://www.facebook.com (enter all

relevant personal information in the fields on the right side of the screen and hit the “Sign Up”

button; then see the subsequent screen for final submission). Furthermore, links to those same

Terms appear on the bottom of every single Facebook page.12 The Missouri Court of Appeals for

12 Similarly, on MySpace’s sign-up page, just above the “Sign up free” button is the hyperlinked statement, “By clicking Sign up free, you agree to Myspace terms of service and privacy policy.” Sign Up, MySpace, https://www.myspace.com/signup. Hyperlinks to those terms are also available at the bottom of every MySpace page.

16

the Southern District bound a Springfield, Missouri resident to “a forum selection clause limited

to Denver County, Colorado,” McCallister, 302 S.W.3d at 228-29 & n.2, under nearly identical

Terms location facts, id. at 230; see also Burcham, 2009 WL 586513, at *1, 4 (binding a

Missouri resident to a forum selection clause in King County, Washington under similar facts).

In McCallister, the Court of Appeals further noted that Missouri recognizes the “standard

contract doctrine” that “[w]hen one party accepts the other party’s performance, it gives validity

to an agreement even if unsigned, and imposes on the accepting party the obligations

thereunder.” McCallister, 302 S.W.3d at 231 (citing R.L. Hulett & Co. v. Barth, 884 S.W.2d 309,

310 (Mo. Ct. App. 1994)). As such, there is little doubt Facebook may bind Missouri users to its

Terms as they are presented to a typical new adult user. The question then remains whether the

Terms are binding in the case of a juvenile user or a DJO logging in as that juvenile user.

III.B. FACEBOOK’S TERMS APPLY TO JUVENILE USERS – CERTAINLY AFTER A JUVENILE COMPLIES WITH RULE 14 AND CONTINUES TO USE FACEBOOK – BECAUSE FACEBOOK MUST BE ALLOWED TO DETERMINE HOW ITS USERS ACCESS AND USE ITS VOLUNTARILY-PROVIDED SITE.

Questioning the ability of a juvenile to consent to Facebook’s Terms poses a logical

conundrum in this case because the issue is presented in the context of this Court asking the

same juveniles to sign off on to its Rules of Supervision/Probation. As Judge XXXXXX

correctly noted, when a juvenile consents to this Court’s Rules of Supervision/Probation, he or

she is does so under the care of – and with the co-signatures of – his or her parent/custodian,

DJO and Judge/Commissioner, all of whom understand and appreciate the terms. These

additional parties arguably help the juvenile understand the terms and to truly give his or her

consent.

Let us assume arguendo – without conceding – that when a juvenile joins and uses

Facebook, he or she is completely unsupervised and unable to appreciate or consent to the

17

Terms.13 However, at the time the juvenile signs this Court’s Rules of Supervision/Probation, the

Judge/Commissioner has a duty to make sure a juvenile is fully aware of the implications of the

agreement signed with this Court, see, e.g., Juv. Just. Standards Annotated: Standards Relating to

Dispositions § 1.2(D) (A.B.A. 1996) (“Juveniles should be given adequate information

concerning the obligations imposed on them by all coercive dispositions and the consequences of

failure to meet such obligations. Such information should be given in the language primarily

spoken by the juvenile.”); National Council of Juvenile and Family Court Judges, Juvenile

Delinquency Guidelines, ch. VII, § I, at 144 (2005) (“The juvenile delinquency court judge

should advise the youth, parent, legal custodian, and anyone involved in providing services in the

court’s disposition, of the consequences of failing to comply with the orders. The judge should

provide an opportunity for the youth, parent, and legal custodian to ask final clarifying

questions . . . .”), as does the juvenile’s defense attorney, see Mo. Sup. Ct. R. § 4-1.4(b), 4-1.14,

4-2.1. The Judge/Commissioner and the DJO are now aware of Facebook’s Terms. Therefore, at

the time of signing, all parties should be just as informed of Facebook’s Terms as of this Court’s

Rules of Supervision/Probation. With any future use of Facebook, the juvenile would necessarily

be bound by its Terms. The juvenile would then turn over his or her login and password to the

DJO – and allow the DJO to access Facebook – in violation of those Terms.

Moreover Congress has passed the Children’s Online Privacy Protection Act of 1998, 15

U.S.C. 6501, et. seq. The Act, and the Regulations promulgated thereunder, see 16 C.F.R. §

312.1-.12, regulate the collection of personal information of children by operators of websites or

other online services. See 15 U.S.C. § 6502(a)(1), (b). In doing so Congress defined a “child” as

“an individual under the age of 13.” Id. § 6501(1). This indicates Congress contemplated

13 This supposition rests on the bold assumption that the juvenile’s parents are not involved with the juvenile’s Facebook use. This assumption is particularly difficult given the common practice of a parent and juvenile being Facebook “friends.”

18

limiting the use of websites by children less than 13 years of age. Furthermore, Congress must

have anticipated use of websites by juveniles between the ages of 13 and 17, and yet it chose not

to include these juveniles within the statute. Cf. Hartford Underwriters Ins. Co. v. Union

Planters Bank, N.A., 530 U.S. 1 (2000) (“[H]ad Congress intended the provision to be broadly

available, it could simply have said so.”) This is undoubtedly why Facebook, MySpace,

YouTube, and Bebo all require that their users be over the age of 13.14

It is important to distinguish Facebook’s Terms prohibiting unauthorized access to its

network via shared logins and passwords from the traditional, onerous contracts this Court may

wish to discount. This is not the case of Facebook attempting to enforce an arbitration clause

binding a juvenile to arbitrate all disputes with Facebook in Denver County, Colorado. See, e.g.,

McCallister, 302 S.W.3d 227 (Mo. Ct. App. 2009) (holding – in a case involving an adult – that

such a clause was valid). Rather, this is an example of Facebook setting the parameters for how

users of its site – to which Facebook is voluntarily granting access – will use its site, and these

parameters protect other users. Facebook is exercising its right to exclude by stating very clearly,

“If you violate the letter or spirit of this Statement, or otherwise create risk or possible legal

exposure for us, we can stop providing all or part of Facebook to you.” Statement of Rights and

Responsibilities, Facebook, http://www.facebook.com/terms.php?ref=pf. Similarly, while we

may not enter a “contract” with a minor under the age of 18 in Missouri, see Mo. Rev. Stat. §

431.055, we could certainly condition a minor’s visit into our homes on an agreement that the

minor may not invite others into our houses or scream racial slurs at our dogs.

14 See Statement of Rights and Responsibilities, Facebook, http://www.facebook.com/#!/terms.php (“You will not use Facebook if you are under 13.”); MySpace Terms of Use Agreement, MySpace, http://www.myspace.com/help/terms (“By using the Myspace Services, you represent and warrant that . . . you are 13 years of age or older.”); Terms of Service, YouTube, http://www.youtube.com/t/terms (“[T]he Service is not intended for children under 13. If you are under 13 years of age, then please do not use the Service.”); Terms of Service, Bebo, http://www.bebo.com/TermsOfUse2.jsp (“You must be 13 years or older to use the Bebo Service.”).

19

Even if Facebook is unable to “contract” with its juvenile users, surely it must be

afforded some rights to set its parameters of use. To hold otherwise would invite absurd results.

If Facebook cannot prevent its users between the age of 13 and 17 from granting unauthorized

access to its site by third parties, it would follow that Facebook would also be powerless to

prevent these same juveniles from “bully[ing], intimidat[ing], or harass[ing] any user[,] . . . .

post[ing] content that is hateful, threatening, or pornographic; incites violence; or contains nudity

or graphic or gratuitous violence. . . . [or] doing anything unlawful, misleading, malicious, or

discriminatory. . . .” Cf. Statement of Rights and Responsibilities, Facebook, § 3.6, 3.7, 3.10,

http://www.facebook.com/terms.php?ref=pf. In fact, if so held, Facebook would presumably be

unable to terminate its juvenile users’ accounts unless there was a proven violation of applicable

law. And even then, it would be unable to enforce its Term that “[i]f we disable your account,

you will not create another one without our permission.” Cf. id. § 4.3.

III.C. FACEBOOK’S TERMS APPLY TO AN ADULT DJO – EVEN ASSUMING THE DJO DOES NOT ALREADY HAVE HIS OWN PERSONAL ACCOUNT – BECAUSE (1) THE TERMS APPLY TO ANYONE WHO USES OR ACCESSES FACEBOOK AND (2) BY LOGGING IN AS ANOTHER USER, THE DJO IS BOUND BY THE TERMS AS A SUBLICENSEE OF THE OTHER USER’S ACCOUNT.

Independent of whether Facebook’s Terms apply to users between the ages of 13 and 17,

a DJO accessing Facebook would be bound by the Terms. As a preliminary matter, any DJO that

has a personal Facebook account in his or her own right would unequivocally be deemed a user

of Facebook, and would thus be bound by its terms. See McCallister, 302 S.W.3d at 230 (binding

a user to terms presented in an almost identical manner).

Alternatively, assuming a DJO does not have a personal Facebook account, Facebook’s

Terms clearly indicate that logging in to Facebook – if not merely visiting without logging in –

will bind the DJO. See Statement of Rights and Responsibilities, Facebook,

20

http://www.facebook.com/terms.php?ref=pf, (“This Statement of Rights and Responsibilities . . .

governs our relationship with users and others who interact with Facebook. By using or

accessing Facebook, you agree to this Statement.” (emphasis added)). By logging in, the DJO

will also be deemed an “active registered user.” See id. § 17.8 (“a user who has logged into

Facebook at least once in the previous 30 days”). Because a link to Facebook’s Terms appears on

every Facebook page, and we have now brought these Terms to this Court’s attention, the DJO

has “actual or constructive knowledge of [Facebook’s] terms and conditions prior to using the

site.” See McCallister, 302 S.W.3d at 230; Burcham, 2009 WL 586513, at *2 (E.D. Mo. Mar. 6,

2009) (“A customer on notice of contract terms available on the internet is bound by those

terms.” (citations omitted)).

Furthermore, a DJO is not only bound by the Terms as a visitor to Facebook in his own

right, he is also bound by the Terms as applied to the member account he is accessing. To hold

otherwise would lead to an absurd result. It would allow any person, even hackers, to log in as

another user – which Facebook explicitly prohibits, see Statement of Rights and Responsibilities,

Facebook, § 3.5, http://www.facebook.com/terms.php?ref=pf – and access Facebook completely

immune to its Terms. In Motise v. America Online, Inc., 346 F. Supp. 2d 563 (S.D.N.Y. 2004),

the United States District Court for the Southern District of New York reached this same

conclusion and held that a forum selection clause in AOL’s Terms of Service was binding on a

son who logged on to AOL using his stepfather’s account because the son was deemed a

sublicensee of the stepfather’s account. Id. at 564-566. The court explained that the son could not

have greater rights than those conditionally granted to his stepfather, and that “[a]ny other

conclusion would permit individuals to avoid [AOL]’s Terms of Service simply by having third

parties create accounts and then using them as [the son] did.” The United States District Court

21

for the Eastern District of Missouri agreed in Burcham v. Expedia, Inc., 2009 WL 586513 (E.D.

Mo. Marc. 6, 2009), offering a similar hypothetical:

Even assuming somehow that [plaintiff] never knew he created a [website] user account or that an account was created for him, [plaintiff] is still bound by the user agreement. . . . The user agreement specifically states that users consent to be bound to the agreement by accessing and using the website. Additionally, [plaintiff]'s attempt to hold some other anonymous individual responsible for agreeing to the terms must fail.

Burcham, 2009 WL 586513, at *4 (citing Motise, 346 F. Supp. 2d at 566).

IV. BY ACCESSING FACEBOOK’S COMPUTER NETWORK IN A MANNER EXPLICITLY UNAUTHORIZED BY FACEBOOK’S TERMS AND THEREBY GAINING INFORMATION FROM FACEBOOK’S COMPUTER NETWORK – PARTICULARLY ABOUT OTHER USERS – THIS COURT AND THE DJO RUN AFOUL OF FEDERAL AND MISSOURI COMPUTER FRAUD STATUTES AND MAKE THE CONSENTING JUVENILE AN ACCOMPLICE.

According to the federal Computer Fraud and Abuse Act, 18 U.S.C. 1030 (“CFAA”),

“[w]hoever . . . intentionally accesses a computer without authorization or exceeds authorized

access, and thereby obtains information from any protected computer . . . shall be punished . . .

[by] a fine under this title or imprisonment for not more than one year, or both . . . .” 18 U.S.C. §

1030(a)(2)(C), (c)(2)(A). Furthermore, “[w]hoever conspires to commit or attempts to commit an

offense” under the same provision shall be equally punished. Id. § 1030(b). A “computer” is

defined as “an electronic, magnetic, optical, electrochemical, or other high speed data processing

device performing logical, arithmetic, or storage functions, and includes any data storage facility

or communications facility directly related to or operating in conjunction with such device . . . .”

Id. § 1030(d)(1)(e)(1). A “protected computer” is one “which is used in or affecting interstate or

foreign commerce or communications . . . .” Id. § 1030(d)(1)(e)(2).

The Missouri Criminal Code criminalizes comparable – if not more expansive –

computer activities. The Criminal Code prohibits tampering with computer data (“TCD”):

22

A person commits the crime of tampering with computer data if he knowingly and without authorization or without reasonable grounds to believe that he has such authorization . . . . [1] [d]iscloses or takes a password, identifying code, personal identification number, or other confidential information about a computer system or network that is intended to or does control access to the computer system or network; [or] [2] [a]ccesses a computer, a computer system, or a computer network, and intentionally examines information about another person. . . .

Mo. Rev. Stat. § 569.095.1(4)-(5). Similarly, the Criminal Code prohibits tampering with

computer users (“TCU”): “[a] person commits the crime of tampering with computer users if he

knowingly and without authorization or without reasonable grounds to believe that he has such

authorization . . . [a]ccesses or causes to be accessed any computer, computer system, or

computer network.” Mo. Rev. Stat. § 569.099.1(1). A violation of either statute constitutes at

least a class A misdemeanor. See Mo. Rev. Stat. §§ 569.095.2, 569.099.2. The Missouri

Criminal Code also prohibits aiding such conduct:

A person is criminally responsible for the conduct of another when . . . before or during the commission of an offense with the purpose of promoting the commission of an offense, he aids or agrees to aid or attempts to aid such other person in planning, committing or attempting to commit the offense.

Mo. Rev. Stat. § 562.041.1(2). The term “computer refers to the hardware, software and data

contained in the main unit.” Id. § 556.063(2). A “computer system” is “a set of related,

connected or unconnected, computer equipment, data, or software.” Id. § 556.063(7). Finally, a

“computer network” is defined as “a complex consisting of two or more interconnected

computers or computer systems.” Id. § 556.063(5).

Although a plain reading of the elements of these laws would seem to implicate DJO

conduct under Rule 14, Missouri courts have not yet addressed the issue of website terms of

service under the federal and state computer fraud and tampering statutes. However, in

Facebook’s home state of California, courts have. As such, it is instructive to draw lessons from

the comparable California Comprehensive Computer Data Access and Fraud Act, California

23

Penal Code § 502 (“CCDAFA”) provision, which makes any person guilty of a public offense

who:

[k]nowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.

Cal. Penal Code § 502(c)(2).

The elements of the federal CFAA and Missouri TCD and TCU statutes are clearly met

by a DJO acting out Rule 14. Under the CFAA, if the DJO accesses Facebook using a juvenile’s

login and password, the DJO would be intentionally accessing a computer (Facebook and its data

storage and communications facility) and thereby obtaining information from a federally

protected computer that both affects interstate and foreign commerce and/or communications.

See 18 U.S.C. §§ 1030(a)(2)(C), (d)(1)(e)(1)-(2); see, e.g., United States v. Drew, 259 F.R.D.

449, 457 (C.D. Calif. 2009) (“[T]he latter two elements of the section 1030(a)(2)(C) crime will

always be met when an individual using a computer contacts or communicates with an Internet

website.”). Similarly, under Missouri TCD, the DJO would be knowingly taking a password

controlling access to Facebook’s network (and the juvenile would be giving the password). See

Mo. Rev. Stat. § 569.095.1(4). The DJO would also be accessing Facebook’s computer network

to intentionally examine information about another person (by definition, the DJO would be

examining information about both the juvenile and the juvenile’s friends). See Mo. Rev. Stat. §

569.095.1(5). Under the even lower threshold of Missouri’s TCU, the DJO would also be

knowingly accessing or causing to be accessed Facebook’s computer network. See Mo. Rev.

Stat. § 569.099.1(1). Furthermore, if the juvenile is not brought under the immediate purview of

the relevant statutes by surrendering her login and password knowing it will be used by the DJO

24

to access Facebook, she could be swept under by the accomplice / accessory provisions. See 18

U.S.C. § 1030(b); Mo. Rev. Stat. § 562.041.1(2).

The California courts have repeatedly indicated it is the owners of the computer networks

– in this case, Facebook – who set the conditions of access to their sites that will determine

whether access is or is not authorized. See, e.g., United States v. Drew, 259 F.R.D. 449, 461-62

(C.D. Calif. 2009) (“It cannot be considered a stretch of the law to hold that the owner of an

Internet website has the right to establish the extent to (and the conditions under) which members

of the public will be allowed access to information, services and/or applications which are

available on the website. . . . [and] the vast majority of the courts (that have considered the issue

[under the CFAA]) have held that a website's terms of service/use can define what is (and/or is

not) authorized access vis-a-vis that website.”); Facebook, Inc. v. ConnectU, 489 F. Supp.2d

1087, 1091 (N.D. Calif. 2007) (“[California’s CCDAFA] defines the criminal offense: taking,

copying, or using data ‘without permission.’ The fact that private parties are free to set the

conditions on which they will grant such permission does not mean that private parties are

defining what is criminal and what is not.”); see also Snap-on Bus. Solutions, Inc. v. O’Neil &

Assoc., Inc., 708 F. Supp. 2d 669, 676-78 (N.D. Ohio 2010); cf. United States v. Nosal, 642 F.3d

781, 785 (9th Cir. 2011) (“We hold that an employee ‘exceeds authorized access’ under [the

CFAA] when he or she violates the employer’s computer access restrictions – including use

restrictions.”). Furthermore, the federal CFAA and the Missouri statutes also allow for private

civil actions based on certain violations of the criminal provisions. See 18 U.S.C. § 1030 (g);

Mo. Rev. Stat. § 537.525. It would be wholly incongruous to allow parties to bring suits for

damages due to unauthorized access to their computer networks, yet not allow them to dictate the

terms authorizing such access. Cf. Corley v. United States, 129 S. Ct. 1558, 1566 (2009) (“‘[A]

25

statute should be construed so that effect is given to all its provisions, so that no part will be

inoperative or superfluous, void or insignificant . . . .’” (quoting Hibbs v. Winn, 542 U.S. 88, 101

(2004)).

It is important to stress that it is Facebook that must authorize the access to its computer

network under the CFAA and TCU and TCD, not the juvenile impacted by Rule 14. In

Facebook, Inc. v. ConnectU LLC, 489 F. Supp. 2d 1087 (2007), the United States District Court

for the Northern District of California rejected a Facebook competitor’s motion to dismiss a civil

claim under California’s CCDAFA where the competitor “accessed information on the Facebook

website that ordinarily would be accessible only to registered users by using login information

voluntarily supplied by registered users.” Id. at 1091. The competitor argued – as this Court and

the DJO must to allow Rules 14 to stand – that “Facebook’s ‘terms and conditions of use’ have

no applicability to ConnectU itself, which never registered as a user or agreed to those terms and

conditions.” Id. at 1091. The court, however, opted for a commonsense reading of “without

permission” and declined to limit Facebook’s cause of action only to those third parties who

supplied the competitor with their login information. Id. at 1091; see also DocMagic, Inc. v. Ellie

Mae, Inc., 745 F. Supp. 2d 1119, 1151 (N.D. Calif. 2010) (“‘[CCDAFA] prohibits knowing

access, followed by authorized (i.e., ‘without permission’) taking, copying, or using data,’

including where the access is by means of a third-parties’, voluntarily-provided log-in

credentials.” (construing ConnectU, 489 F. Supp. 2d at 1091)); Snap-on Bus. Solutions, Inc., 708

F. Supp. 2d at 677-78 (N.D. Ohio 2010) (noting it is the website owner that must give the

accessor adequate permission, otherwise “an unwelcome computer hacker could escape liability

under the CFAA by pointing to some third party who had theoretically given him permission to

hack the [website owner]’s computer.” ).

26

Furthermore, this Court and the DJO cannot claim to be surprised to learn that accessing

Facebook and hundreds of its users by logging in as a third party in defiance of Facebook’s

explicit terms likely run afoul of federal and Missouri law. Cf. United States v. Nosal, 642 F.3d

781, 787 (9th Cir. 2011) (“By using their authorized access to defraud [employer] in violation of

[employer]’s access restrictions [employee]’s accomplices certainly had fair warning that they

were subjecting themselves to criminal liability [under the CFAA].”). In addition to the fact that

Facebook’s Terms prohibit such means of access, and a link to the Terms is posted on every

page, as noted, Facebook also allows users to customize privacy settings – and it requires such

settings for minors – so that only “friends” can view their posted information. Cf. ConnectU, 489

F. Supp. 2d at 1091 n.5 (stating that an assertion that users who posted e-mail addresses to their

profiles had no reasonable expectation of privacy “discount[ed] unduly the right of Facebook

users to disclose their email addresses for selective purposes.”). Nor should there be concern that

in this case, accessing Facebook through a third party “would improperly criminalize certain

actions depending only on the vagaries and whims of the [Facebook].” Cf. Nosal, 642 F.3d at

788 (2011). In April of this year, the United States Court of Appeals for the Ninth Circuit held

that where an employee exceeded an employer’s computer access restrictions, “As long as the

employee has knowledge of the employer’s limitations on that authorization, the employee

‘exceeds authorized access’ when the employee violates those limitations. It is as simple as that.”

Id. at 788. Because in the case at hand, this Court and the DJO have clear notice of Facebook’s

access rules, as well as the relevant computer fraud law, “the rule of lenity . . . [should] not

support ignoring the statutory language” of the CFAA or Missouri’s TCD or TCU. Cf. Nosal,

642 F.3d at 788; but see United States v. Drew, 259 F.R.D. 449, 451 (C.D. Calif. 2009) (holding

that a misdemeanor conviction under the CFAA for “an intentional breach of an Internet

27

website’s terms of service, without more” was subject to the void-for-vagueness doctrine

(emphasis added)); cited in the dissenting opinion in Nasal, 642 at 790-91 (Campbell, J.,

dissenting).15

Finally, the case at hand would not be an example of the criminalization of innocent or

innocuous use of Facebook’s computer network. This is not the case of a parent asking neighbors

to purchase Girl Scout cookies in violation of a Term against solicitation; or a “lonely heart”

misrepresenting her appearance in violation of a term against posting misleading information; or

a student posting photos of classmates without permission; or a child under the age of 13 creating

an account; or even a cruel prank gone horribly wrong. See Drew, 259 F.R.D. at 452-53, 466.

And it is not just a violation of Facebook’s Terms and nothing more. See id. at 451, 467

(expressing concern that criminalizing all terms of service violations under the CFAA “without

more” would lead to statutory overbreadth). Rather, this Court is knowingly ordering a minor –

in the face of further detention – to violate Facebook’s Terms so that the State may access

Facebook and a network of hundreds of minors in a manner that Facebook expressly prohibits in

lieu of following the appropriate legal channels.

It is our firm belief that this Court and the DJO not only violate Facebook’s Terms, but

also quite literally meet every one of the elements required by the federal CFAA and the more

elaborate Missouri statutes exactly as the statutory language specifies. See Nosal, 642 F.3d at

782 (“[T]he specific intent requirements of [18 U.S.C.] § 1030(a)(4) sufficiently protect against

criminal prosecution those employees whose only violation of employer policy is the use of a 15 The issue at hand can be further distinguished from the Drew case – subsequently placed on tenuous ground by Nosal – where a MySpace user created a profile for a fictitious person, see Drew, 259 F.R.D. at 452-53. While creating a Facebook account for a fictitious member would violate Facebook’s terms of service, it would not automatically grant the fictitious member unauthorized access to other Facebook members’ profiles, especially minors’ profiles. The fictitious member would then have to ask other members for permission to become friends to gain access to their selectively private information. However, this Court’s Rule 14 would automatically allow the DJO to access a trove of Facebook user information without any such requests and consent from other users.

28

company computer for personal – but innocuous – reasons.”). To hold that a DJO’s

unauthorized access to Facebook is somehow not prohibited by law because this Court is unable

to understand that its actions – which align perfectly with the statutory language of each statute –

are prohibited would be to render each of the statutes meaningless.

V. EVEN WITHOUT FACEBOOK’S TERMS OF SERVICE OR ANY FINDING OF COMPUTER FRAUD VIOLATIONS, THIS COURT MUST FOLLOW PROPER JUDICIAL PROCEDURE FOR GAINING ACCESS TO FACEBOOK’S NETWORK AND HUNDREDS OF THIRD-PARTY PROFILES, WHICH CANNOT BE ACHIEVED BY IMPOSING RULE 14 ON A SINGLE JUVENILE USER.

As a final matter, as we have noted earlier, by signing into a juvenile’s account as the

juvenile, the DJO is potentially gaining unfettered access to hundreds, if not thousands, of other

minors whose information Facebook has expressly attempted to keep from openly-public access.

Independent of how Facebook’s Terms apply to the juvenile or the DJO, or whether the federal

or Missouri computer fraud statues apply, Facebook has been very clear about the channels

through which it provides law enforcement limited access to its information (namely, by

following the provisions of the Stored Communications Act, 18 U.S.C. § 2701 et seq.). There is

no reason to assume this Court and the State can gain access to Facebook’s network without

seeking Facebook’s permission or serving Facebook with subpoenas or warrants or following

other appropriate legal channels as required by the United States and Missouri Constitutions and

other applicable law for any other search or seizure from a third party – particularly third parties

not suspected of any wrongdoing. See, e.g., 18 U.S.C. § 1030(f) ([The CFAA] does not prohibit

any lawfully authorized investigative, protective, or intelligence activity of a law enforcement

agency of . . . a State, or a political subdivision of a State. . . .” (emphasis added)); 18 U.S.C. §

2703 (specifying the requirements for government entities to demand disclosure of “the contents

of any wire or electronic communication” by a provider of an “electronic communications

29

service” or “remote computing service”). Surely Facebook’s rights to prevent otherwise

unauthorized State access to its network cannot be merely waived by the consent of a single

juvenile user – a juvenile this Court has intimated may not even be capable of consenting to

Facebook’s Terms. We respectfully request that this Court cease and desist from circumventing

its duty to deal with Facebook – and access Facebook in a manner contrary to Facebook’s own

written policies – merely because it will be more expedient to do so.

CONCLUSION

For the reasons stated above, we respectfully request that this Court (1) remove Rule 14

from its Rules of Supervision/Probation entirely; (2) destroy any records of the usernames and

passwords of any and all juveniles already collected under Rule 14; and (3) notify any and all

such juveniles that they may wish to change all such usernames and passwords to ensure their

privacy. Furthermore, if this Court feels it has reason to request access to Facebook and the

information of hundreds, if not thousands, of innocent third parties, it should do so through

proper legal channels.

Respectfully submitted this 21st day of November, 2011.

___________________________________ ___________________________________Jeffrey Benjamin Rosebrough William WallerRule 13 Certified Student Attorney Rule 13 Certified Student Attorney

30

___________________________________Mae C. Quinn, Mo. Bar No. 61584Professor of LawCo-Director, Civil Justice Clinic –Juvenile Rights and Re-Entry ProjectWashington University School of LawOne Brookings Drive, Box 1120St. Louis, MO 63130-4899(314) 935-7238 Phone(314) 935-5171 Faxmquinn@wulaw.wustl.edu

31