Social Media Parody Accounts: Safe from the CFAA

Thursday, October 3, 2013, by Benjamin Szany
If you follow @Queen_UK, @notzuckerberg, or @FauxJohnMadden on the popular social media website Twitter, take comfort in a ruling from the Oregon District Court which protected users of those parody accounts from litigation under the Computer Fraud and Abuse Act (CFAA, 18 USC § 1030).
In an opinion issued last Thursday, September 26, 2013, the court determined that the CFAA’s language of “without authorization” and “exceeding authorized access” does not include a defendants’ use of the plaintiff’s name and likeness for Facebook and Twitter accounts in violation of the terms of service of those websites. In this case, the defendants were secondary students who had allegedly created Facebook and Twitter accounts representing the likeness of Adam Matot, an assistant principal for their school. Matot argued that by violating the Facebook and Twitter’s terms of service, the students had used the social media websites “without authorization,” and were therefore liable for damages under the CFAA.
Twitter’s Parody, Commentary, and Fan Account Policy permits parody or mimicking accounts, so long as the account does not clearly intend to “deceive or confuse.” Twitter recommends that parody account users clarify the account’s unofficial nature in the account’s username, bio, or tweets. Twitter reserves the right to request that users make changes to these accounts for clarity’s sake, and to suspend any accounts that continue to violate the policy.
Facebook’s policy is less nuanced, but does state that “[I]mposter accounts[] are not allowed on Facebook.”
The Oregon District Court interpreted the CFAA in line with Ninth Circuit precedent, sticking to a narrow definition of “without authorization.” The court recognized the difference between breaking into a computer to which the user has no authorization to use for any purpose and using a computer the individual is authorized to use generally, but not in the particular way it was used. The District Court cites United States v. Nosal, in which the Ninth Circuit shied away from an expansive reading of the CFAA’s “without authorization” and “exceeding authorized access” phrases. The Ninth Circuit pointed out that an employee’s use of a work computer to send a personal email or to browse the internet for personal entertainment could constitute use of a computer “without authorization” under a broad interpretation, and determined that such a construction of the CFAA was not what Congress had intended in 1986 when first passing the CFAA.

The Ninth Circuit pointed out that an employee’s use of a work computer to send a personal email or to browse the internet for personal entertainment could constitute use of a computer “without authorization” under a broad interpretation

The Ninth Circuit noted, and the Oregon District Court acknowledged, that lies are commonplace online. Individuals lie about their age (particularly minors making Facebook or Google accounts, or persons using online dating sites) – violations of those sites’ the terms of use. A broad interpretation of the CFAA’s “without authorization” clause to include website terms of use would subject a significant number of computer users to litigation under a statute intent on stopping hackers.
Fortunately for those who use work computers for personal purposes, who lie online about themselves online in violation of websites’ terms of service, or who enjoy quality parody accounts on social media, the Oregon District Court dismissed Matot’s CFAA claim against the students.
The Oregon District Court’s opinion on Lexis Advance: Matot v. CH, 2013 U.S. Dist. LEXIS 138327 (D. Or. Sept. 26, 2013).
For more information relating to the authors behind popular parody accounts, and the benefits of creating a successful parody account on Twitter: Mashable – Behind the Screens of Twitter’s Funniest Parody Accounts.
For non-parodied peeks at tech-related legal news, follow the North Carolina Journal of Law and Technology on Twitter at @ncjolt.