Today in Orlando made 16 times that I've delivered my social media research presentation around the country to insurer claims, underwriting and SIU groups since May 2010. I had a sense that this would be a hot topic for insurers when Jennifer Parys and Wendy Walberg asked me in May 2009 whether I'd be interested in putting a presentation on this subject together and returning the following year to present it at their Rocky Mountain Chapter of the International Association of Special Investigation Units' annual conference in Denver. When I said I'd do it, however, even I didn't anticipate this much interest.
The explosive growth of social media and the number of its personal and commercial users has drawn the attention of insurers interested in determining whether its content can be useful in making responsible underwriting and claims decisions. Which, I suppose, is why my presentation strikes such a chord. Those of you who have seen that presentation, or one of its earlier iterations, know that this area is as dynamic as the ever increasing number and varieties of participants. Not two of the 16 past iterations of this presentation have been the same. Having found some stuff online this evening (thank you Delta for having WiFi on most of your flights), tomorrow's PowerPoint will also be unique.
Although my presentation is laden with tips and techniques for finding, securing and utilizing social media content, its overarching theme is this: understand that the law -- statutory, regulatory, and case-decisional -- on most things cyberspatial is relatively immature, behooving insurers to tred carefully into and through this largely unmarked area. To date, I have told insurers that there is no law -- no law specifically addressing whether and how an insurer may find, secure and utilize social media content relating to an insured or claimant. But the development and appearance of such law is as inevitable as there will be smaller, faster and more powerful devices for pushing what previously was private information into and onto Web 2.0 platforms.
If you work for an insurance company and want a copy of my latest PowerPoint on this subject, send me an email. Sorry, I won't share with others. This was designed for insurers and their service providers. You understand.
Similarly, if you, your company, or your industry organization is interested in having me present the static PPT slides in a more dynamic, interactive way, complete with the technique and resource demonstrations, let me know. I've done both in-person and webinar presentations of this topic.
If any of you is interested in seeing this presentation, you can join me at the NJSIA's 21st Annual Anti-Insurance Fraud Training Seminar in Atlantic City on October 19th (seminar runs from the 17th through the 19th). Or I'll be delivering it on November 3rd at a meeting of the Michigan Council of Professional Investigators in Novi, Michigan -- insurer claim and SIU types will be welcome, I'm told.
In the 4% battery life I've left, let me share with you what I posted recently on the discussion boards of several LinkedIn groups I belong to:
Could Creating a False Profile on Facebook or MySpace Be Considered a Felony under the Computer Fraud & Abuse Act of 1986?
As I was leaving the IASIU conference in San Antonio last week, Elizabeth Somers of Farmers and Blake Cole of Mutual of Omaha alerted me to an interesting article/editorial opinion piece that appeared in the September 14, 2011 online edition of the Wall Street Journal entitled “Should Faking a Name on Facebook Be a Felony?”, written by Orin Kerr, a former federal prosecutor and professor of law at George Washington University School of Law.
In that piece, Kerr suggested that creating a fake profile on Facebook or MySpace could be construed as committing a misdemeanor in violation of the Computer Fraud and Abuse Act of 1986 (CFAA). Kerr reported that the US Senate Judiciary Committee was then considering amending the CFAA to raise the level of its violation to a felony. The 2009 case mentioned in Kerr's article involved Lori Drew, the mother from Missouri who created a fake MySpace profile of a handsome 17-year-old boy and tormented a 13-year-old girl so much that she committed suicide. Drew was charged, prosecuted and convicted in federal court under the CFAA. Her conviction, however, was subsequently overturned. In overturning the conviction, the trial judge held that although an intentional breach of the MySpace terms of service (TOS) could possibly fit the definition of an unauthorized or exceeding authorization access to MySpace computers, rooting a CFAA misdemeanor violation in an individual's conscious violation of a website's TOS rendered the CFAA unconstitutionally void due to vagueness. The judge summed up his opinion by stating that allowing a violation of a website's TOS to constitute an intentional access of a computer without authorization or exceeding authorization would "result in transforming section 1030(a)(2)(C) into an overwhelmingly overbroad enactment that would convert a multitude of otherwise innocent Internet users into misdemeanant criminals." By the way, Kerr knew about that case because he was one of Drew’s attorneys.
Apparently Kerr's suggestion that creating a fake FB or MySpace profile could be considered criminal was troubling enough to US Senators Al Franken and Chuck Grassley that they proposed new language for the bill to exempt those guilty only of TOS violations. You can read about that amendment, and the amendment itself, in the No, Faking Your Name On Facebook Will Not Be A Felony" article that appeared on September 16th on Forbes.com. That article reports that the bill, presumably as amended, will now move forward to be considered by the Senate.
The answer then to this discussion's title/question is no, the mere act of creating a false profile on Facebook or MySpace will not be considered a felony under the CFAA.There will be more to come. Count on it.