Have you ever been clicking your way through cyberspace, when suddenly, a very important-looking window pops up? It usually looks like it’s part of Microsoft Windows, and it says something like, “Warning! Your computer is at risk! Click ‘OK’!” Do you click on it? Is your computer really at risk? Is Windows trying to tell you something?

By now, you’ve probably figured out where this is going: that pop-up is a scam, something known as “scareware.”

Those who DO click “OK” on the serious-looking window out of fear that their PC is actually in danger usually start a download of malware onto their hard drives. The program pretends to run a scan, telling the user that there are lots of “critical problems” with their computer that must be fixed. Of course, those mysterious problems do get fixed if the customer agrees to buy the full version of the repair software for roughly $40. The entire thing is an elaborate scam, one that is both illegal and incessant; one IP address appears to have received the pop-up at least 200 times in a single day.

It’s a “blatant rip off of consumers,” Washington State Attorney General Rob McKenna said, as reported on CNET news. He said that users were “duped into downloading a fake scan and then duped into paying for software they don’t need.”

These pop-ups have been around long enough for most of us to encounter one at least once, but now there is some news on the scareware front. Microsoft and the Attorney General’s office in Washington state filed or amended lawsuits last month against companies including Alpha Red, Branch Software, SMP Soft and Registry Update, all of which allegedly use the fake security warnings to scare users into spending money on a fix. In some of the cases, the defendants are listed as “John Doe” because the owners of the companies aren’t known. In the case of Alpha Red and Branch Software, James Reed McCreary is the owner named in the lawsuits. His Texas-based company sells a scam product called Registry Cleaner XP for $40. The lawsuits charge McCreary and the other companies with misrepresentation, harassment, and high pressure sales. The state of Washington seeks an injunction and undisclosed civil penalties from McCreary.

The lawsuits were made possible because of Washington’s Computer Spyware Act, which makes it illegal to create scary messages that appear to come from elsewhere (in this case, Windows) in order to terrify people into a software purchase. The Computer Spyware Act was put into place in 2005, and in that year, Microsoft and Washington state successfully sued Secure Computer (makers of Spyware Cleaner) for $1 million when they charged the company with using scareware pop-ups. The law was recently updated to include outlawing the sort of deception that McCreary and others allegedly conducted. The state has filed seven cases under the law since 2005, while Microsoft has filed 17 spyware-related legal actions in that time.

In the current case, consumers who have experienced the scareware ads can file their own lawsuits if they wish. Since many people have a healthy fear of a security breach on their computer, the messages work particularly well when the scammers play on that fear, suggesting that personal privacy and security are at stake. The defendants, if convicted in the current lawsuit, face fines of up to $2,000 per violation, plus restitution and attorney fees. We’ll keep you posted on the results and any future lawsuits brought against the companies.

So what should you do if the “Warning!” pop-up appears on your screen? Don’t click the red X in the upper right hand corner of the window, for one thing, says Christopher Null of Yahoo! Tech Blogs. While it appears to be the same sort of button that makes the standard Windows box go away, remember that this isn’t a true Windows box. Clicking the red X might start the download of the malware. Instead, go to the task bar at the bottom of the screen and right-click on the pop-up’s bar to close it. Other than that, you can close and restart your Internet browser to make the pop-up go away.

Just don’t click “OK”… It’s anything BUT okay.

Sources for this article: Yahoo! News, Yahoo! Tech News, Yahoo! Tech Blogs, CNET news, Scareware, Seattle Post Intelligencer

A natural disaster like Hurricane Ike can be safely managed, assuming people follow the recommendations of local authorities, secure their homes, and if needed leave town.

A disaster can also put a strain on local law enforcement officials and thus ‘post-hurricane’ has always been a popular time for crooks to take advantage of empty homes and businesses.

As a victim of multiple robberies to both my business and home, I have the following advice for protecting your most valuable assets – your privacy, personal documents and identity:

1. Don’t put all of your important documents in one safe, if the safe can be removed from your home or is not fire and waterproof. I lost everything important, including passports, deeds and social security cards when a thief simply ripped the safe out of the wall and ran.

2. Prepare a grab bag of important items when a storm is approaching. You will need to leave quickly, and it is important not to leave important paperwork and ID’s behind.

3. Make sure if you are leaving computers, that they are backed up and password protected. Most thieves will simply try to pawn your electronics, and if there is no password, the next user will have full access.

4. If you use a browser-based password tool, make sure you set a master password.

5. Take prescriptions with you. Multiple times thieves have stolen medication.

6. Remember that in a loss of power or phone, most security systems don’t work. If they do work, it is very unlikely that the police or monitoring center will be notified.

Any natural disaster can be handled in a way as to minimize damage and loss. Taking a few precautions can help you protect you and your family.

Cell phone text messaging (otherwise known as SMS, or “short message service”), is a lot of things. For teens, young people and many others, it’s a vital communication tool; I once knew a 20-something guy who almost never used his cell phone to make actual phone calls, but he texted constantly. For other people, it’s an annoyance, or even a hazard; in many places, laws are being passed to combat texting behind the wheel because of the potential safety risks. For more people than ever before, it’s a way of life: SMS technology is the most widely used data application on the planet, with 2.4 billion active users (74% of people with cell phones also send text messages). And increasingly, cell phone text messaging is something else: a means by which we can receive spam messages.

Text message spam (often called m-spam, for “mobile spam”) is among the most annoying spam we get. We’ve all gotten pretty accustomed to receiving spam in our email inboxes, even if we don’t care for it. But our cell phones are more personal. Receiving an unexpected text message that advertises something feels like more of a violation than other methods of spam. Also, many people pay per text message for the SMS technology, incoming AND outgoing, so victims end up not just enduring but PAYING for the experience of receiving unwanted texts. Customers don’t have the option of choosing which of their incoming text messages they accept (and agree to pay for) and which ones they don’t. Text message spam is frustrating and costly, so what can be done about it?

The CAN-SPAM Act of 2003 addresses this issue, at least in part. The Act prohibits sending unwanted commercial email messages to wireless devices without express prior permission. The definition of “commercial messages” (those that advertise a product or service) is pretty widely understood. That said, the CAN-SPAM Act covers messages sent to cell phones and pagers IF the message uses an Internet address that includes an Internet domain name. It does not cover “short messages” sent from one phone to another.

So if a spammer sends commercial texts to your cell phone and uses another phone (instead of a computer) to do it, are you stuck without any recourse? No, because where the Act leaves off is where the Telephone Consumer Protection Act (TCPA) and other FCC rules take over. From the FCC website regarding the TCPA: “FCC rules prohibit sending unwanted text messages to your wireless phone number if they are sent using an autodialer, or if you have placed that number on the national Do-Not-Call list.”

So for starters, put your cell phone on the Do-Not-Call list, just in case you receive (or fear you might receive) undesired text messaging. That way, you’ll have grounds for filing a complaint with the FCC. Keep in mind, though, that some messaging is exempt from the bans; for example, if you have an established relationship with a business (i.e., messaging regarding a warranty you have on a product you’ve bought from them), if you’ve given them consent to text or call you (always read the fine print when you sign up for a service, just to make sure you’re not giving consent if you don’t want to), or if the messaging falls under the noncommercial category (which includes political organizations and religions), you’re not allowed to file a complaint. But outside of these exceptions, if you put your phone on the Do-Not-Call list and still receive spam texts, or you receive a commercial message sent via email that is clearly in violation of the CAN-SPAM Act, you can file a complaint here.

What about short-code text messages? You know, the ones with just a 4-6 digits instead of a full phone number. If you get messages from short-code sources, you probably opted-in for something, such as radio station updates. If you don’t want to receive them anymore, reply with “STOP” and see if that works. If you’re not even sure where the messages are coming from, there’s a short-code registry that allows you to check. It’s not guaranteed to be accurate, and it’s not comprehensive, but it’s a start if you need to find out the source of your unwanted messages so you can contact them and tell them to stop.

What else can you do to prevent text message spam before it happens? First, don’t give your cell phone number out unless you absolutely have to. Don’t post your number online where people can find it, since that’s just an invitation to spammers. If you DO feel the need to share your number with a website (say, when you’re signing up for alerts), read their privacy policy to make sure that your phone number won’t be sold to a third party. You don’t want to unknowingly give out that “express prior permission” described in the CAN-SPAM Act that would open the door for spammers to flood your phone with messages.

You can also contact your cell phone provider to make them aware of unwanted text messages if it becomes a problem. AT&T, T-Mobile, Sprint and Verizon offer methods on their websites that allow customers to block emailed messages (or just certain domains) sent to their phone; for each provider, look for “text messaging preferences” or “communication tools” after you log in to get you started on setting up an email block. Even if your carrier doesn’t offer this feature online, most U.S. carriers should be able to handle this for you if you call them directly. Be careful using this option, though, since it could block messages you actually WANT to receive via email-based messaging, such as the message from your airline notifying you of a flight change. 

If all else fails, responding to a text spam with the word “unsubscribe” is worth a try.

Sources for this article: www.fcc.gov, www.lifehacker.com, www.consumer-preference.com, Wikipedia, Pogue’s Posts

News from the online privacy front: another court ruling on COPA.

COPA is the Child Online Protection Act, enacted in 1998 (not to be confused with COPPA, which we posted about before). According to the COPA Commission, which was the Congressional panel formed along with the law, “The purpose of the Act is to prohibit online sites from knowingly making available to minors material that is ‘harmful to minors’ (sexually explicit material meeting definitions set forth in the Act).” In essence, COPA would punish U.S. providers who post material that is “harmful to minors” online for commercial purposes without providing some sort of age verification system, such as requiring a credit card number, in order to keep children from viewing it. COPA was designed to be a narrower law than it’s predecessor, the much-derided Communications Decency Act (CDA) of 1996, which was struck down on constitutional grounds in 1997 by the U.S. Supreme Court.

If COPA were enforced, those who did not take adequate measures to keep children from viewing sexually explicit material on their websites would be subject to fines of up to $50,000 per offense, prison terms of six months, or both. But COPA is not enforced; it has been inactive almost since its inception because of challenges to its constitutionality by the ACLU and other plaintiffs. In the past, appeals courts have struck down the law for being in violation of the First and Fifth Amendments to the Constitution, and the Supreme Court has upheld the injunction on enforcement because of the likelihood that the law is unconstitutional. The case was referred back to the district court in 2006, and a ruling in 2007 once again saw the law struck down.

Now for the latest news: Despite defenses of the law from the Justice Department, the 3rd U.S. Circuit Court of Appeals on Tuesday upheld the lower court’s decision to strike down COPA as unconstitutional. It’s another blow for the government in this drawn-out battle over how to legislate online protection for minors. As the Center for Democracy and Technology put it, “Congress has spent twelve years attempting to use criminal laws to censor protected online speech on the Internet that is lawful for adults to access. That approach to protect children online has been an utter failure.” 

So just what is the problem with COPA? Protecting kids from harmful material is a great idea, right? The intent may be good, but the law itself is flawed. For one thing, the standards for defining “harmful material” are far too loose and open to interpretation as COPA is written. Even mainstream movies, TV shows, artwork and other socially-valuable speech viewed via the internet could fall under the definition of “harmful materials.” The law’s critics point out that COPA infantilizes the internet and places the burden of responsibility on websites for preventing minors from seeing material directed at adults; even a news site that contains a very small amount of adult material would fall under the umbrella of COPA. The law, as the judges wrote in this latest opinion, “effectively suppresses a large amount of speech that adults have a constitutional right to receive and address to one another…and thus is overbroad. These burdens would chill protected speech.”

In addition, when dealing with free speech rights, the best legal course of action is always to take the least-restrictive means, which COPA does not (filters that parents could install at home would be more effective and less restrictive than COPA). And in the end, COPA can’t stop kids from seeing harmful material that originates on websites outside of the U.S., or on non-commercial sites.

So how can we protect kids from seeing harmful content online? The responsibility lies with the parents, not with the websites. Sites like this one offer tips for parents to maintain control over their children’s internet surfing habits and offer ways to tell if your child might be viewing something they shouldn’t be. Tips include monitoring kids’ internet access, educating them on the dangers of giving out personal information, restricting the use of online chat forums, and using filtering software in order to control the flow of information that the children receive. All of this is far more reasonable and effective than a broad-spectrum, speech-limiting law like COPA. 

Just like in other forms of media, parents are required to be the ultimate gatekeepers to what the children can access. The government cannot force websites to be parents to the detriment of society’s free speech. A free exchange of information and ideas, even at the adult level, is the very definition of the freedom of speech described in the First Amendment. The 3rd U.S. Circuit Court of Appeals did the correct thing in coming down on the side of rights, not restrictions.

Sources for this article: ABC News, The COPA Commission, Child Online Protection Act, Online Child Privacy Tips for Parents, the Center for Democracy and Technology

On July 9, 2008, the U.S. Senate committed to protecting telecommunications companies. From what, you might ask? From the lawsuits that have been springing up against the telecoms for aiding the government in wiretapping Americans without court authorization.

First, some background: The Foreign Intelligence Surveillance Act (FISA), which went into effect in 1978, created a court that had to approve any wiretapping requested by the government. The idea was that the sort of secret wiretaps that occurred during Watergate and the Vietnam War, wiretaps that were for mostly political reasons, should not be allowed to occur. The court, it was decided, would provide the oversight that would keep the government above-board in its surveillance.

Fast-forward to the new millennium. According to an article published in The New York Times in December 2005, President George Bush secretly authorized the National Security Agency (NSA) in 2002 to start eavesdropping on the international phone and email communications of people in this country without a court order. The NSA was to be looking for and preventing terrorist activity after the 9/11 attacks. The monitoring went on for three years before the New York Times story broke, and once the cat was out of the bag, critics began to declare that such eavesdropping, often on up to 500 unsuspecting Americans at any given time, was both illegal and unconstitutional. The program’s defenders, on the other hand, said that the activity was a vital tool in preventing terrorist attacks, and that the lack of court approval meant that the government could move more quickly in protecting this country. They also said that Bush had been given the power to initiate the snooping based on the Congressional resolution that gave him power to wage war against Al Qaeda.

Even before the program was brought out of the shadows, senators and others who knew about the monitoring were raising concerns. Some were worried that the NSA had too much power and not enough restrictions on their behavior. In addition, of course, was the fact that FISA had been bypassed entirely with this program. The court that was put into place to protect the public against unwarranted communications monitoring had been ignored by the government, and some in the government (of the few NSA, CIA, Congressional, Cabinet and administration officials who knew about the program) questioned the legality of the eavesdropping.

With the program now made public, watchdog groups and privacy advocates were up in arms against it. Americans were being denied civil liberties, they insisted, in the name of national security. While any communications that were wholly domestic (i.e., from once place in the U.S. to another) still required a warrant to monitor, the international communications of thousands of Americans were secretly heard by NSA agents. Critics of the secrecy also pointed out that FISA is more agreeable than one might expect in granting wiretapping warrants… Few requests for such warrants were ever denied, and the permissions were frequently granted in a matter of hours if the situation called for speed. In short, the administration’s actions in circumventing the checks and balances of the government did not sit well with many Americans.

As the investigations into the wiretapping progressed, it became clear that several telecommunications companies had aided the NSA in the snooping. The NSA, after all, needed cooperation from the companies to access the data records of the people they had monitored. Americans began to file civil lawsuits against the telecoms for their part in the program, and as of this week, more than 40 such suits had been filed in U.S. District Court. The U.S. Congress has been working for the past year on legislation that would address the wiretapping issues in this country, and after a bitter struggle, they reached an rather lopsided agreement this week.

This is where the protection for the telecoms comes in this week: The bill that the Senate (and earlier, the House of Representatives) approved on Wednesday overhauls the eavesdropping program but also calls for immunity for the telecoms against the lawsuits. Americans, in short, have no legal recourse against the telecoms for their participation in the questionable wiretapping activities. In fact, the White House had threatened to veto the bill if it DIDN’T protect the telecoms. Amendments that were proposed to weaken the bill or delay the immunity were also defeated. The new bill requires the government to get permission from FISA before monitoring Americans overseas, but it also allows the government to get broad, yearlong permissions that target entire groups of people. It also gives the government the right to monitor communications without permission for a week (in an “emergency” situation) before having to apply for a court order.

Many lawmakers were against the bill, for a variety of reasons. Senator Arlen Specter, R-PA, called the bill “buying a pig in a poke.” Senator Russell Feingold, D-Wis., put it more bluntly: “This president broke the law.” One of the biggest complaints from the lawmakers was that the details of the snooping are still classified and kept private from many of those in Congress, meaning that the Congresspeople were being asked to vote on protecting the telecoms without actually knowing what they did in the first place. The bill dismisses the 46 lawsuits currently pending against the telecoms, but three additional lawsuits against government officials will continue for now.

The ACLU calls the bill “a blatant assault upon civil liberties and the right to privacy,” but supporters of the bill call it a protection of those rights. Senator Christopher Bond, R-Mo., said, “This is the balance we need to protect our civil liberties without handcuffing our terror-fighters.” Whatever the motivation, the decision was reached on a deadline; current wiretapping authorizations will begin to expire in August, and without new legislation, the guidelines would revert to the old FISA rules, which would require many new orders and delays in the wiretapping efforts.

So are NSA officials listening to your phone calls or reading your emails right now? Probably not. Should you worry? Worry less about monitoring on your own lines and more about the broader ramifications of this legislation. What is security worth? The delicate balance of safety and liberty is one that has been brought into stark relief since 9/11, and as Americans move forward, the privacy of our communications will become an increasingly-hot issue. Some say that, if you have nothing to hide, you have nothing to fear from monitoring. But in 1975, as Senator Frank Church, D-Idaho, investigated the NSA, he was troubled enough to say: “That [spying] capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter. There would be no place to hide.” Whether you have anything to hide or not. 

Sources for this article: www.breitbart.com, The New York Times, www.cbs11tv.com, ap.google.com

You’ve probably seen LifeLock’s ads on TV: The CEO, Todd Davis, hands out his own Social Security number to strangers and even has a truck with the number painted on it drive around town, assuring the viewers that, thanks to LifeLock’s protection, no one can steal his identity. He also claims that, should a client’s identity be stolen, LifeLock will fix the problem and reimburse the client. But can this service, which costs roughly $10 per month, truly protect you from identity theft, reduce your junk mail and give you peace of mind? And is it all it claims to be?

Experian, one of the three main credit bureaus, says no. They filed a lawsuit against LifeLock in February, claiming deception and fraud in the attention-grabbing advertising campaign. Davis calls the lawsuit groundless. Some of the details of Experian’s claims:

1. Fraud alerts, which notify companies that check credit to be on the lookout for imposters, are LifeLock’s main fraud prevention tool. Under the Fair Credit Reporting Act, fraud alerts be requested only by an individual, either the consumer or someone acting on the consumer’s behalf, not by a corporation. They can also be requested only when there is a strong suspicion of impending fraud or identity theft (say, when your credit card goes missing). LifeLock, however, has placed continuous fraud alerts on the credit files of its approximately 1,000,000 customers, which is against federal law, Experian claims. They say that LifeLock pretends to be the consumer and actively avoids detection as a corporation. They also maintain that this constant “crying wolf” ties up the Experian systems and slows the process down for legitimate fraud alerts.

2. Experian also claims that LifeLock uses deceptive advertising because credit reporting is free under the Fair Credit Reporting Act, but LifeLock does not make it clear to consumers that the credit reports (and many of the other services, such as junk mail reduction) are free to obtain through other means. Experian also charges that the advertising is deceptive because the service does not afford all of the protection it claims; it cannot prevent an identity theft in progress or the unauthorized use of a credit card, and is not always effective in preventing undocumented workers from using stolen Social Security numbers to get a job.

Davis counters the first claim by saying that placing fraud alerts is legal and “in the spirit of the Fair Credit Reporting Act.” He notes that LifeLock customers are happy and satisfied with the service, and that he had received no complaints of deceptive practices. He addresses the second claim by saying that his service makes it “virtually” impossible for someone to steal a client’s identity (the word “virtually,” he says, keeps the ads from being deceptive).

It should be noted that the fraud alerts do cost the credit bureaus time and money to run, which they don’t appreciate, obviously, but may not be as illegal as they claim. Experian is also under investigation by the FTC for running www.freecreditreport.com, a site that charges customers for credit monitoring and could be considered a competitor to LifeLock. Davis suggests that Experian simply wants to make more money and sees LifeLock as a threat.

As to the reports that Davis’s identity WAS stolen, the reality is that it was not. One man got a $500 payday loan using Davis’s Social Security number, but the clerk who took his information did not run the number through any of the credit bureaus for verification before handing over the money. Once the fraud was discovered, LifeLock fixed it, and Davis’s credit is just fine, even after 87 other, failed attempts to steal his identity.

LifeLock is not the only company that offers its services to consumers (see also Debix, LoudSiren and TrustedID). But as of this month, LifeLock had become the target of several class-action lawsuits from competitors, credit bureaus and lawyers in several states. LifeLock an easy target, thanks to its memorable and slightly scary advertising. But many experts doubt that the lawsuits have any merit, and interpreting the Fair Credit Reporting Act might easily go in favor of LifeLock (especially since many people have been potentially compromised when their personal information has gone missing from the computers of companies, banks and other agencies, so they’d have reason to put fraud alerts on their accounts).

Wired Columnist Bruce Schneier makes the point that LifeLock does what the government should do anyway: make stolen personal information harder to use. That said, though, he is not a customer of LifeLock because, as he puts it, dealing with identity theft is routine and not nearly as damaging as it used to be. Also, it’s hard to tell how effective LifeLock is, since it gains customers more from the fear of identity theft than the theft itself.

In the end, LifeLock can be a very useful and reassuring service if you choose to pay for it, but you can keep track of your own credit and identity yourself, for free. You can put your own fraud alerts on your account if you remember to renew them every 90 days (since fraud alerts expire). You can request free credit reports at one per year (visit www.annualcreditreport.com, for example). And of course, above all, you should be careful with your personal information. Shred credit card offers and other documents that come to you in the mail; don’t give out your personal info over the phone or in email; and investigate unknown charges to your accounts. Being a conscientious consumer may be all it takes to protect yourself from identity theft and fraud.

Sources for this article: MSNBC, LifeLock Reviews, WIRED

You’re trying to keep the telemarketers from calling you. You decide to register your number with the National Do Not Call Registry. Now you won’t get a single unsolicited call, right?

Wrong. Let’s go through some of the most common misconceptions of the Do Not Call Registry, and what the reality is:

Misconception #1 – Being on the list means no one can call you to sell you anything.

The reality – The list doesn’t include calls from political organizations, charities, telephone surveys, companies that you have a business relationship with (i.e., you bought something from them recently), and companies that you have already given permission (in writing) to call you.

Misconception #2 - You can register just home phones and landlines, not cell phones.

The reality – You can register any number, including cell phones, with the Do Not Call Registry. There is an email that has been making the rounds for years that insists a cell phone database is about to be released to telemarketers, but this email is a hoax. You are not about to be inundated with telemarketing calls to your cell phone, as it is against FCC regulations for automated dialers (which most telemarketers use) to dial cell phone numbers. Still, if you choose to register your cell number with the Do Not Call Registry, you may do that.

Misconception #3 – The same day that you register your number, the calls must stop.

The reality – It may take up to 31 days for telemarketers to update their systems and stop calling you.

Misconception #4 – Even if a telemarketer calls me without permission, they won’t be penalized. 

The reality – If you receive a call from a telemarketer more than 31 days after signing up for the Do Not Call Registry, and you don’t think the telemarketer is included in the list of permitted callers, then you can file a complaint with the Registry on their web page. If a telemarketer is found to be in violation of the rules, they will be penalized with a hefty fine, up to $11,000 per violation.

Misconception #5 – If you add your number to the Do Not Call Registry, the privacy of your information will be compromised.

The reality – Your number is placed in the registry solely for telemarketers to use in updating their own do-not-call records every 31 days. Phone numbers may also be shared with law enforcement officials, but other than that, all information is stored securely and not shared with anyone else. 

Misconception #6 – Your registration will expire after 5 years.

The reality – Pending final Congressional approval to make the list permanent, your number won’t be dropped from the list after a 5-year period (or any other period).

Misconception #7 – There is a deadline for registering your number.

The reality – There is no deadline for adding your number to the National Do Not Call Registry. You can do it at any time.

To learn more about the National Do Not Call Registry, visit the FAQ page.

If you are a business that uses telemarketing techniques, you should make sure that you are in compliance with the National Do Not Call Registry guidelines. The registry’s website has some information for businesses that you can use to learn more, such as the cost for accessing the Do Not Call database (the first five area codes are free), the potential penalties for violations, and the specifics about what calls are exempt from the regulations.

Sources: www.donotcall.gov, www.ftc.gov, www.fcc.gov, www.snopes.com

Lori Drew, the 49-year-old Missouri resident who allegedly posed as a teenage boy on MySpace in order to harass 13-year-old Megan Meier, pled not guilty on Monday to charges of conspiracy and accessing protected computers without authorization to get information used to inflict emotional distress. The case is before the federal court in California, where MySpace is based.

The case has drawn attention to the possible liabilities for social networking sites, as well as how actions conducted online can be prosecuted under existing laws. What are the legal ramifications of this case, and what fault, if any, lies with MySpace for maintaining the website on which the crime occurred? How this case unfolds could determine how future laws regarding internet crime are written and interpreted, and how online privacy could be threatened.

The details of the case are chilling: Lori Drew allegedly created a fake MySpace account to find out what Meier was saying about Drew’s daughter. The prosecution charges that she posed as a teenage boy, gained Meier’s trust, chatted with her, then became cruel and sent messages suggesting that the world would be better off without Meier. Meier hanged herself in October 2006. Drew denies making the MySpace account and sending the messages.

Legally, Drew cannot be charged with any form of murder, since Meier took her own life. As one attorney put it on CNN.com, “You can’t start imposing liability on people for being cruel.” Meier reportedly suffered from attention deficit disorder and clinical depression that had been diagnosed before this incident occurred. Though Drew’s alleged behavior is immature, offensive and morally reprehensible, the laws that are currently in place make it difficult to prosecute her for a crime. In fact, Missouri prosecutors didn’t find any law under which they could charge Drew when the case first came to light in December 2007. Pressure from the public and general outrage about the incident, though, pushed the case forward under federal law.

The prosecution has its work cut out for it as the case goes to trial. The law that they are citing in this case, the Computer Fraud and Abuse Act, was written in 1986 as a means to punish internet hackers for illegally accessing account information and government data. It addresses the removal of information from a computer, not sending out harassing messages. This is the first time that the law has been used in a social networking case.

Many experts agree that this law was not meant to be interpreted in this fashion, and that such interpretation sets a dangerous precedent for internet law as a whole. Essentially, the prosecution is arguing that it is a federal offense to violate the terms of service agreement on a social networking site. MySpace’s terms of service, which all new users must click-to-agree when they sign up, require users to provide factual information about themselves and refrain from soliciting personal information from minors or using information on the site to harass other members.

Lori Drew’s alleged behavior was a clear violation of MySpace’s terms of service, but is it a federal offense? MySpace supports the lawsuit and derides all forms of cyberbullying, but they would be foolish not to support the pursuit of this case, since the bullying happened on their site. If the prosecution succeeds in proving that Lori Drew committed a crime under federal law, then any violation of any term of service on any website could be grounds to pursue another federal case. The ramifications could be huge; on some sites, even a single disparaging comment might be interpreted as a violation of the terms of service. Internet privacy would take a major hit, as would the social networking sites themselves if more and more such cases were filed. The ability to use and enjoy sites like MySpace, Facebook and others would be severely compromised by the looming threat of a lawsuit.

MySpace was subpoenaed in January of 2008 but is not currently facing any charges for being the host site for this incident. MySpace currently boasts a membership of more than 100 million, and it is widely understood that the site administrators can’t police every profile and every message sent through the system. MySpace, like other social networking sites, relies on the terms of service agreement and reports from other users to maintain a safe environment. That isn’t always possible, obviously, nor is it always possible in other public venues, such as schools and parks. MySpace cannot be held responsible for this tragedy as long as the administrators show a measure of diligence in protecting its users from bullying and other cyber-crimes. Parents and guardians are also expected to aid in the protection of their children by monitoring what their children access online, with whom they chat, etc. It is a multi-pronged effort to keep kids safe online without compromising the rights and privacy of other users, and unfortunately, this case illustrates that the system is not perfect.

The public has demanded retribution in this tragic incident, and Lori Drew is the clear villain. But prosecuting her under a law that was written for a different purpose does not seem to solve the problem; rather, it exacerbates it. As it stands now, most experts doubt that Drew will be convicted, but the case has stimulated debate about the future of internet legislation, with many people clamoring for tighter restrictions and more clearly-defined laws. Defining laws makes sense, but adhering to them as they are written is necessary, as well. Privacy should not be compromised for the sake of perceived safety, and users should not be absolved of the responsibility to keep themselves and their children safe in what is clearly an uncertain environment. The potential for a lawsuit every time one teenager types something disparaging about another is enough to raise the caution flag on the idea of sweeping legislation.

The sad lessons learned from this case are clear: social networking websites should diligently educate users about the terms of service and handle reports of abuse promptly and fairly, as MySpace has done; parents should educate and monitor their children regarding safe internet use, because the websites can’t keep track of every message exchanged; and lawmakers should use caution in writing or interpreting laws that punish bad behavior on the internet. The anonymity of websites can elevate the potential for mean or thoughtless behavior, but in the end, we cannot rely on a law to protect children, especially children with existing emotional or mental issues, from harsh comments online. As one parent on a news website put it, “Parents should always keep tabs on what their kids are doing online, but they most certainly need to take a good inventory of their child’s self-esteem and emotional well being before allow them to participate on social networking sites in the first place” (thenewsleak.com).

There is no question that Lori Drew’s alleged behavior is sick and twisted, and that it is deserving of condemnation. Megan Meier’s parents will doubtless pursue a civil case against her, as they should. As sad as this case is, though, Megan Meier should not be held up as a poster child for a loss of internet privacy; rather, her case should serve as a reminder to all concerned that what you (and your children) see on the internet isn’t always what you get.

Sources: CNN.com, blog.wired.com, usdoj.gov, thenewsleak.com

The Children’s Advertising Review Unit (CARU) was formed by the National Advertising review Council (NARC) in 1974. CARU is a self-regulated program that promotes responsible children’s advertising.

CARU’s basic activities are the review and evaluation of child-directed advertising in all media, and online privacy practices as they affect children. When these are found to be misleading, inaccurate, or inconsistent with CARU’s Self-Regulatory Guidelines, CARU seeks change through the voluntary cooperation of advertisers.

CARU’s Guidelines contain a section that highlights issues, including children’s privacy, that are unique to the Internet and online sites directed at children age 12 and under. The following is an overview of these guidelines:

1. Advertisers must clearly disclose all information collection and tracking practices, all information uses, and the means for correcting or removing the information. These disclosures should be easily accessible before any information is collected.

2. Advertisers should disclose why the information is being requested and whether the information will be shared, sol or distributed outside of the collecting company. This disclosure should be written in language easily understood by a child.

3. Advertisers must obtain prior “verifiable parental consent” when they collect personal information (such as email addresses, screen names, addresses or phone numbers) that will be publicly posted. The definition of “verifiable parental consent” in the Children’s Online Privacy Protection Rule applies.

4. For activities that involve public posting, advertisers should encourage children not to use their full names or screen names that correspond with their email address, but choose an alias (e.g., “Bookworm,” “Skater,” etc.) or use first name, nickname, initials, etc.

5. Advertisers should not require a child to disclose more personal information than is reasonably necessary to participate in the online activity (e.g., play a game, enter a contest, etc.).

6. When an advertiser collects personal information only for its internal use and there is no disclosure of the information, the company must obtain parental consent, and may do so through the use of email, coupled with some additional steps to provide assurance that the person providing the consent is the parent.

7. To respect the privacy of parents, advertisers should not maintain in retrievable form information collected and used for the sole purpose of obtaining verifiable parental consent or providing notice to parents, if consent is not obtained after a reasonable time.

8. If an advertiser communicates with a child by email, there should be an opportunity with each mailing for the child or parent to choose by return email or hyperlink to discontinue receiving mailings.

9. When performing age-screening, advertisers should ask screening questions in a neutral manner so as to discourage inaccurate answers from children trying to avoid parental permission requirements.

10. Since hyperlinks can allow a child to move seamlessly from one site to another, operators of Websites for children or children’s portions of general audience sites should not knowingly link to pages of other sites that do not comply with CARU’s Guidelines.

Resources: www.caru.org

About 100 million trees are ground up each year to produce junk mail (that’s the equivalent of deforesting the entire Rocky Mountain National Park every four months), of which 44% is thrown in the trash before it is even opened. The average person receives about 1.5 personal letters each week and about 10.8 pieces of junk mail. By the end of this year, each person will have received almost 560 pieces of junk mail. Of those 560, 246.5 pieces will be tossed into the trash unread.

This surplus of junk mail is not only killing trees, it is also producing mass waste. Approximately 40% of the solid mass that makes up our landfills is paper and paperboard. This number is expected to rise by the year 2010 to about 48%.

So how do people find you to send you this waste? Most lists of names and addresses used in bulk mailings are in mass data-collection networks which are compiled from phone books, warranty cards and charity donations, to name a few. Each time your name is sold, these data-collection networks make between 3 cents to20 cents.

So what can you do? You can start by trying to cut down on the waste. You can do things like reuse the junk mail for scrap paper or shred the paper and use it for filler when shipping. Recycle the junk mail at your local recycling center. Or even create new things like homemade recycled paper.* You can also cut the amount of junk mail you receive. If you cut your junk mail for 5 years, you’ll conserve 1.7 trees, 700 gallons of water and prevent 460 pounds of carbon dioxide from being released into the air.

*Make recycled paper at home by cutting junk mail into small shreds, then soak it in warm water (one hour, stirring occasionally). Next, spread it out on a flat, fine-holed, wire-mesh screen and let it dry. You can also add flowers, grass, and leaves for fun, color, and texture.