Real Legal Remedies for Virtual Harms? (Blog Debate: LIV)
In his post below, Saul asks: "If A deletes much of B's existence in the virtual world, or A manipulates B in that world to such a degree that B's real world health and safety are at issue, why should criminal law be thought out of bounds?"
My answer is that I don't think it should. Most criminal laws are and should be technology-neutral. What matters is the harm, not the specific way that the harm is caused. For example, the crime of sending an interstate threat to harm a person (18 U.S.C. 875) is the same crime regardless of whether the thread is by postal mail, a telephone call, an e-mail, or communications in a virtual word. I think this is right: the means of committing the offense normally shouldn't matter. The key point in my paper is that the "virtualness" of the harm shouldn't matter, either. That is, we should stay focused on the impact of conduct in the real physical world, not in the virtual one. So, for example, in the case of the crime of sending a threat to harm a person, the "person" still needs to be a real live physical person. The concern motivating my paper is that we'll start to believe our virtual metaphors and equate virtual harms with real ones; I think this is a major mistake.
Maybe you're thinking, "Hey, what are the chances that we'll start taking virtual harms so seriously?" The statute to watch is 18 U.S.C. 1030, the Computer Fraud and Abuse Act, a crime enacted in the 1980s to punish computer hacking. Congress opted to describe the prohibited act as "accessing" a computer "without authorization" or "exceeding authorized access," and more than 20 years later no one knows what these words actually mean. Some of the interpretations out there are frighteningly broad. For example, there are lower-court precedents holding that violating Terms of Service make use of a computer "exceed authorized access." The U of C's own Judge Richard Posner has written an opinion for the Seventh Circuit holding that an employee who uses a computer with the subjective intent of hurting his employer accesses his work computer "without authorization." These sorts of precedents have arisen in the civil context, but they apply equally in the criminal context. And they'll give prosecutors some ready weapons to start charging virtual harms under existing federal laws if they so choose.
I've written an article arguing against these broad interpretations of Section 1030, and I've been happy to see its arguments gain some traction recently in a few district court opinions. (Not cases involving virtual worlds -- just computer cases more broadly.) I think the scope of Section 1030 will be the most important battleground for the scope of criminal law in virtual worlds in the next few years. Those who are worried about the evolution of criminal law in virtual worlds should watch these cases very closely.