The painful issue of cyberbullying has recently taken center stage in the ongoing debate about online child safety. Last week I wrote about Lori Drew's acquittal on charges related to Megan Meier's tragic suicide, suggesting that the judge in the case was right to overturn her conviction on a very expansive reading of the federal anti-hacking statute. While I think that decision was necessary on legal grounds, it's sure to add "fuel to the fire" of calls for "action" in Congress. Thus, I emphasized that observers of the case need to separate their understandable outrage from the from the questions of (1) whether that statute was properly applied and (2) how the law should treat such cases in the future.

On the second question, Adam and I recently released a major entitled, "Cyberbullying Legislation: Why Education is Preferable to Regulation." We distinguish among:

1. Cyberbullying: kid-on-kid abuse online
2. Cyberharassment generally: people of all ages using the Internet to harass each other
3. Adult-on-kid cyberharassment: For example, Lori Drew's alleged (but still unclear) role in the Megan Meier case

In a nutshell, we argue that education is the better approach to cyberbullying (Problem #1)--an approach taken by a bill introduced in the Senate by Sen. Robert Menendez (D-NJ) and in the House by Rep. Debbie Wasserman Schultz (D-FL) . We go on to argue that, while it would be difficult to create criminal sanctions for cyberharassment generally (Problem #2) without infringing free speech and due process rights, it might be possible to craft laws narrowly tailored to cyberharassment of kids by adults (Problem #3).

By contrast, Rep. Linda Sánchez has proposed the "Megan Meier Cyberbullying Prevention Act, which by its title purports to deal with that problem (#3) but would actually create a sweeping Federal felony for all cyberharassment (#2). We noted the potential Commerce Clause problems with states trying to regulate Internet speech, and emphasized education as a superior approach at both the federal and state level that avoids constitutional problems, but suggested that, if Congress does ultimately conclude a criminal law is needed for Problem #3, it would well to do look to how the states craft cyberharassment laws before creating any federal penalty.

Just about the time we finished our paper, Tennessee enacted a new law (PDF) that makes it a misdemeanor (up to 1 year in prison and a $2,500 fine) for making threats made online (cyberstalking) as well as certain instances of cyberharassment, defined as communications:

1. Made with "the malicious intent to frighten, intimidate or cause emotional distress";
2. Made in a "manner the defendant knows, or reasonably should know, would frighten, intimidate or cause emotional distress to a similarly situated person of reasonable sensibilities; and
3. That actually result in making that person "frightened, intimidated or emotionally distressed."

Prong #1 is essentially the same as the Sánchez bill (with the addition of the word "malicious"), while Prongs #2 and 3 somewhat increase the evidentiary burden faced by any prosecution under the law. So the bill suffers from many of the same problems that the Sánchez bill suffers from, which we discuss in our paper--most importantly, the bill would chill protected online speech because it is unclear when it would apply, and some online speakers would fear prosecution under the bill.

But what's really disappointing here is that the original Tennessee bill at least recognized the critical importance of drawing distinctions by age. It would have applied to specifically to harassing communications "with another person who is, or purports to be, less than 18 years of age" or to communications that cause "another person to be frightened, intimidated, or emotionally distressed, provided that the person's response is one of a person of average sensibilities considering the age of the person." While neither approach is quite what we recommend in our paper--if we're going to criminalize anything, it should be adult-on-kid harassment--the original legislation was certainly better to what finally passed, which would likely fail to pass constitutional muster.

In a related context, Adam and I recently released another major paper detailing the serious consequences for online free speech of well-intentioned efforts to expand COPPA's privacy protections for kids under 13 to cover all adolescents. There as here, while children under a certain age might be uniquely vulnerable and therefore require special protection (such as special penalties for cyberharassment by adults), we can't treat everyone like small children without severely compromising freedom of expression online and the future vitality of the Internet itself. Again, this is why education is generally a better approach than criminalization.