Relying upon a statute which has been amended twice since 1978, it is a crime in Florida to access someone else’s social media account without their authorization.  This likely happens dozens of times a day in this state, likely as a joke or a prank, which have or could lead to criminal charges.  Some of the more pernicious circumstances (e.g., cyberstalking and/or revenge porn) have arisen to the appellate level.

There is a handful of cases, including the December 2017 case of Joel Alan Umhoefer v. State of Florida,  which reveal that Florida’s Computer Crime Act needs updating and that, as currently written and interpreted, a person’s ability to defend against charges lies in their counsel’s detailed knowledge of the social media discovery and admissibility of internet content.

According to the Second District’s opinion, Umhoefer (born in 1982) developed an online relationship with a then-14 year old girl in 2012.  This relationship was sustained to some extent for two years, during which time Umhoefer sent stuffed animals and a laptop to the child.  In August 2014, an injunction against dating violence was issued when he became jealous of the (then-16 year old) girl’s same-age boyfriend.  Two months later, Umhoefer accessed the girl’s Facebook account, found sexually-explicit communications between the girl and her boyfriend, and Umhoefer sent those to the girl’s mother.  During trial for unauthorized access of a computer network or electronic device, the girl testified that she set up the subject Facebook account in June 2014 and never gave out the password.  A forensic computer expert testified that the defendant used Pass Finder to bypass password protections (evidence that his access was unauthorized) and further explained that the messages Umhoefer accessed “are not stored locally but on Facebook’s server farm, which is a network of computers that provide service and content access.”

Florida Statute 815.06(2)(a) sets out that “a person commits an offense against users [of a device or network] if he or she willfully, knowingly, and without authorization… accesses or causes to be accessed any computer, computer system, network, or electronic device with knowledge that such access is unauthorized.”  The clunky definition of “computer network” is here.

Once the State had sufficient evidence that Umhoefer’s use of Pass Finder led him to obtain the girl’s password without authorization, you might think that the case was closed.  Likewise, once the State’s expert explained that Umhoefer used the illegally-obtained password to access the girl’s Facebook account on the internet, you might think that too would seal a violation of the statute.

But a curious, prior case in 2015 held to the contrary when the First District opined, in Mario Crapps v. Florida, that proof a defendant “accessed one of the listed tangible devices” is not the same as “the defendant access[ing] a program or information on the device without authorization.”  The reasoning, on a technical level, is not explored in the opinion — and perhaps with good reason since it is self-evident that accessing an account on the internet means accessing a network.  The Crapps court reversed because the State failed to present evidence: “Nothing in the record establishes or explains how accessing an Instagram account works from a technological perspective, leaving unanswered whether or how Appellant’s actions amounted to accessing a specific computer, computer system, or computer network.”  Of note, Crapps appears to be the first published opinion in Florida about Instagram.

Back in the Umhoefer case, the Court was not impressed with the “Crapps” argument, pointing out that the Crapps case hinged upon the state attorney’s failure to present evidence and was not clear precedent interpreting the Computer Crimes Act.  The State did not make the same mistake in Umhoefer’s case.

What’s the bottom line?

Whether it be a prank or an intentional crime, accessing another person’s email or social media account can be charged as a crime under Florida’s statute.  It can further lead to a civil suit and monetary liability.  As the Court noted in Crapps, there is also the relatively new “revenge porn” or “sexual cyberharassment” statute, F.S. 784.049 which is also available.

The defense of these cases turns largely on admissions by the defendant before obtaining a lawyer; the State’s method of collecting evidence; knowledge of social media and computer forensics; and adroit use of Florida Rules of Evidence as it relates to emerging technologies such as social media and internet / networking issues.  Moreover, a lawyer needs to understand the history and the potential gaps in Florida’s aged statute.  If you, your children, family members, or employees are charged with (or are looking to pursue) a Computer Crimes Act or Revenge Porn case in Florida, question your prospective counsel on his or her knowledge of these statues, cases, evidence rules, and technical knowledge.