• by Erik Sass , Staff Writer, September 9, 2010

The last year has seen growing concern about online fraud, as well as a new crop of state laws to combat it. One high-profile example is California Senate Bill 1411, which will levy additional civil and criminal penalties on anyone found guilty of "e-personation," that is, impersonating someone else online with malicious intent. The proposed California rule, which just needs the gubernator's signature to become law, has obvious potential to impact social media and social networks (especially if other states pass similar legislation). But it also raises questions about the interpretation and meaning of some of the practices it seeks to prohibit.

The final version of the law approved by California's legislature would make it a misdemeanor to "knowingly and without consent credibly impersonate... another actual person through or on an Internet Web site or by other electronic means, as specified, for purposes of harming, intimidating, threatening, or defrauding another person," decreeing fines up to $1,000 and a year in jail for violators. It would also allow the victim to bring a civil action against the impersonator under the terms of the statute. According to the law, "'electronic means' shall include

opening an e-mail account or an account or profile on a social networking Internet Web site in another person's name."

On the whole this seems like a sensible piece of legislation -- "e-personation" is a novel form of identity theft, which may require new safeguards and penalties in addition to those provided by the existing laws. But there are some ambiguous areas and controversial points which could make the law pretty difficult to enforce.

One issue which has already received a good deal of attention is the potential for conflict with the First Amendment. Does this law apply to online satirists and pranksters who create bogus online personas for public figures and celebrities on social networks like Facebook or Twitter? Similarly, Bloomberg Businessweek noted that some activist groups employ impersonation to raise awareness and bring critical public opinion to bear against public figures and organizations. BB also noted the difficulty of enforcing a California law against Internet users living in other states or outside the U.S. altogether.

I have some questions of my own, focusing on the standards and definitions set forth in the new law. First, what does it mean to "credibly impersonate" someone else? The law specifies that "an impersonation is credible if another person would reasonably believe, or did reasonably believe, that the defendant was or is the person who was impersonated." This defers the issue to the judgment of the famous "reasonable person," even though it is a subjective matter about which there may be a range of reasonable opinions -- potentially opening up a whole gamut of innocent activities to prosecution. For example, what if someone posts an online video in which they impersonate a local figure -- say, the town mayor -- with comical intent, but then a "reasonable" viewer unwittingly mistakes the impersonation for the real thing?

Then there's the condition stating that the impersonation must be carried out with the intent of "harming, intimidating, threatening, or defrauding" another person. Weird as it may sound, what if someone impersonates another individual without the intent to do any of these things -- for example, creating an online persona via Twitter and Facebook, then filling it with humdrum daily activities, statements, and biographical details which just happen to, you know, credibly impersonate someone else? Would this sort of weirdness (which seems like something some performance artist will do, or probably has already done) be prohibited by the law? I guess it would, if the definition of "harm" is broad enough to include the psychological harm resulting from being creeped out.