A Los Angeles jury convicted Lori Drew of three misdemeanors for her role in the events leading up to the death of Megan Meier. . It did not convict her of accessing a computer without authorization to inflict emotional distress, a felony, or of conspiracy. Drew could receive up to one year in prison and a $100,000 fine on each conviction of accessing a computer with authorization. The prosecution’s theory was that Drew, along with her 13-year old daughter and another young woman, violated the MySpace Terms of Service by creating a false identity, Josh Evans, to harass Meier, and that creating the fraudulent identity breached the Computer Fraud and Abuse Act. It’s a novel and troubling theory because the CFAA is typically used to prosecute those who hack security to gain access to a computer. Conflating use of a false identity or other violation of a web site’s terms of service with criminal conduct under the CFAA creates a powerful tool to use against behavior that most Internet users would not consider criminal.