December 04, 2012, 10:58 AM — Last week I reported that Facebook’s fake-a-palooza had taken a strong turn toward the absurd. Today I’m here to tell you it actually gets worse.
I told the story of Jennifer X., who found herself unable to report someone masquerading as her husband on Facebook, due to the social network’s crazy Catch-22 rules about reporting fakes.
Despite personal assurances to Jennifer from Facebook employees that the imposter was now gone, his account is very much alive as I write this, if not exactly brimming with activity.
How could this be? I decided to check my own imposter account, which I created last week to verify Jennifer’s claims and then reported as fake to Facebook. When I tried to log on, I saw the following screen asking me to verify my identity:
The verification process asked me to provide a phone number (or submit a government approved ID). I opted for the former and gave it one of my VoIP numbers. A Facebook bot then called and recited a four number PIN, which I had to enter before Facebook would allow me to log in.
But there was one more screen I had to click through before I got access:
Yes, that’s right. Facebook was requiring me to “declare, under penalty of perjury, that I am the person represented in this account.”
How, I wondered, had I managed to go from sitting at my keyboard alone in my office to standing in a courtroom with my right hand on a Bible?
I asked a couple of my favorite cyberlawyers whether I had just committed a crime. It turns out that you don’t need to swear in front of a witness to commit perjury. (You sign a similar agreement every time you file your taxes.) Proving perjury does, however, require more evidence than a mouse click.
“I don’t think clicking a box on its own can make you liable for perjury,” says Jonathan Ezor, Director of the Touro Law Center Institute for Business, Law and Technology in Islip, New York. “There’s no way to identify the human being who did it. They could record your IP address and subpoena your ISP to find out who was using that address at the time, but they best they can come up with is the name of the account holder. They can’t prove who clicked the box.”