In a previous post, we asked whether Mark Zuckerberg breached any legal duties or violated any laws when he created Facemash? One theory of legal liability might be the tort of invasion of privacy, since Zuckerberg downloaded and then re-posted pictures of Harvard students without their consent. But Zuckerberg only downloaded student I.D. photos. Does one have a reasonable expectation of privacy to one’s I.D. photo? Another possible theory of liability (both civil and criminal) is copyright infringement. But who owns the legal rights to those I.D. photos, the students or the university? Yet another theory of liability might be based on the federal Computer Fraud and Abuse Act, which prohibits unauthorized uses of protected computers. (The arrest and prosecution of Internet activist Aaron Swartz, for example, were based in large part on this law.) But does it matter that Facemash was just a prank and not a commercial website? Do you think a jury would find a college sophomore guilty of violating federal law in this case?