Forget the over-hyped bogeymen net neutrality and the ever-more-omniscient Googleplex. The real threat to Internet freedom comes from plain old criminal law.

In three weeks time, Missouri housewife Lori Drew will face trial for entering false personal details when she signed up for a MySpace account. Her indictment alone, whether or not she is convicted, should frighten anyone who’s ever filled out a form online.

The case, which captured the tabloid media when it broke last year, turns on unusual facts. Drew, posting as a teenage boy, created the MySpace account to probe why a neighbor’s daughter, Megan Meier, had broken off a friendship with her own daughter. She gave a few others access to the account, and things quickly spiraled out of control. Before long, “Josh Evans” (the fictional teen) and Meier were an online couple, and soon after that, they were hurling insults at one another on public message boards.

Meier, already suffering from depression, was devastated by Josh’s turnabout. A final private message from the Evans account–“The world would be a better place without you”–pushed her over the edge. Twenty minutes after receiving it, Meier hung herself in her closet.

Even though she was not responsible for the worst of the messages (according to a prosecutor who investigated the case but declined to file charged), Lori Drew’s mislead an emotionally troubled youth, and that was surely wrong.

But it’s more problematic to say that it’s a crime.

The theory of the prosecutor behind this case would make all Internet users criminals. It goes like this: Drew lied when she created the “Josh Evans” account. That was a violation of MySpace’s terms of service (those slabs of legalese that nobody reads before checking the box on a sign-up form). And by violating those terms, she accessed MySpace without authorization. “Unauthorized access” is a felony under a federal statute, the Computer Fraud and Abuse Act of 1986. The statute was meant to target hacking, but its loose language leaves the door open for a much broader reading.

(And as I discuss in a National Review Online column today, that’s the same law that could be used to prosecute the person who hacked into Gov. Sarah Palin’s email account.)

To put it succinctly: Violate any website’s terms of service, and you could face five years’ jailtime. Include a conspiracy charge (Drew faces several), and the maximum sentence doubles.

As the Electronic Frontier Foundation spells out in a brief in the case, that formula spells an end to online anonymity. Using a fake name or making up any detail when creating an email account or anything else could be grounds for prosecution.

Even innocent exaggeration could be targeted. Adding an inch or two to your height is a violation of the terms of service on Match.com and most dating sites.

But that’s not the scariest part. This threat isn’t just about one law, twisted into absurd form by an aggressive prosecutor, but thousands of them. After decades of fast growth, there are at least 4,450 separate criminal offenses in federal laws, and perhaps tens of thousands more in regulations. And then there’s state law: Each state, to begin with, has its own copy of the federal anti-hacking statute Lori Drew is accused of violating.

I discuss this issue, in the context of the Drew case, at some length in a recent paper. The problem, in brief, is this: Public pressure has led legislators to criminalize so much behavior in vague and broad statutes that probably all Americans are criminals under some dumb law. When there’s a tragedy–like the death of Megan Meier–prosecutions will follow, whether or not anyone had reason to believe that what went on was actually against the law.

Fixing this one statute won’t solve the problem.

Right now, the only thing that safeguards our online freedoms–anonymity, free speech, the right to access speech, and so on–is prosecutorial discretion that could be revoked for any one of us at any time for any reason. This isn’t a hypothetical–it’s happening today.