CCR Symposium: What is To Be Done?
posted by Michael Froomkin
(Some of what follows probably repeats, perhaps with different emphasis, comments by David Fagundes and James Grimmelmann, Paul Ohm, and others.) I suspect that in the main existing civil and criminal law (perhaps including civil rights law) provides about the right level of civil and criminal liability for people who post vile things about others online. That belief is shaped by two more fundamental convictions:
A. It’s important not to over-deter speech as it is to deter libel and other tortious or possibly illegal speech, and the costs of getting this wrong can be very high.
B. The rules governing online conduct in general ought to be the same as those regulating the same activity offline whenever possible – and in the case of speech in particular, that (in the absence of the scarcity rationale underpinning some broadcast regulation) the First Amendment should not distinguish between technologies, be it a printing press or a network.
On the other hand, I also think anyone who asserts this – and thus asserts that the recommendations in Cyber Civil-Rights ought to give us pause – should face the strongest case for the other side, which I take to rest primarily on three complementary assertions:
1. The Internet (today) really is different, because (a) it empowers anyone, including random crazies far away, to reach out and do greater harm to a larger number of (likely disparately impacted) people and (b) given the diffusion, permanence, searchability and possible prominence of false statements, the Internet allows those statements to cause greater and more lasting harm that most or all other media.
2. Internet architecture, and especially anonymous access, makes enforcement of existing rules more difficult than in analogous non-Internet cases because it’s so hard to catch people.
3. Some people experience the ability to write about others from a distance as disinhibiting – so much so that the existence of the opportunity to spew on the Internet can be said to promote false and malicious acts.
Those of us who argue that enabling a Draconian regime of monitoring (and, I’d argue, ultimately profiling) on all users of new communications technology is worse than the evils it is being invoked to prevent would do well to ask what we can offer those genuinely being victimized. Sure, we can say that the best cure for bad speech is more speech, but in a world in which ‘a lie will go round the world while truth is pulling its boots on’ is there really anything that private initiatives can do which is likely to have any meaningful effect?
One response is that all of us have relevant (moral) responsibilities: to speak the truth, to point out lies, to shun the liars, and to encourage others to do the same. This is not a complete answer, but nor is it trivial. The law students exposed as associated with Autoadmit have suffered real and deserved harm to their professional prospects. Not only is this retributive, but it is an object lesson for others. Detection and enforcement need not be perfect to deter. Private shunning reinforces norms as well as punishing.
Another part of the puzzle is that we need new (private) institutions. The Internet has a surprisingly good rumor-control mechanism: if I read something that sounds a bit off, I check it out on Snopes.com. And when people send me stuff I know is false, Snopes is a great authority to point them to. Perhaps what we need is an analogue to Snopes for people, a genuine reputation defender service? Admittedly, getting the straight story will be harder in the case of private disputes and allegations than figuring out whether or not the government is offering seven-year Tax Holidays for Immigrants or Barack Obama is a natural-born citizen, but perhaps something based on the PGP reputation web of trust might work, in which people would build up good reputations for truth-telling (or users coming to the site would identify who they trusted), and have their opinions weighted more as a result. It would also make a great laboratory for studies of transitive trust, a bedeviling subject.)
It’s good to front-burner genuine problems that need creative solutions, and that’s certainly a great virtue of Cyber Civil Rights and of this event. But I still don’t think eviscerating anonymous speech – an important safety valve for political (and sometimes social) freedom – is the answer.
April 16, 2009 at 2:53 pm
Posted in: Cyber Civil Rights
Print This Post
Responses (6)
Seth Finkelstein - April 16, 2009 at 3:42 pm
“It’s good to front-burner genuine problems that need creative solutions, and that’s certainly a great virtue of Cyber Civil Rights and of this event
At the risk of sounding like “Monty Python’s Argument Clinic” sketch …
No. It is a very bad and naive paper, a mismash of issues stirred together in an sexually charged inflammatory way that will do little good. It shouldn’t be justified with the chestnut of (my gloss) saying outrageous and flame-baiting things because-it-generates-discussion.
Could the organizers really not find anything better? This “symposium” reads like a giant link-bait scheme.
(”We’ll get both liberals _and_ conservatives to give us attention! Nothing gets the conservatives heated up like a type of feminism, and nothing gets a certain brand of feminist incensed like nasty right-wingers!”)
Marc J. Randazza - April 16, 2009 at 3:45 pm
I agree that *something* should be done about incivility on the internet as well as downright illegal content on the internet such as true threats and defamation, when done from behind a mask of anonymity.
You have already written, wonderfully, about how the right to anonymous speech is too precious to flush down the toilet. So how do we handle this? Well, the first thing we do NOT do is take the easy and lazy way out — asking the government to jump in and change the rules so that a few offended parties have the heckler’s veto over the entire architecture of online discussion.
Proposal for unmasking the anonymous — the “Bounty Model”
Consider the story of the “Patent Troll Tracker” blog.
http://randazza.wordpress.com/2008/01/28/bring-me-the-head-of-troll-tracker/
In that case, Raymond Niro, an Illinois lawyer who was criticized by the Patent Troll Tracker offered a $10,000 bounty to anyone who could provide him with the PTT’s identity.
And it worked.
I believe that you have a First Amendment right to speak anonymously. I’ve seen any number of unethical abuses of the legal system – engineered to reveal the identity of an anonymous speaker. I’ve seen even more that were plain stupid.
Mr. Niro didn’t send a bogus DMCA notice. He didn’t file a specious copyright claim in order to pull a garden variety defamation suit into federal court. He didn’t try and overcome Section 230. He probably calculated the amount of money and time such an effort would take and simply privatized the investigation.
Of course this anecdote doesn’t make for a perfect rule.
1) The PTT seemed to be offering legitimate criticism and probably had every right to remain anonymous. Accordingly, this “bounty model,” seems to have been used to stifle legitimate criticism. Nevertheless, as we have seen with the DMCA notice and takedown procedure and the raft of frivolous defamation suits that float down the river every day, all methods are open to abuse. The “bounty model” exists with or without government intervention, therefore we just may have to live with the fact that it *can* be abused.
2) Mr. Niro was in a bit of a privileged position: He had $10,000 to spend on such an effort. However, your garden variety victim of a cyber mob very well might not have that kind of money lying around. But, lets refer back to your poetic and accurate description of the anonymous attacker. I would venture to guess that the marketplace would place a lower value on the head of “lonelyvirgin” (of AutoAdmit infamy) than it placed on the head of PTT.
But, there are other reasons that the market could be harnessed to expose those who deserve to be exposed and unmasked.
Any legal remedies that might be available under a scaled-back Section 230 would still cost something. Plaintiff’s side personal injury and medical malpractice lawyers routinely lay out huge costs pre-suit. So, if a plaintiff’s lawyer were called in to go after an anonymous attacker, the cost of the “outing bounty” would be figured in to the calculus of whether the claim would be worth taking on contingency or on a fee-basis. If a claim was of questionable validity, less lawyers would be willing to put up the bounty, or they would be willing to put up less of a bounty. If the victim was truly feeling economic harm, placing at least some of the burden on the victim (at least initially) would be far more preferable to placing an anchor on the neck of the entire internet in order to root out a few bad actors.
3) What if nobody knows the identity of the attacker? This is a problem. If you put up $1 million, it doesn’t help much if nobody knows who the person is. However, it is very rare that you’ll find someone who doesn’t screw up. The traditional “detective work” that goes into tracking down an anonymous speaker usually unmasks the person. Lets say that there is a 40% exposure rate (I’m pulling that number out of my ass, so someone please correct me with more accurate data, if there is any) just on a technological front, now lets add the percentage of those who get exposed by people who want the bounty…. I think we can get to a reasonable exposure level this way.
The fact is, if we repeal Section 230 altogether and require “digital fingerprints” on every communication, it will still be very easy to circumvent any legal regime. Proxy servers, assistants in other countries, unlocked wireless networks, and any number of black-hat-hacker tricks can make it seem like an innocent party wrote an attack. There will always be a way… but capitalizing on the strength of the market to out a poster will not be as susceptible to technological sleight of hand.
4) What if the “outer” lies and names an innocent person? Easy. Before they get the bounty, they swear under penalty of perjury (and perhaps under some kind of liquidated damages provision) that they aren’t lying. They don’t get the coin until the legal process confirms the identity of the attacker.
5) But what if a lawyer wont put up the money and the victim is poor? Then I would guess that the case has no value and it shouldn’t be brought in the first place. However, I recognize that there very well may be cases that “fall through the cracks.” Then, the “victim” could (and should) solicit law professors and others who might be now calling for an end to Section 230. I’m not trying to be glib about this — but if someone is prepared to throw the brakes on the American internet industry all in the name of accountability, wouldn’t they toss in $100 of their own money for someone who was a “victim of a vicious attack?” You would (I would). However, we would certainly vet the claim to make sure that the person wasn’t being hypersensitive or merely trying to silence a critic. Passing the hat is a viable alternative.
The bounty model works. It is proven. The bounty model also does nothing to stifle the marketplace of ideas. The bounty model does not require that we invent new torts, nor does it require us to use divisive rhetoric. The bounty model already has built in checks and balances. While it is susceptible to abuse, it is no more susceptible to abuse than any other proposed scheme, and I would say that market forces make it less so.
Policing Civility: Lead by example
One should regulate one’s own conduct to try and be as civil as possible. And, when you don’t like someone’s level of civility, of *course* you should exercise your own First Amendment rights to call them on it.
Those of us who might think that the internet breeds too much anonymous incivility can influence the tide. For example, if you (as a respected law professor) posted somewhere, that would grant the forum greater credibility. I am not as well respected as you are, but I decided to take a spin over at a law student forum where the level of civility was lacking. I posted under my real name, exciting the minions, and then I began acting like a camp counselor. I didn’t need to do it for long.
Sure, some speakers just told me to go fuck myself. But others, after a gentle and friendly scolding, would post “you’re right, I should be more civil,” or “you’re right, I can see how what I said was wrong.” I accomplished far more by showing some leadership and setting an example than I ever could have with a lawsuit. Eventually I didn’t need to do it at all.
I won’t ever get a publication out of it. Nobody will break their arm patting me on the back for recycling tired old Dworkin theories, but I think that I did a little good there… and proved that right speech and right actions will inspire others and disproved the theory that trying to use influence would be seen as a free speech violation.
Conclusion
There are far better ways to deal with incivility and anonymity on the internet than new laws and less liberty. I wish that those who called for both of those things would try the “hard way” first.
Michael Froomkin - April 16, 2009 at 3:57 pm
I personally find the bounty model unattractive: it taxes the victim. It privileges the wealthy. We should do better.
Marc J. Randazza - April 16, 2009 at 4:24 pm
Your critiques of the model are 100% accurate. Unfortunately, that is how the legal system works for all other kinds of harm.
A defamation victim still needs to pay for a lawyer. The wealthy still can afford more representation, and are thus prone to bring SLAPP suits.
Perhaps we should do better. Perhaps there is a better way. Well, in fact there is a better way for the victim — repealing section 230, burdening online service providers with record keeping obligations, or making online service providers liable unless they adhere to a DMCA style notice and takedown procedure. All of those, I think, will too heavily burden free speech.
At the other end of the spectrum, we can just tell victims to “suck it up” and “grow a thicker skin.” I don’t like that either, for obvious reasons. (At least if the speech is a true threat or a true defamation or true harassment).
I feel like the bounty model is somewhere in the middle, and the fact that it skews away from the poor and toward the wealthy is its greatest weakness. If you want to join me in the revolution, I say lets get rid of capitalism all together and socialize legal services as well as medicine. But, until that happens, we work within the framework we have.
Jay Levitt - April 19, 2009 at 2:20 pm
I don’t think the Snopes model will work. Snopes works because there is (a) expertise, and (b) no incentive to game it. That doesn’t exist in the world of personal reputation.
Barbara and David Mikkelson are the archetypal obsessive Internet collectors; they’ve been authorities on urban legends since I discovered USENET in 1995. If there’s an urban legend they don’t know, it’s not very legendary. (Conversely, the world of urban legends is small enough for a husband-and-wife team to know them all.)
And, for the most part, nobody profits off a UL. There’s nobody interested in paying off the Mikkelsons to falsely debunk a true urban legend about Mikey and Pop Rocks.
Reputation’s much harder. Who is, or could be, an expert on… everyone? By definition, reputation quickly reaches a scale that requires automation – and its inherent lack of personal recognition.
And there’s certainly an incentive for gaming the system. We don’t have to speculate; that’s what identity theft IS. You’ve built up a reputation – credit, hiring, or otherwise – and someone steals it so they can use your reputation as currency.
It’s not a problem that PGP solves. It’s not a technical problem at all. It’s life.
Danielle Citron - April 27, 2009 at 12:37 pm
I want to respond to the erroneous and reputation harming suggestion that I have misrepresented the University of Maryland study (and the broader issue as to the gendered nature of online harassment) and an AutoAdmit comment.
First, cyber harassment is indeed a gendered phenomenon. The non-profit organization Working to Halt Online Abuse (WHOA) has compiled statistics about individuals harassed online. In 2007, 61 percent of the individuals reporting online abuse were female while 21 percent were male. Similarly, in 2006, 70 percent of its online harassment complainants identified themselves as women. Overall, from 2000 to 2007, 72.5 percent of the 2,285 individuals reporting cyber harassment were female and 22 percent were male. Half of the victims were between the ages of 18 and 40 and reportedly had no relationship with their attackers. Similarly, the Stalking Resource Center, a branch of the National Center for Victims of Crimes, reports that approximately 60 percent of online harassment cases involve male attackers and female targets.
Academic research supports this statistical evidence. The University of Maryland’s Electrical and Computer Department recently studied the threat of attacks associated with the chat medium IRC. Researchers found that users with female names received on average 100 “malicious private messages,” which the study explicitly defined as “sexually explicit or threatening language,” whereas users with male names received only 3.7. Indeed, contrary to what has been misstated, the study explicitly explained that the “experiment show[ed] that the user gender has a significant impact on one component of the attack thread (i.e., the number of malicious private messages received for which the female bots received more than 25 times more private messages than the male bots)” and “no significant impact on the other kinds of attacks, such as attempts to send files to users and links sent to users.” The study explained that attacks came from human chat-users who selected their targets, not automated scripts programmed to send attacks to everyone on the channel, and that “male human users specifically targeted female users.”
I am extensively quoting the study to make clear that my analysis is not my interpretation of the study but instead that of its authors.
Second, however one line of my BU article may be construed by others (i.e., the comment he deserves a Congressional medal), my editors, myself, Nathaniel Gleicher and others have read it as I have. But no matter, the work does not include lies (the suggestion that I am deceiving others is indeed defamatory as is the suggestion that the explanation of the Maryland study is) but instead includes exact quotes of the countless postings on AutoAdmit. And the various stories of the attacks on women are exact quotes as well and cannot be disputed.
I hesistated speaking to this issue as I fear cyber harassment, which I have clearly experienced personally and indeed as Dave notes in a prior comment on Prawfs has included menacing physical harm.
Danielle Citron
Leave a Reply