Some experts are skeptical, asking how these sites will guarantee patient privacy.  One [...]]]> Patients of rare diseases find that drug companies have little interest in devoting limited R&D budgets to diseases of small populations.  As a result, patients have begun to strike out on their own in the search of cures.  As The New York Times explains, patients increasingly share their medical information (including details about their everday experiences living with a disease) online in the hopes that other similarly-situated patients will do the same.  This would permit interested academic researchers to mine the data for observations about their diseases.  Patients see online communities as offering new ways to transform medical research–especially into rare diseases that elude the current model of large-scale studies of widespread conditions.

Some experts are skeptical, asking how these sites will guarantee patient privacy.  One imagines that these sites will respond to privacy concerns by employing anonymization practices.  For instance, sites might delete personal identifiers like names and social security numbers and remove other potential identifiers, such as names of next of kin or student ID numbers.  This ostensibly permits researchers to use the amassed data without concomitant privacy risks.  But, as Paul Ohm’s important and engrossing new paper Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization argues, technology renders this privacy-protection option obsolete.  Computing advances now permit clever adversaries to reidentify or deanonymize the people hidden in anonymized databases.  This means that datasets that were meant to be kept apart are easily rejoined, allowing sensitive secrets to be  revealed.

Patients may of course be willing to take that risk if their particpation in open-source research leads to cures of rare diseases.  Yet patients also jeopardize their offsprings’ privacy: if medical information can be reidentified with ease and linked with other datasets, a patient’s children may get caught up in that web of re-identification.  This may lead to genetic discrimination in the grown-up child’s life.  Grown-up children may be willing to bear that risk–it is, however, worth considering this possibility when assessing privacy concerns related to such open-source research efforts.

“This is the new JuicyCampus,” says a note at Campus Gossip, which boasts campus-specific message boards for hundreds of colleges and encourages anonymous and racy barbs such as “These Fellas got herpes,” with a list of names attached. Going even further than its predecessor, there’s also a photo section where students can post embarrassing pictures and videos of others.

The site is planning a back-to-school marketing push, including a happy hour near Arizona State University where a rap artist named Sabotage will perform a song about the pleasures of campus gossip.

Another site, CollegeACB (the letters stand for Anonymous Confession Board), [...]]]> A while ago, the notorious college gossip website, Juicy Campus, bit the dust.  But according to an article by Jeffrey Young in the Chronicle of Higher Education:

“This is the new JuicyCampus,” says a note at Campus Gossip, which boasts campus-specific message boards for hundreds of colleges and encourages anonymous and racy barbs such as “These Fellas got herpes,” with a list of names attached. Going even further than its predecessor, there’s also a photo section where students can post embarrassing pictures and videos of others.

The site is planning a back-to-school marketing push, including a happy hour near Arizona State University where a rap artist named Sabotage will perform a song about the pleasures of campus gossip.

Another site, CollegeACB (the letters stand for Anonymous Confession Board), paid the defunct JuicyCampus $10,000 to redirect visitors from its Web address to CollegeACB.

For those who want a first-hand look at these sites, the Campus Gossip site is here and the CollegeACB site is here.  I’m quoted in the article, as is co-blogger Danielle Citron:

Internet shaming creates an indelible blemish on a person’s identity,” wrote Daniel J. Solove, a professor of law at George Washington University, in his 2007 book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press). “It’s similar to being forced to wear a digital scarlet letter or being branded or tattooed. People acquire permanent digital baggage. They are unable to escape their past, which is forever etched into Google’s memory.” . . . .

“I don’t see why it has to be that way,” the law professor told me in a recent interview. “Just like when you drive, it’s not a free-for-all,” he added, equating the current laws governing online forums to a road without traffic lights or stop signs. “It’s like if we looked at the roads and said, There’s just nothing to be done—let’s just abolish all rules of the road.” . . . .

Danielle Citron, a law professor at the University of Maryland at Baltimore, said she hoped that stamping out harassment on campus-gossip Web sites would be considered a matter of civil rights.

She makes the case in an article published in the Michigan Law Review this year called “Law’s Expressive Value in Combating Cyber Gender Harassment.” In it, she argues that law-enforcement officials fail to take seriously complaints about online anonymous comments, and that using “civil-rights remedies” may be the most effective way to pursue such acts.

“Women should not have to wait until cyberharassment fulminates into physical violence for law enforcement to address it,” she wrote. “A civil-rights agenda … would demonstrate that the Internet is not the lawless Wild West, just as court settlements and state legislation made clear that the home does not insulate abusing husbands from societal intervention.”

In an opinion released on August 28, Judge George Wu struck down, on unconstitutional vagueness grounds, the prosecution’s attempt to enforce violations of website terms of service as crimes under the Computer Fraud and Abuse Act (CFAA):

[I]f any conscious breach of a website’s terms of service is held to be sufficient by itself to constitute intentionally accessing a computer without authorization or in excess of authorization, the result will be that section 1030(a)(2)(C) becomes a law “that affords too much discretion to the police and too little notice to citizens who wish to use [...]]]> The Lori Drew case has finally been decided.  Background about the case is here.  In previous posts (here and here), I argued that the CFAA should be held to be unconstitutionally vague.

In an opinion released on August 28, Judge George Wu struck down, on unconstitutional vagueness grounds, the prosecution’s attempt to enforce violations of website terms of service as crimes under the Computer Fraud and Abuse Act (CFAA):

[I]f any conscious breach of a website’s terms of service is held to be sufficient by itself to constitute intentionally accessing a computer without authorization or in excess of authorization, the result will be that section 1030(a)(2)(C) becomes a law “that affords too much discretion to the police and too little notice to citizens who wish to use the [Internet].” City of Chicago [v. Morales], 527 U.S. [41] at 64 [(1999)].

Congratulations to Orin Kerr, who assisted in the defense, and who is cited numerous times throughout the court’s opinion.

Some have asked whether this case warrants treatment as a cyber civil rights issue since it “is just a girl cat fight.”  To be sure, women can deprive other women of their right to be free of unequal treatment on the basis of their gender.  But the larger concern is, for me, convincing skeptics to see the blog attacks on Ms. [...]]]> Dan, Kaimi, and Elizabeth have offered some terrific insights on the issues raised by the court’s unmasking of the “Skanks of NYC” blogger.  Kaimi’s post “Cyber Civil Rights vs Privacy in the ‘Skanks in NYC’ case” in particular did a superb job capturing the issue as discrimination.  I write here to follow up on issues related to the case that folks have discussed with me.

Some have asked whether this case warrants treatment as a cyber civil rights issue since it “is just a girl cat fight.”  To be sure, women can deprive other women of their right to be free of unequal treatment on the basis of their gender.  But the larger concern is, for me, convincing skeptics to see the blog attacks on Ms. Cohen as more than just an interpersonal disagreement between two women, something that tort law can handily address on its own, but rather as gender discrimination.  Tort law would not reach the harm experienced by Ms. Cohen, women, and society due to the blog’s interference with her right to equal treatment.  It would not address the stigma that Ms. Cohen experienced a a result of the blog’s message that she had worth only as a sex object.  Much like sexual harassment in the workplace, the blog suggested that Ms. Cohen constitutes an object of sexual derision, not a person worthy of respect.  Moreover, they interfered with Ms. Cohen’s right to work as an equal.  According to Ms. Cohen, potential employers asked her about the blog, which quite possibly deterred them and others from hiring her.  In a world filled with aspiring models, employers might chose to work with someone who comes with less baggage, even if they do not believe the postings a wit.  And the blog postings harm women as a group and a society as a whole by entrenching gender hierarchy in cyberspace.  Whether current law would support such a claim is certainly in dispute, but such a law could be crafted.  Such a law would play an important expressive role–it would change the social meaning of such harassment of women.

Indeed, as privacy scholar Ian Kerr suggested, maybe the media’s attention to the case can be attributed to its leering interest in a “battle” between two beautiful women?  Maybe coverage of the issue reflects a deeper misogyny: the story has attracted so much attention because it produces an image of women as female wrestlers of sorts, battling it out in their bikinis?

A commentator on Dan’s posting asked whether labeling Ms. Cohen “a liar, ho, and skank” could support a defamation claim, at least under the Doe v. Cahill summary judgment standard to warrant unmasking the defendant.  Courts have upheld defamation awards in cases where defendants’ online postings asserted that plaintiffs were “liars.”  The allegations also might have supported an intentional infliction of emotional distress claim.  As my colleague Greg Young wisely noted to me though, even a rigorous standard like the one in Doe v. Cahill (which I support much like Dan) gives leeway to judges to balance values and risks imposing costs on speech.

Hat tip to Ian Kerr and Greg Young.

Cohen started pursuing the defamation suit against the anonymous ‘Skanks’ blogger in January after discovering the site, on which the blogger called Cohen a skank, a ho, and an old hag, among other nasty things, and posted photos of her, taken from various websites. Since Cohen needed the identity of the blogger in order to file the lawsuit against her, a judge in Manhattan granted Cohen’s request to force Google to reveal the e-mail address and IP address of the alleged defamer.

Cohen has since dropped her $3 million lawsuit.  The unmasked blogger — Rosemary Port — plans to sue Google [...]]]> A model named Liskula Cohen was being attacked on a blog called Skanks in NYC.  The author of the Skanks blog was anonymous.  Kashmir Hill reports:

Cohen started pursuing the defamation suit against the anonymous ‘Skanks’ blogger in January after discovering the site, on which the blogger called Cohen a skank, a ho, and an old hag, among other nasty things, and posted photos of her, taken from various websites. Since Cohen needed the identity of the blogger in order to file the lawsuit against her, a judge in Manhattan granted Cohen’s request to force Google to reveal the e-mail address and IP address of the alleged defamer.

Cohen has since dropped her $3 million lawsuit.  The unmasked blogger — Rosemary Port — plans to sue Google for $15 million for breaching its fiduciary duty to defend her anonymity.

Over at CyberSLAPP, a website maintained by EFF (disclosure: I’m on EFF’s advisory board), ACLU, CDT, EPIC, and Public Citizen, they have posted documents from the case, including the court’s order to Google to unmask the author of Skanks.

CyberSLAPP seeks to combat frivolous lawsuits to reveal another’s identity:

CyberSLAPP cases typically involve a person who has posted anonymous criticisms of a corporation or public figure on the Internet. The target of the criticism then files a frivolous lawsuit just so they can issue a subpoena to the Web site or Internet Service Provider (ISP) involved, discover the identity of their anonymous critic, and intimidate or silence them.

The Skanks in NYC raises a lot of interesting issues.  I’ll tackle a few in this post.

1.Was Cohen’s lawsuit frivolous? Cohen might have a decent defamation lawsuit, but she subsequently dropped it when she found out Cohen’s identity.  This behavior indicates she was using the lawsuit only to unmask the blogger.  I agree with CyberSLAPP that such a practice should be restricted.

2. Did the court properly reveal Port’s identity? I believe that the court used too low a standard in revealing the blogger’s identity.  The court ordered Google to reveal the anonymous blogger because “a strong showing that a cause of action exists.”  This standard appears to be little more than requiring the plaintiff to survive a motion to dismiss.  While I’m very sympathetic to people who have been injured through online defamation and invasions of privacy, I’m also wary of courts being too quick to reveal the identities of bloggers.  I believe that in order to reveal a blogger’s identity, plaintiffs must meet the summary judgment standard, as set forth in Doe v. Cahill, 884 A.2d 451 (Del. 2005) (I blogged about it here).

3. Does Port have a cause of action against Google? I don’t think she’s got much of a case.  Google was complying with a court order.  However, over at PogoWasRight, Dissent raises the interesting point that Google had a rather anemic defense of Port’s anonymity.  Could Google be liable for not doing enough to defend Port?  Maybe, as EFF attorney Matt Zimmerman notes in Dissent’s post, if Google didn’t notify the anonymous blogger and give her a chance to respond.  Beyond that, though, I’m not sure that there’s much of a case against Google, but there may be facts I’m not aware of that would change my opinion.

4. Does Port have a cause of action against Cohen for using the legal process to reveal her identity? A better defendant than Google might be Cohen.  Port may be able to sue Cohen, perhaps for abuse of the legal process, if Port can prove that Cohen initiated a frivolous action solely to unmask her.  The revealing of an anonymous blogger’s identity is a privacy invasion in my opinion, because it links speakers to things they said that they don’t want to be connected with their true identity.  The use of legal process and obtaining of a court order might provide shelter to Cohen unless Port could prove it was just a ruse to reveal her identity.

5. How should courts protect anonymous bloggers? In addition to using the summary judgment standard, courts should require a plaintiff who finds out the identity of an anonymous blogger to keep it confidential until it absolutely must be revealed to the public.  Courts should enforce this via a protective order. A lawsuit can proceed quite far before it is necessary to reveal a litigant’s name to the general public.

Moreover, plaintiffs should be prohibited (to the extent possible) from using unmasking the identity of an anonymous blogger as a bargaining chip in settlement negotiations.

However, in the end, if a blogger has anonymously invaded a person’s privacy or defamed that person, then the blogger should be held responsible.  I fully support a person’s ability to sue for privacy violations or defamation.  Anonymity shouldn’t be a shield for hurting other people and committing torts (or crimes).  The difficulty is in robustly protecting people’s First Amendment right to speak anonymously and preventing harm to people from invasions of privacy and defamation.

For more on the Skanks case, see this other post by Kashmir Hill discussing the rights of the Skanks blogger.

For more on the issue of blogging and anonymity, see also this story on CNN about the coming-out stories of anonymous bloggers.  I have a quote in it, and the reporter kindly linked to The Future of Reputation.

Aside from the celebrity context, we may see other misuses of Twitter feeds.  Governments increasingly use Twitter to alert the public about car accidents, fires, crime reports, and public health emergencies.  [...]]]> Individuals increasingly use social networking tools to commit fraud.  Philadelphia Eagles player Asante Samuel discovered his Twitter imposter after the Philadelphia Daily News attributed to him comments from his doppleganger’s Twitter feed.  Keith Olbermann was a victim of Twitter impersonation as was Tony La Russa, manager of the St. Louis Cardinals.  Temple professor Susan Jacobson predicts that much like the early days of the Internet when individuals bought the domain names of celebrities to sell it to those notables for a tidy profit, we will likely see variations of such mischief on social networking sites.

Aside from the celebrity context, we may see other misuses of Twitter feeds.  Governments increasingly use Twitter to alert the public about car accidents, fires, crime reports, and public health emergencies.  A tweet about a fabricated fire or car accident could cause dangerous traffic jams and needless panic.  Someone could impersonate a police department, sending tweets about crimes never committed.  This teaches us to be circumspect about all of those Twitter updates.

H/T to Jim Stanton for his blog posting, “Social Media Fraud On the Increase.”

Wikimedia Commons Image

Yesterday’s Washington Post sadly underscored that point in its coverage of Peoples Dirt.  The site has the dubious distinction of being one of the first to organize anonymous gossip by high schools.  A review of its postings reveals that the site is a Juicy Campus for Juniors.  And like its now-defunct older sibling, Peoples Dirt is filled with attacks on named individuals.  As Brian Leiter has aptly described similar sites, it is a cyber cesspool of racist, sexist, and homophobic rants.  Posters claim to have had sex [...]]]> When Juicy Campus closed for business, many students, parents, and educators sighed with relief.  We unfortunately had little to celebrate.  As I noted then, Juicy Campus was but one player in a crowded line up of anonymous attack sites.

Yesterday’s Washington Post sadly underscored that point in its coverage of Peoples Dirt.  The site has the dubious distinction of being one of the first to organize anonymous gossip by high schools.  A review of its postings reveals that the site is a Juicy Campus for Juniors.  And like its now-defunct older sibling, Peoples Dirt is filled with attacks on named individuals.  As Brian Leiter has aptly described similar sites, it is a cyber cesspool of racist, sexist, and homophobic rants.  Posters claim to have had sex with named female students.  They disparage named girls’ body parts; they compile lists of the “ugliest middle school” girls.  They discuss students’ sexuality in threatening ways.  A posting under a male student’s name: “we know your g@y…just come out of the closet…and you should choke on a dick and die.”

Sadly, the era of the anonymous gossip site is far from over.

Stock.xchng image

Back in March, Danielle put up a post on Trivializing Women’s Harms: The Story of Cyber Gender Harassment. That post attracted commentators, and links, who vigorously disputed both the seriousness of the risk posed by online speech and the (lightness) of the burden that she suggested be placed on anonymous speech. Were we not controlling the comment threads on these posts relatively carefully, we’d see a similar level of skepticism, expressed in vivid, personal, terms. But why would [...]]]> I want to join the other participants in this symposium in congratulating Danielle for putting together such a terrific article. As James G. writes, Danielle frames a compelling case for thinking about online harassment as a civil rights problem, an approach both novel and bracing.

Back in March, Danielle put up a post on Trivializing Women’s Harms: The Story of Cyber Gender Harassment. That post attracted commentators, and links, who vigorously disputed both the seriousness of the risk posed by online speech and the (lightness) of the burden that she suggested be placed on anonymous speech. Were we not controlling the comment threads on these posts relatively carefully, we’d see a similar level of skepticism, expressed in vivid, personal, terms. But why would this be? Why aren’t the risks that the online “speech” pose as obvious to our commentators as they are to Daneille and others on this blog?

The reason isn’t because partisans (like the ACLU, whose inconsistency is remarked by Ann Bartow), or free speech advocates, are deliberately conforming their views of risk to their personal interests or ideological positions. Rather, as cultural cognition theory predicts, “individuals are disposed selectively to accept or dismiss risk claims in a manner that expresses their cultural values.” Persons of hierarchical and individualistic orientations will worry more about being rendered defenseless by gun control; egalitarians and communitarians will worry about the legacy of patriarchy and racism associated with guns and thus discount those risks. Similarly hierarchs will be worried about the risks of disorder following flight from the police; egalitarians will be more concerned about the risks of police oppression. And so on.

Applying the group-grid theory to the project of cyber risks suggests that individualists , who value markets and private ordering, might be disposed to discount the risks of online “mobs”, unless those mobs are directed at values of concern, like the right to be anonymous and free from regulation. By contrast, communitarians believe that individuals will interact with one another frequently, depend on one another, and that this mutual inter-dependence is a condition to be celebrated and supported. Thus, people of different cultural views will have distinct views of the risks of conduct & the benefits of regulation, and those views will (significantly) be less likely that you might think to respond to new sets of “facts”. Perversely, arguing from facts my accent, not ameliorate, dissension between individuals holding different values.

What, then, is to be done to convince the individualists that their values aren’t under assault and that the risks of online mobs are severe enough to warrant some form of regulation? Danielle suggests that framing this as a civil rights problem would serve a valuable “normative and expressive role.” The danger, I think, is that many will respond, as does Orin Kerr here, by suggesting that there are competing norms and expressed values in play. It’s a serious problem, and I don’t have the answers. But I do think that being more generous & attentive to those holding different values is an important part of coming to consensus, and thus I’m really pleased with the respect and collegiality demonstrated in this symposium so far.

So let me start by saying that Danielle Citron’s Cyber Civil Rights is a wonderful paper. It is right about many things, although I’d be prepared to wonder whether the expression-action distinction might not reflect something true, real, and valuable, or whether the current balance between libel and the ‘wild west’ of unregulated speech is really so bad. But never mind all that: for present purposes let’s stipulate that Cyber Civil Rights is right about all its facts — including (as I indeed have no doubt she is right) about the terrible harms being [...]]]> Orin Kerr says he was brought in to be a mild dissenter. I fear I may have been set up to be the pig at the garden party.

So let me start by saying that Danielle Citron’s Cyber Civil Rights is a wonderful paper. It is right about many things, although I’d be prepared to wonder whether the expression-action distinction might not reflect something true, real, and valuable, or whether the current balance between libel and the ‘wild west’ of unregulated speech is really so bad. But never mind all that: for present purposes let’s stipulate that Cyber Civil Rights is right about all its facts — including (as I indeed have no doubt she is right) about the terrible harms being wreaked online by evil people at the expense of innocent victims who are (wildly) disproportionately female and minorities. And let’s further stipulate that the article is right about its novel and exciting statutory arguments concerning how existing civil rights law might be used to deal with that – stuff I had fun thinking about and enjoyed teaching too.

Nevertheless, I have deep, deep problems with the paper’s proposed remedy — because there’s something critical that the paper leaves out.

Prof. Citron begins her remedies discussion with the suggestion that ISPs be stripped of § 230 immunity for postings by others, in the hopes that this will force them to police their customers. She proposes that they be subject to distributor liability – that we move to the takedown regime we have come to know and love under the DMCA. To which one can only reply…huh?

But never mind that: The core proposal is to set the duty of care for ISPs seeking not to be held responsible for their customers’ writings at a level that will required them – by law – to keep records of users’ IP numbers. In short, in order to serve the goals of deterrence and enforcement, Prof. Citron proposes the complete elimination of anonymity on the US portion of the Internet in order to root out hateful speech.

Let me repeat: Professor Citron proposes the complete elimination of anonymity on the US portion of the Internet in order to root out hateful speech.

I’m convinced that even though Prof. Citron is attacking a significant social problem, the cure proposed is (1) worse than the disease, (2) deeply unconstitutional, and (3) would have pernicious global side-effects.

The claim that the cure is worse than the disease is a value judgment, and thus no doubt disputable. It is based, I’ll admit, more on instinct than data. We don’t have good data about the amount of socially valuable anonymous speech any more than we do about the real quantity of the hateful stuff. We’re left to imagine a world with much less of both – I think the long run consequences of turning the major communications medium of the future into the government’s fishbowl have too big a chance of being pretty lousy. Others might trade some civility now against the risk of another Bush/Cheney administration later, but not me.

The claim that the proposed remedy is deeply unconstitutional is not based on a value judgement. It is based on a line of cases not addressed in Cyber Civil Rights – for which I blame law review length limits rather than the author. Starting from Talley v California, 362 U.S. 60 (1960), then McIntyre v Ohio Elections Comm’n, 514 U.S. 334 (1995), running through Watchtower Bible and Tract Soc. of New York, Inc. v Village of Stratton, 536 U.S. 150 (2002), the Supreme Court has made it clear that there is a strong (some would even say sweeping) constitutional right to anonymous speech. At the very least, when wholesale bans on anonymous speech such as proposed in Cyber Civil Rights reach core First Amendment speech they are not allowed. (I’ve written about these cases here and here if anyone wants a little more detail.)

The third point flows from the second. Dissidents around the world rely on US servers to get out their message. It’s probably not a good idea to engineer our communications in a way that might tempt our government to cozy up to foreign bad guys by slipping them information about the dissidents (think Nixon or Kissinger) who after all don’t have First Amendment rights here when based abroad. It’s bad enough that the EU has taken a big step in this direction by requiring ISPs and telecoms to store traffic data for a year. They have a Privacy Directive (and don’t have a First Amendment). We shouldn’t attempt to follow suit.

Here’s the core of Prof. Citron’s response as I understand it:

[S]ome believe immunizing website operators is essential to preserve anonymity, which they view as vital to free expression on the Internet. They may invoke the role of websites such as Wikileaks.org to facilitate political dissidence against oppressive regimes or analogize to important roles played offline by “anonymous” persons, such as investigative journalists’ sources. These parallels, however, are inapt. In some instances, many “anonymous” actors are not, in fact, anonymous, but rather have undisclosed identities. No responsible newspaper publishes material based on sources whose identity it does not know. Similarly, although the Supreme Court has rejected thinly supported demands for the production of dissident groups’ membership lists, it has never suggested that authorities or private litigants could not obtain the identities of persons reasonably suspected of unlawful activities. Freedom of expression has never depended on the absolute ability of speakers to prevent themselves from being identified and held responsible for activities the state may properly prohibit. As Professor Tribe notes, “secrecy often seems the shield of dangerous and irresponsible designs.”

Count me among those “some”. Just because it is true that “authorities or private litigants could … obtain the identities of persons reasonably suspected of unlawful activities” without violating the First Amendment doesn’t mean in any way that it follows we can all be treated as suspects without doing great violence to the Bill of RIghts.

Prof. Citron argues that we’ll be OK so long as site operators and ISPs stand on principle and protect our identities from improper requests:

Traceable anonymity would not betray our commitment to anonymous speech if site operators and ISPs refuse to reveal a poster’s identity unless a court order demanded it. This would protect individuals for whom anonymity is most crucial, such as victims of domestic violence and political dissidents.

I suppose I have come to lack faith in big profit-oriented cable and telecoms companies – a lack of faith that is educated by events such as EFF’s campaign lawsuit over what appears to have been a lengthy project of illegal recording of internet traffic carried out by major telecoms at the US government’s request.

Freedom of expression does in some cases depend on people reasonably believing they can speak without being called to account for it. That may sometimes be disreputable, even evil. Sometimes it may help save a life, or the Republic.

[Consistent with my practice on my own blog, I have set comments to "on". Unless my hosts have a different rule, I plan to disemvowel or delete those which violate my comment policy.]

Social networking sites and blogs have increasingly become breeding grounds for anonymous online groups that attack women, people of color, and members of other traditionally disadvantaged groups. These destructive groups target individuals with defamation, threats of violence, and technology-based attacks that silence victims and concomitantly destroy their privacy. Victims go offline or assume pseudonyms to prevent future attacks, impoverishing online dialogue and depriving victims of the social and economic opportunities associated with a vibrant online presence. Attackers manipulate search engines to reproduce their lies and threats for employers and clients to see, creating [...]]]> From tomorrow through Thursday, Concurring Opinions will be hosting a number of scholars invited to discuss Danielle Citron’s work Cyber Civil Rights. Responding to controversies over online attacks, Citron argues the following:

Social networking sites and blogs have increasingly become breeding grounds for anonymous online groups that attack women, people of color, and members of other traditionally disadvantaged groups. These destructive groups target individuals with defamation, threats of violence, and technology-based attacks that silence victims and concomitantly destroy their privacy. Victims go offline or assume pseudonyms to prevent future attacks, impoverishing online dialogue and depriving victims of the social and economic opportunities associated with a vibrant online presence. Attackers manipulate search engines to reproduce their lies and threats for employers and clients to see, creating digital “scarlet letters” that ruin reputations. . . .

Web 2.0 technologies accelerate mob behavior. With little reason to expect self-correction of this intimidation of vulnerable individuals, the law must respond. General criminal statutes and tort law proscribe much of the mobs’ destructive behavior, but the harm they inflict also ought to be understood and addressed as civil rights violations. Civil rights suits reach the societal harm that would otherwise go unaddressed and would play a crucial expressive role. Acting against these attacks does not offend First Amendment principles when they consist of defamation, true threats, intentional infliction of emotional distress, technological sabotage, and bias-motivated abuse aimed to interfere with a victim’s employment opportunities. To the contrary, it helps preserve vibrant online dialogue and promote a culture of political, social, and economic equality.

As I’ve noted before, I think this piece breaks new ground in applying venerable laws to the online environment. In this cyber-symposium, we propose to discuss the following issues:

What can the law do to respond to these threats?

How we deter harassment while promoting legitimate speech?

How do we balance the privacy rights of speakers and those they speak about in the new communicative landscape created by sites like AutoAdmit, Juicy Campus, Facebook, and anonymous message boards?

A list of scholars invited to discuss these issues appears below:

Ann Bartow

David Fagundes

Michael Froomkin

Nathaniel Gleicher

James Grimmelmann

Orin Kerr

Nancy Kim

Susan Kuo

Daithí Mac Síthigh

Helen Norton

David Post

David Robinson

As co-organizers of the online symposium, Danielle, David Hoffman, Deven Desai and I welcome these guests and look forward to participating in the discussion. We have decided to default to “no comments” for this cyber-symposium. It was a tough decision, but ultimately we tended to feel that, for this topic in particular, the costs of editing and/or responding to abusive or off-topic comments would likely be higher than the benefits of our usual default to openness.

As recent controversies have shown, it’s easy for online mobs to inflict real injuries on their victims–and women bear a disproportionate share of the abuse. Citron argues that “acting against these attacks . . . helps preserve vibrant online dialogue and promote a culture of political, social, and economic equality.” We look forward to an animated and insightful discussion on how to balance liberty, equality, and privacy online.

The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.

The book is available on Amazon.com or on [...]]]> There’s a terrific new book of essays about privacy out from Oxford University Press — LESSONS FROM THE IDENTITY TRAIL: ANONYMITY, PRIVACY AND IDENTITY IN A NETWORKED SOCIETY (Oxford University Press 2009). It’s edited by Ian Kerr, Valerie Steeves, and Carole Lucock. The essays are fascinating and are written by a number of very prominent privacy scholars. Highly recommended!

The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.

The book is available on Amazon.com or on our special Concurring Opinions Oxford University Press promo page for 20% off.

Here’s the table of contents:

I. PRIVACY

Introduction to Part I

Chapter 1. Soft Surveillance, Hard Consent: The Law and Psychology of Engineering Consent

by IAN KERR, JENNIFER BARRIGAR, JACQUELYN BURKELL, AND KATIE BLACK

Chapter 2. Approaches to Consent in Canadian Data Protection Law

by PHILIPPA LAWSON AND MARY O’DONOGHUE

Chapter 3. Learning from Data Protection Law at the Nexus of Copyright and Privacy

by ALEX CAMERON

Chapter 4. A Heuristics Approach to Understanding Privacy-Protecting Behaviors in Digital Social Environments

by ROBERT CAREY AND JACQUELYN BURKELL

Chapter 5. Ubiquitous Computing and Spatial Privacy

by ANNE UTECK

Chapter 6. Core Privacy: A Problem for Predictive Data Mining

by JASON MILLAR

Chapter 7. Privacy Versus National Security: Clarifying the Trade-Off

by JENNIFER CHANDLER

Chapter 8. Privacy’s Second Home: Building a New Home for Privacy Under Section 15 of the Charter

by DAPHNE GILBERT

Chapter 9. What Have You Done for Me Lately? Reflections on Redeeming Privacy for Battered Women

by JENA MCGILL

Chapter 10. Genetic Technologies and Medicine: Privacy, Identity, and Informed Consent

by MARSHA HANEN

Chapter 11. Reclaiming the Social Value of Privacy

by VALERIE STEEVES

II. IDENTITY

Introduction to Part II

Chapter 12. A Conceptual Analysis of Identity

by STEVEN DAVIS

Chapter 13. Identity: Difference and Categorization

by CHARLES D. RAAB

Chapter 14. Identity Cards and Identity Romanticism

by A. MICHAEL FROOMKIN

Chapter 15. What’s in a Name? Who Benefits from the Publication Ban in Sexual Assault Trials?

by JANE DOE

Chapter 16. Life in the Fish Bowl: Feminist Interrogations of Webcamming

by JANE BAILEY

Chapter 17. Ubiquitous Computing, Spatiality, and the Construction of Identity: Directions for Policy Response

by DAVID J. PHILLIPS

Chapter 18. Dignity and Selective Self-Presentation

by DAVID MATHESON

Chapter 19. The Internet of People? Reflections on the Future Regulation of Human-Implantable Radio Frequency Identification

by IAN KERR

Chapter 20. Using Biometrics to Revisualize the Canada–U.S. Border

by SHOSHANA MAGNET

Chapter 21. Soul Train: The New Surveillance in Popular Music

by GARY T. MARX

Chapter 22. Exit Node Repudiation for Anonymity Networks

by JEREMY CLARK, PHILIPPE GAUVIN, AND CARLISLE ADAMS

Chapter 23. TrackMeNot: Resisting Surveillance in Web Search

by DANIEL C. HOWE AND HELEN NISSENBAUM

III. ANONYMITY

Introduction to Part III 63.60 Kb

Chapter 24. Anonymity and the Law in the United States

by A. MICHAEL FROOMKIN

Chapter 25. Anonymity and the Law in Canada

by CAROLE LUCOCK AND KATIE BLACK

Chapter 26. Anonymity and the Law in the United Kingdom

by IAN LLOYD

Chapter 27. Anonymity and the Law in the Netherlands

by SIMONE VAN DER HOF, BERT JAAP KOOPS, AND RONALD LEENES

Chapter 28. Anonymity and the Law in Italy

by GIUSELLA FINOCCHIARO

Electronic contacts lenses gives rise to interesting questions about their potential use. Could a zoom function and [...]]]> According to Government Technology, engineers at the University of Washington have developed contact lenses with integrated circuitry. Although the lenses have only been tested on animals, researchers are working on having electronic lenses overlay a display over a person’s visual field without impairing sight. Researchers hope that the lenses, once completed, will allow users to zoom in on distant objects and see useful facts. Future applications might allow drivers and pilots to see their direction and speed projected across their view or to surf the Web without a monitor. The circuit components would be powered by integrated solar cells and a wireless radio-frequency receiver.

Electronic contacts lenses gives rise to interesting questions about their potential use. Could a zoom function and connection to the Net allow drivers to record and transmit the license plates of reckless drivers to insurance companies and local police? Lior Strahilevitz’s superb article “‘How’s My Driving’ for Everyone (and Everything?)” contemplated the use of technologies to report driver misconduct to assist the police in combating dangerous driving, reduce information assymetries in the insurance market, improve the tort system, and alleviate driver frustration over the current feeling of helplessness in the face of reckless driving. As the article demonstrates, the virtual anonymity of drivers magnifies dangerous behavior on the road because drivers do not suffer social disapproval for poor driving and have a profound sense that they will never get caught. These lenses could fundamentally alter that sense of anonymity on the road and could deter antisocial behavior. The bionic eye could play an important role in altering behavior and may raise privacy concerns worth discussing.

I just wanted to announce that the preliminary program for the 2008 Computers, Freedom, and Privacy Conference (in New Haven, CT) has been announced. The theme this year is “Technology Policy ‘08,” and it includes several topical panels for the election year:

Presidential Technology Policy: Priorities for the Next Executive

States as Incubators of Change

Activism and Education Using Social Networks

Network Neutrality: Beyond the Slogans

Discounted early bird registration closes this Friday, but general registration is open until 5/23. The conference is also looking for bloggers!

The big (asserted) advantages are: (1) less collateral first-amendment damage and officially sanctioned chilling of speech; and (2) a more “poetically satisfying” form of social sanction.

I’m pretty dubious about the empirics of the first half of the claim. Bounties to unmask anonymous internet speech seem to me to be likely to create exactly [...]]]> Talking about the Autoadmit lawsuit, Anthony Ciolli argues:

“[Rather than the litigation,] a smarter way to handle this would be through private action. A few weeks ago, a lawyer offered a $15,000 bounty for the identity of the author of the Patent Troll Tracker blog. I saw no legal basis for that unmasking, but if someone wanted to rat him out for $15k, I saw nothing wrong with that either. FYI — it worked.”

The big (asserted) advantages are: (1) less collateral first-amendment damage and officially sanctioned chilling of speech; and (2) a more “poetically satisfying” form of social sanction.

I’m pretty dubious about the empirics of the first half of the claim. Bounties to unmask anonymous internet speech seem to me to be likely to create exactly the same kinds of pressure not to speak as lawsuits – more, perhaps, because bounties are cheaper and thus the likelihood of enforcement is higher. (This is all wrapped up in Solove’s book, of course). As to whether it is more poetically satisfactory to be betrayed or to lose on the merits, I this the issue is a close one. What do you think?

The record industry got a surprise when it subpoenaed the University of Oregon in September, asking it to identify 17 students who had made available songs from Journey, the Cars, Dire Straits, Sting and Madonna on a file-sharing network.

The surprise was not [...]]]> The Recording Industry Association of America (RIAA) has been on a litigation rampage, attempting to identify people it believes are sharing music online, slapping them with a frightening lawsuit, and extracting steep settlements out of them. Universities are frequently being subpoenaed by the RIAA to provide information about students. Whether this strategy of acting like a lunch money bully is working remains to be seen, but finally a university is fighting back. According to Adam Liptak’s essay in the New York Times:

The record industry got a surprise when it subpoenaed the University of Oregon in September, asking it to identify 17 students who had made available songs from Journey, the Cars, Dire Straits, Sting and Madonna on a file-sharing network.

The surprise was not that 20-year-olds listen to Sting. It was that the university fought back.

Represented by the state’s attorney general, Hardy Myers, the university filed a blistering motion to quash the subpoena, accusing the industry of misleading the judge, violating student privacy laws and engaging in questionable investigative practices. . . .

“Certainly it is appropriate for victims of copyright infringement to lawfully pursue statutory remedies,” Mr. Myers wrote last month. “However, that pursuit must be tempered by basic notions of privacy and due process.”

“The larger issue,” Mr. Myers said, “is whether plaintiffs’ investigative and litigation strategies are appropriate.”

Mr. Myers questioned the tactics of MediaSentry, an investigative company hired by the recording industry. He said the company seemed to use data mining techniques to obtain “private, confidential information unrelated to copyright infringement.” He added that it may have violated an Oregon criminal law requiring investigators to be licensed.

I am pleased that the university is fighting back. Liptak seems skeptical about whether the university will be successful in its challenge to the subpoena, but at least it is defending its students rights rather than quickly giving in. Universities should not be so quick to accede to RIAA subpoenas.

One issue involves students’ First Amendment rights. Although the Supreme Court has held that copyright infringement isn’t protected under the First Amendment, Harper & Row, Publs. Inc. v. Nation Enters., 471 U.S. 539 (1985), protected speech may be involved in some cases. According to the Court, copyright has “built-in First Amendment accommodations” via the fair use doctrine. Eldred v. Ashcroft, 537 U.S. 186 (2003). Copyright protection is thus compatible with the First Amendment because of the existence of fair use. What this means is that it is possible that in any given case, some of the uses of the music may be fair use, and that is protected by the First Amendment. Moreover, a person may have made statements online along with engaging in piracy. So, for example, an anonymous person might maintain a website where he posts music files for trading along with the statement that “the RIAA is a big bad bully.” That statement is protected speech, and identifying an anonymous speaker triggers heightened First Amendment standards for the subpoena.

The RIAA might argue something like this: “But the people whose identities we’re seeking are engaging in illegal piracy. They’re trading music files. There’s not a strong argument that any protected speech is involved.” Even if they’re right about this, it still doesn’t extinguish the First Amendment interests of the individuals suspected of piracy. Suppose, for example, a person anonymously posted a comment about another person that looked clearly defamatory. The fact that it might look like a slam-dunk case still doesn’t obviate the need to establish the heightened First Amendment standards for subpoenas. Copyright should be no different.

Courts are still working on shaping the heightened standard for revealing the identity of an anonymous speaker, but several courts have recently been requiring that the person or entity seeking the information satisfy the summary judgment standard. See Doe v. Cahill, 884 A.2d 451 (Del.2005) (see here for my post about Cahill) and In re Does 1-10, — S.W.3d –, 2007 WL 4328204 (Tex. Ct. App., Dec. 12, 2007) (see here for my post about In re Does).

So the RIAA shouldn’t be given an easy time when seeking people’s identities via subpoenas. It should be forced to make its case and meet the summary judgment standard. Maybe it will succeed in doing this in most cases, but it should at least be challenged to demonstrate its case.