Site Meter

Category: Privacy (Gossip & Shaming)

2

Revenge Porn and the Uphill Battle to Pierce Section 230 Immunity (Part II)

Plaintiffs’ lawyers have some reason to think that they can convince courts to change their broad-sweeping view of Section 230.  In the rare case, courts have pierced the safe harbor, though not because the site operators failed to engage in good faith attempts to protect against offensive or indecent material.  In 2011, a federal district court permitted a woman to sue the site operator of the Dirty.com for defamation on the grounds that Section 230 is forfeited if the site owner “invites the posting of illegal materials or makes actionable postings itself.”  Sarah Jones v. Dirty World Entertainment Recordings LLC, 766 F. Supp.2d 828, 836 (E.D. Kentucky 2011).

That trial judge relied on a Ninth Circuit decision, Fair Housing Council v. Roommates.com, which involved a classified ad service that helps people find suitable roommates.  To sign up for the site’s service, subscribers had to fill out an online questionnaire that asked questions about their gender, race, and sexual orientation.  One question asked subscribers to choose a roommate preference, such as “Straight or gay males,” only “Gay” males, or “No males.”  Fair housing advocates sued the site, arguing that its questionnaires violated federal and state discrimination laws.  The Ninth Circuit found that Section 230 failed to immunize the defendant site from liability because it created the questions and choice of answers and thus became the “information content provider.”  The court ruled that since the site required users to answer its questions from a list of possible responses of its choosing, the site was “the developer, at least in part, of that information.”  Each user’s profile page was partially the defendant’s responsibility because every profile is a “collaborative effort between [the site] and the subscriber.”

As the Ninth Circuit held (and as a few courts have followed), Section 230 does not grant immunity for helping third parties develop unlawful conduct. The court differentiated the defendant’s site from search engines whose processes might be seen as contributing to the development of content, its search results.  According to the court, ordinary search engines “do not use unlawful criteria to limit the scope of searches conducted on them” and thus do not play a part in the development of unlawful searches.  The court endorsed the view that sites designed to facilitate illegal activity fell outside Section 230’s safe harbor provision.

Here is the rub.  To reach its conclusion, the Ninth Circuit essentially had to rewrite the statute, which defines information content providers as those responsible for the “creation and development of information provided through the Internet,” not the creation and development of illegal information. Read More

4

Revenge Porn and the Uphill Battle to Sue Site Operators

Last week, a group of women filed a lawsuit against the revenge porn site Texxxan.com as well as the hosting company Go Daddy!  Defendant Texxxan.com invites users to post nude photographs of individuals who never consented to their posting.  Revenge porn sites — whether Private Voyeur, Is Anyone Down?, HunterMoore.tv (and the former IsAnyoneUp?), or Texxxan.com — mostly host women’s naked pictures next to their contact information and links to their social media profiles. Much like other forms of cyber stalking, revenge porn ruins individuals’ reputations as the pictures saturate Google searches of their names, incites third parties to email and stalk individuals, causes terrible embarrassment and shame, and risks physical stalking and harm.  In the recently filed suit, victims of revenge porn have brought invasion of privacy and civil conspiracy claims against the site operator and the web hosting company, not the posters themselves who may be difficult to find. More difficult though will be getting the case past a Rule 12(b)(6) motion to dismiss.

In this post, I’m going to explain why this lawsuit is facing an uphill battle under Section 230 of the Communications Decency Act and why extending Section 230′s safe harbor to sites designed to encourage illicit activity seems out of whack with the broader purpose of CDA.  In my next post, I will talk about cases that seemingly open the door for plaintiffs to bring their suit and why those cases provide a poor foundation for their arguments.

Does Section 230 give revenge porn operators free reign to ruin people’s lives (as revenge porn site operator Hunter Moore proudly describes what he does)?  Sad to say, they do.  Read More

2

Ravi Sentenced in Tyler Clementi Case

Dharun Ravi was sentenced today for his violations of Tyler  Clementi’s privacy.  From Yahoo:

A New Jersey judge sentenced a former Rutgers student to 30 days in jail for using a webcam to spy on his roommate kissing another man.

Dharun Ravi, 20, was convicted on two second-degree bias intimidation charges in a case that garnered national headlines because his roommate, Tyler Clementi, committed suicide after the spying.

Clementi, 18, jumped from the George Washington Bridge three days after learning that a September 2010 encounter with an older man was seen by a computer-mounted camera Ravi had set up in their dorm room. The case highlighted the issues of gay bullying and teen suicide.

The judge also placed three years of probation. Rave faced a maximum sentence of 10 years in prison. The judge spared the prison time and did not recommend Ravi be deported to India, where he was born and remains a citizen. Ravi was also ordered to get counseling and to pay $10,000 towards a program to help victims of bias crimes.

Update: Just after I posted this, I saw that Danielle Citron got to this first.  Check out her post here.

4

Hey Look at Me! I’m Reading! (Or Not) Neil Richards on Social Reading

Do you want everyone to know what book you read, film you watch, search you perform, automatically? No? Yes? Why? Why Not? It is odd to me that the ideas behind the Video Privacy Protection Act do not indicate a rather quick extension. But there is a debate about whether our intellectual consumption should have privacy protection, and if so, what that should look like. Luckily, Neil Richards has some answers. His post on Social Reading is a good read. In response to the idea that automatic sharing is wise and benefits all captures some core points:

Not so fast. The sharing of book, film, and music recommendations is important, and social networking has certainly made this easier. But a world of automatic, always-on disclosure should give us pause. What we read, watch, and listen to matter, because they are how we make up our minds about important social issues – in a very real sense, they’re how we make sense of the world.

What’s at stake is something I call “intellectual privacy” – the idea that records of our reading and movie watching deserve special protection compared to other kinds of personal information. The films we watch, the books we read, and the web sites we visit are essential to the ways we try to understand the world we live in. Intellectual privacy protects our ability to think for ourselves, without worrying that other people might judge us based on what we read. It allows us to explore ideas that other people might not approve of, and to figure out our politics, sexuality, and personal values, among other things. It lets us watch or read whatever we want without fear of embarrassment or being outed. This is the case whether we’re reading communist, gay teen, or anti-globalization books; or visiting web sites about abortion, gun control, or cancer; or watching videos of pornography, or documentaries by Michael Moore, or even “The Hangover 2.”

And before you go off and say Neil doesn’t get “it” whatever “it” may be, note that he is making a good distinction: “when we share – when we speak – we should do so consciously and deliberately, not automatically and unconsciously. Because of the constitutional magnitude of these values, our social, technological, professional, and legal norms should support rather than undermine our intellectual privacy.”

I easily recommend reading the full post. For those interested in a little more on the topic, the full paper is forthcoming in Georgetown Law Journal and available here. And, if you don’t know Neil Richards’ work (SSRN), you should. Even if you disagree with him, Neil’s writing is of that rare sort where you are better off by reading it. The clean style and sharp ideas force one to engage and think, and thus they also allow one to call out problems so that understanding moves forward. (See Orwell, Politics and the English Language). Enjoy.

4

Why I Don’t Teach the Privacy Torts in My Privacy Law Class

(Partial disclaimer — I do teach the privacy torts for part of one class, just so the students realize how narrow they are.)

I was talking the other day with Chris Hoofnagle, a co-founder of the Privacy Law Scholars Conference and someone I respect very much.  He and I have both recently taught Privacy Law using the text by Dan Solove and Paul Schwartz. After the intro chapter, the text has a humongous chapter 2 about the privacy torts, such as intrusion on seclusion, false light, public revelation of private facts, and so on.  Chris and other profs I have spoken with find that the chapter takes weeks to teach.

I skip that chapter entirely. In talking with Chris, I began to articulate why.  It has to do with my philosophy of what the modern privacy enterprise is about.

For me, the modern project about information privacy is pervasively about IT systems.  There are lots of times we allow personal information to flow.  There are lots of times where it’s a bad idea.  We build our collection and dissemination systems in highly computerized form, trying to gain the advantages while minimizing the risks.  Alan Westin got it right when he called his 1970′s book “Databanks in a Free Society.”  It’s about the data.

Privacy torts aren’t about the data.  They usually are individualized revelations in a one-of-a-kind setting.  Importantly, the reasonableness test in tort is a lousy match for whether an IT system is well designed.  Torts have not done well at building privacy into IT systems, nor have they been of much use in other IT system issues, such as deciding whether an IT system is unreasonably insecure or suing software manufacturers under products liability law.  IT systems are complex and evolve rapidly, and are a terrible match with the common sense of a jury trying to decide if the defendant did some particular thing wrong.

When privacy torts don’t work, we substitute regulatory systems, such as HIPAA or Gramm-Leach-Bliley.  To make up for the failures of the intrusion tort, we create the Do Not Call list and telemarketing sales rules that precisely define how much intrusion the marketer can make into our time at home with the family.

A second reason for skipping the privacy torts is that the First Amendment has rendered unconstitutional a wide range of the practices that the privacy torts might otherwise have evolved to address.  Lots of intrusive publication about an individual is considered “newsworthy” and thus protected speech.  The Europeans have narrower free speech rights, so they have somewhat more room to give legal effect to intrusion and public revelation claims.

It’s about the data.  Torts has almost nothing to say about what data should flow in IT systems.  So I skip the privacy torts.

Other profs might have other goals.  But I expect to keep skipping chapter 2.

 

3

Ravi Trial Verdict for Invading the Privacy of Clementi

Dharun Ravi was found guilty of invasion of privacy when he used a webcam to watch and broadcast online Clementi’s intimate activities with another man in their shared dorm room.  From CNN:

A former Rutgers University student accused of spying on and intimidating his gay roommate by use of a hidden webcam was found guilty on all counts, including invasion of privacy and the more severe charges of bias intimidation, in a case that thrust cyberbullying into the national spotlight.

Dharun Ravi, 20, could now face up to 10 years in jail and deportation to his native India. He was also found guilty of witness tampering, hindering apprehension and tampering of physical evidence.

The jury was confronted with a series of questions on each charge. Though it found Ravi not guilty on several questions within the verdict sheet, because he was found guilty on at least one question on each main count, he could now face the maximum penalty.

From ABC News:

A New Jersey jury today found former Rutgers student Dharun Ravi guilty on all counts for using a webcam to spy on his roommate, Tyler Clementi, having a gay sexual encounter in 2010.

Ravi, 20, was convicted of invasion of privacy, bias intimidation, witness tampering and hindering arrest, stemming from his role in activating the webcam to peek at Clementi’s date with a man in the dorm room on Sept. 19, 2010. Ravi was also convicted of encouraging others to spy during a second date, on Sept. 21, 2010, and intimidating Clementi for being gay.

Ravi was found not guilty of some subparts of the 15 counts of bias intimidation, attempted invasion of privacy, and attempted bias intimidation, but needed only to be found guilty of one part of each count to be convicted.

I blogged about this case here and here and here.

Here is New Jersey’s invasion of privacy statute:

Read More

3

Cyberbullying and the Cheese-Eating Surrender Monkeys

(This post is based on a talk I gave at the Seton Hall Legislative Journal’s symposium on Bullying and the Social Media Generation. Many thanks to Frank Pasquale, Marisa Hourdajian, and Michelle Newton for the invitation, and to Jane Yakowitz and Will Creeley for a great discussion!)

Introduction

New Jersey enacted the Anti-Bullying Bill of Rights (ABBR) in 2011, in part as a response to the tragic suicide of Tyler Clementi at Rutgers University. It is routinely lauded as the country’s broadest, most inclusive, and strongest anti-bullying law. That is not entirely a compliment. In this post, I make two core claims. First, the Anti-Bullying Bill of Rights has several aspects that are problematic from a First Amendment perspective – in particular, the overbreadth of its definition of prohibited conduct, the enforcement discretion afforded school personnel, and the risk of impingement upon religious and political freedoms. I argue that the legislation departs from established precedent on disruptions of the educational environment by regulating horizontal relations between students rather than vertical relations between students and the school as an institution / environment. Second, I believe we should be cautious about statutory regimes that enable government actors to sanction speech based on content. I suggest that it is difficult to distinguish, on a principled basis, between bullying (which is bad) and social sanctions that enforce norms (which are good). Moreover, anti-bullying laws risk displacing effective informal measures that emerge from peer production. Read More

2

The Demi Moore 911 Call: A Breach of Medical Confidentiality?

I’ve written before on the issue of whether 911 calls should be public.  The recent release of the Demi Moore 911 call raises the issues once again.  From CBS News:

The tape of the frantic 911 call from actress Demi Moore’s Beverly Hills home Monday night is out and, reports CBS News national correspondent Lee Cowan, the scene sounds a lot more dire than her publicist had let on.

After Moore was rushed to the hospital, a statement said she ‘d be seeking professional help for exhaustion and her overall health.

“The 911 tape really indicates that this is a much more serious situation than we were first led to believe,” says US Weekly’s Melanie Bromley. “We’ve been told it’s exhaustion that she’s suffering from, but you can tell from the tape that there’s a very desperate situation there. She’s having convulsions and she’s almost losing consciousness. It’s a very scary tape to listen to.”

Why is this public?   Many 911 calls, like the one with Demi Moore, involve requests for medical treatment.  Typically, whenever any doctor, nurse, or healthcare professional learns information about a person, it is stringently protected.  A healthcare provider who breaches medical confidentiality can face ethical charges as well as legal liability for the breach of confidentiality tort.  In addition, there may be HIPAA violations of the healthcare provider is HIPAA-regulated.  911 call centers are not HIPAA-regulated, but the operators are in a special position of trust and are often providing healthcare advice (and calling for healthcare services such as ambulances).  If the call from Demi Moore’s home had been to a hospital or a doctor or any other type of healhcare provider, public disclosure of the call would be forbidden.  Why isn’t a 911 call seen in the same light?

As I pointed out in my earlier post about the issue, I believe the release of 911 call transcripts to the public violates the constitutional right to information privacy.  The cases generally recognize strong privacy rights whenever health information is involved.  States with laws, policies, or practices that infringe upon the constitutional right to information privacy might be liable in a Section 1983 suit.  I have not seen one yet, but it is about time something sparks states to rethink their policies about making the calls public.

The rationale for making the calls public is to provide transparency about the responsiveness of 911 call centers.  But this can be done in other ways without violating the privacy of individuals.  The main use of the Demi Moore call being public is to serve as grist for the media to learn about her problems.  This doesn’t make the 911 system safer or better; it just makes the tabloids sell faster.

0

Posting about Patients on Social Media Sites

An increasing problem is caused when medical personnel post details about patients on their social media websites.  From Daily News:

Providence Holy Cross Medical Center officials are investigating an employee who allegedly posted a patient’s medical information on his Facebook page, apparently to make fun of the woman and her medical condition.

According to a printout of the Facebook page obtained by the Daily News, the employee displayed a photo of a medical record listing the woman’s name and the date she was admitted, and posted the comment: “Funny but this patient came in to cure her VD and get birth control.”

Providence officials said the employee was provided by a staffing agency.

An interesting fact in this article is that most healthcare institutions lack policies for employee use of social media:

Only about a third of all hospitals are believed to have specific policies in place regarding patient information and social media sites, such as Facebook and Twitter, according to published reports.

I expect this to change in the next few years.

Hat Tip: Pogo Was Right