Concurring Opinions » Social Network Websites

Stanford Law Review Online: The Privacy Paradox 2012 Symposium Issue

Stanford Law Review — Mon, 13 Feb 2012 18:04:41 +0000

Our 2012 Symposium Issue, The Privacy Paradox: Privacy and Its Conflicting Values, is now available online:

Essays

A Reasonableness Approach to Searches After the Jones GPS Tracking Case by Peter Swire (64 Stan. L. Rev. Online 57);
Privacy in the Age of Big Data by Omer Tene & Jules Polonetsky (64 Stan. L. Rev. Online 63);
Yes We Can (Profile You): A Brief Primer on Campaigns and Political Data by Daniel Kreiss (64 Stan. L. Rev. Online 70);
Paving the Regulatory Road to the “Learning Health Care System” by Deven McGraw (64 Stan. L. Rev. Online 75);
Famous for Fifteen People: Celebrity, Newsworthiness, and Fraley v. Facebook by Simon J. Frankel, Laura Brookover & Stephen Satterfield (64 Stan. L. Rev. Online 82); and
The Right to Be Forgotten by Jeffrey Rosen (64 Stan. L. Rev. Online 88).

The text of Chief Judge Alex Kozinski’s keynote is forthcoming.

Tempest in Tempe: First Amendment in the Desert

Derek Bambauer — Fri, 10 Feb 2012 22:10:48 +0000

In the spirit of the excellent colloquy here about Marvin’s thinking on First Amendment architectures, I bring up this news item: Arizona State University blocked both Web access to, and e-mail from, the change.org Web site. ASU students had begun a petition demanding that the university reduce tuition. The university essentially made three claims as to why it did so (below, in order of increasing stupidity):

It was a technical mistake;
Change.org was spamming ASU; and
ASU needs to “protect the use of our limited and valuable network resources for legitimate academic, research and administrative uses.”

#1 and #2 run together. If spam is the problem, you don’t need to block access to the Web site. However, if you are concerned that students are going to read the petition, and sign it, you do need to block access to the Web site.

For #2, sorry, ASU, this isn’t spam. Spam is unsolicited bulk commercial e-mail. Change.org is, allegedly, sending unsolicited political e-mail. And that’s protected by the First Amendment – see, for example, the Virginia Supreme Court’s analysis of that state’s anti-spam law that covered political messages. Potential political spammers have a sharp disincentive to fill recipient’s inboxes – it’s a sure-fire way to annoy them into opposing your position.

For #3, ASU doesn’t get to determine what academic and research uses are “legitimate.” If they throttle P2P apps, that’s fine. If they limit file sizes for attachments, no problem. But deciding that the message from Change.org is not “legitimate” is classic, and unconstitutional, viewpoint discrimination.

This looks like censorship. I think it’s more likely to be stupidity: someone in ASU’s IT department decided to block these messages as spam, and to filter outbound Web requests to the site contained within those messages. But: with great power over the network comes great responsibility. Well-intentioned constitutional violations are still unlawful. It would also help if ASU’s spokesperson simply admitted the mistake rather than engaging in idiotic justification.

As I mention in Orwell’s Armchair, public actors are increasingly important sources of Internet access. But when ASU and other public universities take on the role of ISP, they need to remember that they are not AOL: their technical decisions are constrained not merely by tech resources, but by our commitment to free speech. Let’s hope the Sun Devils cool off on the filtering…

Cross-posted at Info/Law.

Symposium Next Week on “A Legal Theory for Autonomous Artificial Agents”

Frank Pasquale — Wed, 08 Feb 2012 15:43:46 +0000

On February 14-16, we will host an online symposium on A Legal Theory for Autonomous Artificial Agents, by Samir Chopra and Laurence White. Given the great discussions at our previous symposiums for Tim Wu’s Master Switch and Jonathan Zittrain’s Future of the Internet, I’m sure this one will be a treat. Participants will include Ken Anderson, Ryan Calo, James Grimmelmann, Sonia Katyal, Ian Kerr, Andrea Matwyshyn, Deborah DeMott, Paul Ohm, Ugo Pagallo, Lawrence Solum, Ramesh Subramanian and Harry Surden. Chopra will be reading their posts and responding here, too. I discussed the book with Chopra and Grimmelmann in Brooklyn a few months ago, and I believe the audience found fascinating the many present and future scenarios raised in it. (If you’re interested in Google’s autonomous cars, drones, robots, or even the annoying little Microsoft paperclip guy, you’ll find something intriguing in the book.)

There is an introduction to the book below the fold. (Chapter 2 of the book was published in the Illinois Journal of Law, Technology and Policy, and can be found online at SSRN). We look forward to hosting the discussion!

Social and economic interactions today increasingly feature a new category of being: the artificial agent. It buys and sells goods; determines eligibility for legal entitlements like healthcare benefits; processes applications for visas and credit cards; collects, acquires and processes financial information; trades on stock markets; and so on. We use language inflected with intentions in describing our interactions with an artificial agent, as when we say “the shopping cart program wants to know my shipping address.” This being’s competence at settling into our lives, in taking on our tasks, leads us to attribute knowledge and motivations, and to delegate responsibility, to it. Its abilities, often approximating human ones and sometimes going beyond them, make it the object of fear and gratitude: it might spy on us, or it might relieve us of tedium and boredom.

The advances in the technical sophistication and autonomous functioning of these systems represent a logical continuation of our social adoption of technologies of automation. Agent programs represent just one end of a spectrum of technologies that automate human capacities and abilities, extend our cognitive apparatus, and become modeled enhancements of ourselves. More than ever before, it is coherent to speak of computer programs and hardware systems as agents working on our behalf. The spelling checker that corrects this page as it is written is a lexicographic agent that aids in our writing, as much an agent as the automated trading system of a major Wall Street brokerage, and the PR2 robot, a prototype personal robotic assistant (Markoff 2009). While some delegations of our work to such agents are the oft-promised ones of alleviating tedious labor, others are ethically problematic, as in robots taking on warfare roles (Singer 2009). Yet others enable a richer, wider set of social and economic interconnections in our networked society, especially evident in e-commerce (Papazoglu 2001).

As we increasingly interact with these artificial agents in unsupervised settings, with no human mediators, their seeming autonomy and increasingly sophisticated functionality and behavior, raises legal and philosophical questions. For as the number of interactions mediated by artificial agents increase, as they become actors in literal, metaphorical and legal senses, it is ever more important to understand, and do justice to, the artificial agent’s role within our networks of social, political and economic relations. What is the standing of these entities in our socio-legal framework? What is the legal status of the commercial transactions they enter into? What legal status should artificial agents have? Should they be mere things, tools, and instrumentalities? Do they have any rights, duties, obligations? What are the legal strategies to make room for these future residents of our polity and society? The increasing sophistication, use, and social embedding of computerized agents makes the coherent answering of older questions raised by mechanical automation ever more necessary.

Carving out a niche for a new category of legal actor is a task rich with legal and philosophical significance. The history of jurisprudence addressing doctrinal changes in the law suggests legal theorizing to accommodate artificial agents will inevitably find its pragmatic deliberations colored by philosophical musings over the nature and being of these agents. Conversely, the accommodation, within legal doctrines, of the artificial agent, will influence future philosophical theorizing about such agents, for such accommodation will invariably include conceptual and empirical assessments of their capacities and abilities. This interplay between law and philosophy is not new: philosophical debates on personhood, for instance, cannot proceed without an acknowledgement of the legal person, just as legal discussions on tort liability are grounded in a philosophical understanding of responsibility and causation.

This book seeks to advance interdisciplinary legal scholarship in answer to the conundrums posed by this new entity in our midst. Drawing upon both contemporary and classical legal and philosophical analysis, we attempt to develop a prescriptive legal theory to guide our interactions with artificial agents, whether as users or operators entering contracts, acquiring knowledge or causing harm through agents, or as persons to whom agents are capable of causing harm in their own right. We seek to apply and extend existing legal and philosophical theories of agency, knowledge attribution, liability, and personhood, to the many roles artificial agents can be expected to play and the legal challenges they will pose while so doing. We emphasize legal continuity, while seeking to refocus on deep existing questions in legal theory.

The artificial agent is here to stay; our task is to accommodate it in a manner that does justice to our interests and its abilities.

The E.U. Data Protection Directive and Robot Chicken

Derek Bambauer — Wed, 25 Jan 2012 21:32:04 +0000

The European Commission released a draft of its revised Data Protection Directive this morning, and Jane Yakowitz has a trenchant critique up at Forbes.com. In addition to the sharp legal analysis, her article has both a Star Wars and Robot Chicken reference, which makes it basically the perfect information law piece…

Supporting the Stop Online Piracy Act Protest Day

Danielle Citron — Wed, 18 Jan 2012 15:11:15 +0000

As my co-blogger Gerard notes, today is SOPA protest day. Sites like Google or WordPress have censored their logo or offered up a away to contact your congressperson, though remain live. Other sites like Wikipedia, Reddit, and Craigslist have shutdown, and more are set to shut down at some point today. There’s lots of terrific commentary on SOPA, which is designed to tackle the problem of foreign-based websites that sell pirated movies, music, and other products–but with a heavy hand that threatens free expression and due process. The Wall Street Journal’s Amy Schatz has this story and Politico has another helpful piece; The Hill’s Brendan Sasso’s Twitter feed has lots of terrific updates. Mark Lemley, David Levine, and David Post carefully explain why we ought to reject SOPA and the PROTECT IP Act in “Don’t Break the Internet” published by Stanford Law Review Online. In the face of the protest, House Judiciary Committee Chairman Lamar Smith (R-TX) vowed to bring SOPA to a vote in his committee next month. “I am committed to continuing to work with my colleagues in the House and Senate to send a bipartisan bill to the White House that saves American jobs and protects intellectual property,” he said. So, too, Senator Patrick Leahy (D-VT) pushed back against websites planning to shut down today in protest of his bill. “Much of what has been claimed about the Senate’s PROTECT IP Act is flatly wrong and seems intended more to stoke fear and concern than to shed light or foster workable solutions. The PROTECT IP Act will not affect Wikipedia, will not affect reddit, and will not affect any website that has any legitimate use,” Chairman Leahy said. Everyone’s abuzz on the issue, and rightly so. I spoke at a panel on intermediary liability at the Congressional Internet Caucus’ State of the Net conference and everyone wanted to talk about SOPA. I’m hoping that the black out and other shows of disapproval will convince our representatives in the House and Senate to back off the most troubling parts of the bill. As fabulous guest blogger Derek Bambauer argues, we need to bring greater care and thought to the issue of Internet censorship. Cybersecurity is at issue too, and we need to pay attention. Derek may be right that both bills may go nowhere, especially given Silicon Valley’s concerted lobbying efforts against the bills. But we will have to watch to see if Representative Smith lives up to his promise to bring SOPA back to committee and if Senator Leahy remains as committed to PROTECT IP Act in a few weeks as he is today.

Surveillance, For Your Benefit?

Danielle Citron — Sun, 25 Dec 2011 21:15:55 +0000

Bloomberg Businessweek reports on retailers’ use of camera surveillance to glean intelligence from shoppers’ behavior. A company called RetailNext, for instance, runs its software through a store’s security camera video feed to analyze customer behavior. It describes itself as the “leader in real-time in-store monitoring, enabling retailers and manufacturers to collect, analyze and visualize in-store data.” According to the company, it “uses best-in-class video analytics, on-shelf sensors, along with data from point-of-sale and other business systems, to automatically inform retailers about how people engage in their stores.” RetailNext’s software can integrate data from hardware such as RFID chips and motion sensors to track customers’ movements. The company explains that it “tracks more than 20 million shoppers per month by collecting data from more than 15,000 sensors in retail stores.” Its service apparently helps stores figure out where to place certain merchandise to boost sales. T-Mobile uses similar technology from another firm 3VR, whose software tracks how people move around their stores, how long they stand in front of displays, and which phones they pick up and for how long. 3VR is testing facial-recognition software that can identify shoppers’ gender and approximate age. Businessweek explains that the “software would give retailers a better handle on customer demographics and help them tailor promotions.” What we are seeing is, according to 3VR’s CEO, just “scratching the surface as someday “you’ll have the ability to measure every metric imaginable.”

Indeed. Little imagination is needed to predict the future in light of our present. As Joseph Turow‘s important new book The Daily You: How the New Advertising Industry Is Defining Your Identity and Worth (Yale University Press) explores, data collection and analysis of individuals is breathtaking. In the name of better, more relevant advertising and marketing efforts, companies like Acxiom have databases teeming with our demographic data (age, gender, race, ethnicity, address, income, marital status), interests, online and offline spending habits, and heath status based on our purchases and online comments (diabetic, allergy sufferer, and the like). Consumers are sorted into categories such as “Corporate Clout,” “Soccer and SUV,” “Mortgage Woes,” and “On the Edge.” eXelate gathers online data of over 200 million unique individuals per month through deals with hundreds of sites: their demographics, social activities, and social networks. Advertisers can add even more data to eXelate’s cookies– data from Nielsen, which includes Census Bureau data, as well as data brokers’ digital dossiers. Data firms like Lotame track the comments that people leave on sites and categorize them. Now, let’s consider weaving in facial recognition software and retailer cameras of companies like 3VR and RetailNext. And to really top things off, let’s think about linking all of this data to cellphone location information. The surveillance of networked spaces would be totalizing.

Turow’s book exposes important costs of these developments. This post will discuss a few–hopefully, I can have Professor Turow on for a Bright Ideas feature. This sort of targeting and hyper surveillance leaves many with far more narrow options and with social discrimination. Marketers use these databases to determine if Americans are worthy “targets” or not-worth-bothering with “waste.” For the “Soccer and SUV” moms between 35 and 45 who live in the West Coast and want to buy a small car, car companies may offer them serious discounts via online advertisements and e-mail. But their “On the Edge” counterparts get left in the cold with higher prices–why bother trying to attract people who don’t pay their debts? All of this sorting encourages media to offer soft stories designed to meet people’s interests, as secretly determined by those gathering and analyzing our networked lives. This discussion brings to mind to another important read: Julie Cohen‘s Configuring the Networked Self: Law, Code, and the Play of Everyday Practice (Yale University Press). As Professor Cohen thoughtfully explores, this sort of surveillance has a profound impact on the creative play of our everyday lives. It creates hierarchies among those watched and systematizes difference. I’ll have lots more to say about Cohen’s take on our networked society more generally, soon. In March, we will be hosting an online symposium on her book–much to look forward to in the new year.

Gamifying Control of the Scored Self

Frank Pasquale — Mon, 19 Dec 2011 20:21:11 +0000

Social sorting is big business. Bosses and bankers crave “predictive analytics:” ways of deciding who will be the best worker, borrower, or customer. Our economy is less likely to reward someone who “builds a better mousetrap” than it is to fund a startup which will identify those most likely to buy a mousetrap. The critical resource here is data, the fossil fuel of the digital economy. Privacy advocates are digital environmentalists, worried that rapid exploitation of data either violates moral principles or sets in motion destructive processes we only vaguely understand now.*

Start-up fever fuels these concerns as new services debut and others grow in importance. For example, a leader at Lenddo, “the first credit scoring service that uses your online social network to assess credit,” has called for “thousands of engineers [to work] to assess creditworthiness.” We all know how well the “quants” have run Wall Street—but maybe this time will be different. His company aims to mine data derived from digital monitoring of relationships. ITWorld headlined the development: “How Facebook Can Hurt Your Credit Rating”–”It’s time to ditch those deadbeat friends.” It also brought up the disturbing prospect of redlined portions of the “social graph.”

There’s a lot of value in such “news you can use” reporting. However, I think it misses some problematic aspects of a pervasively evaluated and scored digital world. Big data’s fans will always counter that, for every person hurt by surveillance, there’s someone else who is helped by it. Let’s leave aside, for the moment, whether the game of reputation-building is truly zero-sum, and the far more important question of whether these judgments are fair. The data-meisters’ analytics deserve scrutiny on other grounds.

Privacy and Power

First, there’s the power issue. Note that companies like Lenddo and Klout want access to a complete list of your friends, and their financial profiles, but brag that their own algorithms are “proprietary and secret.” If they really believed in the Silicon Valley hype about “transparency” and “openness,” why not reveal them? Or, if they fear someone will game the algorithms, why not release them after one, two, or five years? And if even that is too trying, how about establishing third party entities to audit the process? James B. Rule highlights the unfairness:

This country’s consumer credit reporting industry ascribes to the great majority of adult Americans a three-digit score epitomizing their potential profitability as charge-account customers, credit card users, or mortgage applicants. As in virtually all systems of mass surveillance, credit tracking and scoring enables institutions to make ever-finer distinctions in their treatment of the people they deal with.

But note that American consumers have no remotely comparable monitoring system to help them choose among retailers, products, and services. This is hardly for lack of need. A consumer-friendly tracking system could furnish the same comprehensive, instantaneously available data to buyers that credit reporting provides to lenders and retailers.

All of this would cost money, though consumer savings would likely make up for the public costs. What’s more problematic is that such a system would require manufacturers and sellers to provide crucial data. They will, of course, insist that such information is proprietary—that is, they own it, and they’re not giving it up. The reasons for such resistance are obvious: Better information for consumers spells potential disadvantage for sellers. . . .

The dramatic discrepancies between these two surveillance potentials—one an ultra-sophisticated reality, the other grossly underdeveloped—are by no means imposed by technology. They reflect sponsorship. This country’s lending and retail industries are simply better organized and more resourceful interests than consumers.

When Big Data’s cheerleaders rhapsodize about understanding our social world better than ever, remember that they are often talking about enhanced methods of monitoring and manipulating those too politically weak to demand privacy (or recompense for its invasion).

Nathan Newman has anticipated the problem will confound even notable enforcement actions:

[H]ere’s the big problem with [current FTC] privacy audits. When they were first being discussed, consumer groups like the Electronic Privacy Information Center (EPIC) asked that any audits be made public. The response from the Federal Trade Commission was not encouraging. They told the groups the audits would not be published but “the public may have access to the submissions required pursuant to the order” using tools like the Freedom Of Information Act (FOIA).

[FOIA exempts trade secrets in many cases.] So the company may be using innovative strategies to violate consumer privacy and will demand that the FTC hide those methods from the public by deeming them “trade secrets.” The joke here is that these companies are systematically violating consumer privacy but are demanding secrecy for the regulatory review of those violations.

As I noted in another context: there is one rule of privacy law for the powerful, and quite another for the powerless. For US courts, trade secrecy remains sacred, even as privacy is eroded at every turn.

Hopeful Monsters: Survival of Cyberspace’s Fittest

Reporters tend to worry that people will change their behavior once the full negative impact of “deadbeat” friends becomes clear. I don’t share that worry presently, mainly because monitoring now is so pervasive that it would be a herculean mental feat simply to keep track of all the ways one could misbehave in the eyes of some digital sensor (or censor). Rating tools may also be so opaque that gaming them seems to be a Sisyphean task. But I do worry that we won’t adequately appreciate the ways in which these services make the world more congenial for certain personality types and less so for others. For example, a person who automatically cuts off contact with “friends in need” may get cheaper credit and more opportunities if Lenddo becomes very successful. Quantified selves who tend to quickly conform to such a gamified social life will also “score.” I’ve already heard stories of Twitterati churning through followers to maximize “Klout.” Both reinforce troubling trends in the US economy’s reward structure.

Of course, we all have such tendencies in us; it’s not as if there’s a certain calculative ideal-type out there ready to take advantage of the new social gamescape of reputation enhancement. Sadly, even that complexity may ultimately be flattened by a world of constant monitoring. Mark Zuckerberg memorably said that:

You have one identity…The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly… Having two identities for yourself is an example of a lack of integrity.

In response, Aaron Bady has drawn on the thought of W.E.B. Dubois to defend “the multitudes of identities we each contain:”

Why is it that people want to control their privacy? It isn’t so much that people want to “hav[e] a different image for your work friends or co-workers,” as [Zuck] sort of innocuously puts it; it’s not an issue of choice for people who need to have a different image for their boss than the one they have in real life. The less the people who sign your paycheck know about you, after all, the less they know that you’re not simply a simple worker-drone toiling away in their sugar fields, and that can be an urgent thing in a time where everyone who works for someone else could be replaced at any time.

But even the less dire firewalls we try to build in our lives are fundamentally about asserting our ability to choose; we hide things from our friends and family to the extent we fear they’ll disapprove and make that disapproval meaningful by intervening. We compartmentalize not because we’re split between different notions of ourself, but because the multitudes of identities we each contain bump up against people’s expectations that we each be a particular way.

When individuals resist the pervasive monitoring of services like Klout or Lenddo (or more traditional data brokers and credit bureaus), it’s not necessarily because they have something to hide. Rather, it’s because they already feel amply manipulated and controlled by existing constellations of knowledge and power. To paraphrase Tarleton Gillespie, “We don’t have a clear sense of how to talk about the politics of th[e] algorithm[s]” now vying to credit or discredit our digital selves as powerfully and profitably as entities like credit bureaus and DHS evaluate our physical selves. Until norms of reciprocal transparency render them as legible as they’d like to make us, it is wise to keep a cautious distance.

*To push the metaphor one more step: Scott Peppet has identified unraveling dynamics that are probably the digital equivalent to sudden methane release from permafrost.

Image Credit: Seanrnicholson.

Stanford Law Review Online: Don’t Break the Internet

Stanford Law Review — Mon, 19 Dec 2011 08:14:43 +0000

The Stanford Law Review Online has just published a piece by Mark Lemley, David S. Levine, and David G. Post on the PROTECT IP Act and the Stop Online Piracy Act. In Don’t Break the Internet, they argue that the two bills — intended to counter online copyright and trademark infringement — “share an underlying approach and an enforcement philosophy that pose grave constitutional problems and that could have potentially disastrous consequences for the stability and security of the Internet’s addressing system, for the principle of interconnectivity that has helped drive the Internet’s extraordinary growth, and for free expression.”

They write:

These bills, and the enforcement philosophy that underlies them, represent a dramatic retreat from this country’s tradition of leadership in supporting the free exchange of information and ideas on the Internet. At a time when many foreign governments have dramatically stepped up their efforts to censor Internet communications, these bills would incorporate into U.S. law a principle more closely associated with those repressive regimes: a right to insist on the removal of content from the global Internet, regardless of where it may have originated or be located, in service of the exigencies of domestic law.

Read the full article, Don’t Break the Internet by Mark Lemley, David S. Levine, and David G. Post, at the Stanford Law Review Online.

Note: Corrected typo in first paragraph.

Should Teachers Be Banned from Communicating with Students Online?

Daniel Solove — Sun, 18 Dec 2011 02:40:30 +0000

Increasingly, states and school districts are struggling over how to deal with teachers who communicate with students online via social network websites. One foolish way to address the issue is via strict bans, such as a law passed in Missouri earlier this year that attempted to ban teachers from friending students on social network websites. Such laws are likely violations of the First Amendment right to freedom of speech and association, and I blogged at the Huffington Post that the law was unconstitutional. Soon thereafter, a court quickly struck down the law.

The NY Times now has an article out about the challenges in crafting social media policies for teacher-student interaction, noting that “stricter guidelines are meeting resistance from some teachers because of the increasing importance of technology as a teaching tool and of using social media to engage with students.”

There are a number of considerations that schools should think about when crafting a social media policy:

1. The policy should account for the fact that there are legitimate reasons for students and teachers to communicate online. A teacher might be related to a student, and certainly a law or policy shouldn’t ban parents from friending their children. Or a teacher might be a godparent to a child or a close family friend or related in some way.

2. One middle-ground approach is to require parental consent whenever a teacher wants to friend a minor student online. This greater transparency will address the cases where teachers might have inappropriate communication with minors.

3. Clear guidelines about appropriate teacher expression should be set forth, so teachers know what things will be inappropriate to say. Teachers need to learn about their legal obligations of confidentiality, as well as avoiding invasions of privacy, defamation, harassment, threats, and other problematic forms of speech.

4. When teachers use social network sites in the classroom — or otherwise use blogs and online posting as a teaching device — they should exercise great care, especially when requiring minors to express themselves publicly online. I’ve seen some class blogs, where students are asked to post reactions to reading or write online journals. Making students post their views and opinions to the public, especially at such a young age, strikes me as a problematic practice. The Children’s Online Privacy Protection Act (COPPA) would protect minors under the age of 13, but teachers should be sensitive to minors 13 and older too. No minor student should be required to post any personal information or class assignment on a publicly-accessible website without the student’s consent and the parent’s consent. And all websites that involve student personal information have a privacy policy.

5. Education is key. I’ve read about a lot of cases involving improper social media use by educators, and they often stem from a lack of awareness. Teachers think they can say nearly anything and it will be protected by the First Amendment. The First Amendment law actually gives schools a lot of leeway in disciplining educators for what they say, and educators can also be sued by those whom they write about. Educators often think that if they post something anonymously, then it is okay or they can get away with it — but anonymity online is often a mirage, and comments can readily be traced back to the speaker. And educators often set the privacy settings on social media sites incorrectly. They don’t spend enough time learning the ins and outs of the privacy settings. These are actually quite tricky — even rocket scientists have trouble figuring them out.

Facebook Settles with the FTC

Daniel Solove — Tue, 29 Nov 2011 21:53:01 +0000

Facebook has settled with the FTC over its change to its privacy policies back in 2009. According to the FTC complaint, as summed up by the FTC press release, Facebook engaged in a number of unfair and deceptive trade practices:

In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.

Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.

Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.

Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.

Facebook promised users that it would not share their personal information with advertisers. It did.

Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

The settlement, which requires auditing of Facebook for 20 years, makes a number of requirements. Facebook will be:

barred from making misrepresentations about the privacy or security of consumers’ personal information;

required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;

required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

Facebook, Bullet Not Dodged Yet (Part Deux)

Danielle Citron — Thu, 06 Oct 2011 13:07:36 +0000

In June, I blogged about the dreaded question (for parents of teenagers): “Mom, can I have a Facebook profile?” At the time, we talked about its benefits and drawbacks. On the one hand, it’s a gateway to socializing that she had been missing given her late birthday. Different sports leagues had Facebook groups, perhaps she needed to join, and other activities would as well. On the other hand, her privacy and reputation could be jeopardized, by her own hand or her “friends.” Facebook’s privacy settings are notoriously whimsical, and more importantly as Steve Bellovin’s work shows notoriously misunderstood–setting up an account was indeed a game of chance, or as Bob Keller notes, like giving your kid a pipe of crystal meth. We gave our thirteen year old kid the choice and told her to talk to us when she was ready to get started. The summer came and went and all was quiet. So now, a good five months later and a good five months wiser, my kid has decided that she wants to think about getting a Facebook page again. And the conversation went something like this (she did all of the talking): So I’m feeling excited about this. Facebook would let me stay in touch with my sleep-away camp friends who live all over the place and I could friend kids that I meet from other schools in the area, at games, mixers, etc. And I am jazzed about this new close friends feature that everyone’s been talking about. This way I can share photographs only with my five best pals and I don’t have to worry. (Pause). But, I really want to friend the kids from camp and want them to see what I am up to, so this close friends feature may not work. And what if those camp friends have weird friends or end up being strange themselves. I can’t de-friend them, can I and still pal around at camp? And I don’t want other people making judgments about me based on what those not-so-close friends are up to? Will colleges see what I am doing, when it comes time? And what if someone goes on my close friend’s computer and copy and pastes my silly remarks and it goes viral, like the Friday girl who ended up getting death threats and harassed. Can I put up my favorite artists? I definitely can say I like the Beatles and Elton John, but can I say Kesha? Will people think I am appropriate if I put Kesha down or Katy Perry? Some of their songs are, err, a little inappropriate.

After all of that, my kid said she needed to think about it, it all seemed so, well, complicated. That seemed just the right word: complicated. But the question seems even more tricky now than it did in June. Who is she doing this for? Taking cues from Erving Goffman, life is a performance. Some of it is just for you–a way to develop oneself, experiment, play, and figure out who you are as much as who you are not. Much of it is for others. We perform different roles for the people in our lives: friends, parents, co-workers, coach, priest/imam/rabbi, acquaintances, and strangers. Some performances are oppressive: we cover or pass as best we can in the face of stigma and prejudice. And we perform at a time of extensive social and political surveillance. We feel watched, and for good reason. Companies give us social influence scores. Employers, marketers, and businesses use those scores to benefit some, leaving others less favored and less fortunate. Maybe we perform online for them? Colleges look at social media profiles. (danah boyd has a great piece about a question a college asked her about a student’s MySpace page, which seemingly contradicted his college essay.) Do young people perform for them? At the same time, government monitors our online presence, searching for threats to critical infrastructure and the like. Government 2.0 social media sites may be keeping track of the stories we like, the friends we make, and pictures we post. Who knows? Agencies aren’t promising not to watch us, so maybe being careful is smart. Are we performing for fusion centers and our government social media friends? All of this watching brings to mind Julie Cohen’s book Configuring the Networked Self: Law, Code, and the Play of Everyday Practice (Yale University Press, forthcoming 2011, see her talk here)–more on that in early 2012 in our online symposium on the book. Navigating those questions every time one posts on Facebook is bewildering, especially because we can’t really control what happens to the information posted there. A commentator on my previous post basically said that I had better get a grip on reality, that nothing I did or said could influence what she did and she would hate me anyway. I guess we just fundamentally disagree. Parenting is a huge responsibility, and lots of what my kid is mulling comes from long, long conversations we have had about being a responsible and smart digital citizen. I am looking forward to talking it through again, once she has a better idea of what she wants to do.

P.S. Sorry about the light blogging, working on my first book on cyber mobs and hate (forthcoming Harvard University Press).

H/T Susan McCarty (who helped me find the db piece) , JJC

Hot Summer Flashes, Black Urban Mobs

Olivier Sylvain — Tue, 06 Sep 2011 03:52:46 +0000

Like Professor Zick, I am grateful for the invitation to share my view of the world with Concurring Opinions. I’d like to pick up where his post on strange expressive acts left off and, along the way, perhaps answer his question.

Flash mobs have been eliciting wide-eyed excitement for the better part of the past decade now. They were playful and glaringly pointless in their earliest manifestations. Mobbers back then were content with the playful performance art of the thing. Early proponents, at the same time, breathlessly lauded the flash mob “movement.”

MGK leads a movement (Youtube)

Today, the flash mob has matured into something much more complex than these early proponents prophesied. For one, they involve unsupported and disaffected young people of color in cities on the one hand and, on the other, anxious and unprepared law enforcement officials. A fateful mix.

In North London in early August, mobile online social networking and messaging probably helped outrage over the police shooting of a young black man morph into misanthropic madness. Race-inflected flash mob mischief hit the U.S. this summer, too. Most major metropolitan newspapers and cable news channels this summer have run stories about young black people across the country using their idle time and fleet thumbs to organize shoplifting, beatings, and general indiscipline. This is not the first time the U.S. has seen the flash mob or something like it. (Remember the 2000 recount in Florida?) But the demographic and commercial politics of these events in particular ought to raise eyebrows.

The one thing they have raised is the temperatures of public officials and hatemongers across the country. In response to alleged epidemic level flash mob-enabled violence this summer, for example, Philadelphia Mayor Michael Nutter has imposed a curfew on minors until school resumes after Labor Day. (To the city’s credit, it has also extended hours at libraries and recreational centers. The questions, however, are at least twofold. First, why were these hours abbreviated to begin with? Second, are these measures enough?)

While unsavory, the curfew on minors is not unprecedented or without compelling justification. A recent episode in San Francisco is more controversial. Citing concerns about safety, Bay Area Rapid Transit officials shutdown cellphone service at four train stations last month to quell protests over the shooting of a homeless man by transit officers. Such “time, place, and manner” restrictions have predictably led to further protests, and raised the ire of free speech advocates.

For citizen council types, these sorts of events have been conflated. They see the unholy alliance of urban youth and new technology as a threat to the U.S.’s cultural integrity. Never mind the deep material structural inequalities at work. What we apparently need are more guns in the hands of “law-abiding” citizens in cities with no history of flash mobs. In this Tea Party era, such musings should not be taken lightly. Consider that Fox News, in all of its subtle attention to such matters, is on the case.

To be fair, conventional wisdom in the U.S. also assumes that mobile online social networking enlarged the possibility for violence in London and freedom in North Africa this year. (As of yet, recent social science research and anecdotal accounts that social upheavals are actually more likely to occur when governments make social networks unavailable has gone mostly under-appreciated.) Still, after this summer, it is fair to say that flash mobs do not inspire the same googly-eyed romance they once did. They are now invoked to justify governmental regulation of speech and assembly, as well as “self-defense” against black urban youth.

But that is not all. Profit-inspired “cool-hunters” are eagerly tapping into this racialized framing, fully aware of its commercial potential. Fresh off his new signing with Sean Comb’s Bad Boy, white rapper Machine Gun Kelly used his Twitter account in mid-August to convene screaming fans at a suburban Cleveland mall. The under-140-character instigation caused the kind of frenzy reserved for the Friday after Thanksgiving. Kelly was arrested within minutes of showing up. This, of course, didn’t bother the hundreds of fans that came; they got all the retail enticement they needed. And Kelly was clear on the meaning of the day’s events after being released that evening: “All yall industry cats, yall wanna see a REAL movement? Holler at my fans. Today was a statement.”

After this summer, I think we can say that the flash mob is far more complicated than Kelly or others have let on. To be sure, the communicative capacities afforded by mobile online social networking are expansive. At the same time, however, we’d benefit from some perspective. It’s probably much safer to see the flash mob as symptomatic of social and economic pressures that preceded and underlie it, and that will continue well after the next thing hypnotizes popular consciousness. Until then, it probably makes more sense, in this summer of economic discontent, to tend to the material dynamics at work in the lives of the young people in Philadelphia and elsewhere before seizing on the “promise” or “threat” of something as inert and manipulable as The Flash Mob.

Identifying Those Responsible for a “Living Horror” and Its Signficance for Proposed Federal Law

Danielle Citron — Thu, 18 Aug 2011 15:48:25 +0000

In what can only be described as the worst side of humanity, the bulletin board Dreamboard hosted a members-only sharing of child pornography, particularly of children under 12. New members could join the board only if they posted child pornography. Members had to continue to post images of child porn every 50 days or face removal. The rules of the board, printed in English, Russian, Japanese, and Spanish, included: (1) “Keep the girls under 13, in fact, I really need to see 12 or younger to know your[sic] a brother,” (2) “don’t avoid nudity in previews. I will NOT accept you if there’s no nudity. And my definition of nudity is pussy or anal in the shot. You just waste your own time if you don’t do this. Because you will not get in, if you don’t follow the rules.” One section of Dreamboard was titled “Super Hardcore,” and the rules required images and videos of “very young kids, getting fucked, and preteens in distress, and or crying. . . . If a girl looks totally comfortable, she’s not in distress, and it does NOT belong in this section.” This part of the site featured images of adults having violent sexual intercourse with very young children, including infants. One file was entitled “2yo assfuck she cries for mommy nasty pthc pedo 1 yo 3 yo 4 yo.” The board amassed over 120 terabytes of violent sexual rape and abuse of children.

According to the rules of the site, members were to use encryption technologies to prevent detection. The rules specified precisely which encryption technologies and proxy servers should be used and which should be avoided. Members did not use their real names, but instead screen names to conceal their identities. All of this suggests that the board went to great lengths to secure their anonymity.

Early this month, Attorney General Eric Holder, Jr. announced that federal investigators has charged 72 people for violating child pornography laws and more than 50 people have been arrested in the United States. The defendants included doctors, lawyers, police officers, and a Navy commander, according to the Ellis County Observer. Thirteen of those charged have pled guilty, and four members have been sentenced between 20 and 30 years. Around 600 people from around the world were members of the bulletin board, which has been shut down. The bulletin board used a server in Atlanta. As Assistant Attorney General Lanny Breuer explained, the site “was a living horror.” John Morton, director of Immigration and Customs Enforcement, declined to say how investigators overcame the technological precautions used by some of the members. He did tell the New York Times: “To those inclined to abuse small children, know this: this isn’t a place on the Internet or the planet in which you are truly safe. It may take us some time, it may take us some effort, but we will find you regardless of a screen name, a proxy server or an encryption effort, period.”

The Dreamboard bulletin board hosted a pernicious cyber mob, whose members egged each other on to commit more and more depraved acts. They provided tips on the steps involved in grooming a child, and lauded members who hosted particularly violent sexual abuse on very young children. The younger, and more distressed the child, the greater applause and access to the site. Some of the worst of the worst of humanity, making it difficult to even describe.

The DOJ executed the recent arrests just days after the House Judiciary Committee approved the Protecting Children from Internet Pornographers Act of 2011 (“the Act”), which would require ISPs to implement certain data retention requirements. Under the bill, ISPs would be required to keep the IP addresses assigned to their subscribers for at least a year to help authorities track down individuals who were violating child pornography laws. As the Atlantic’s Conor Friedersdorf explains, police can access an individual’s Internet history if the person is suspected of a crime, no probable cause is needed.

The Dreamboard indictments, arriving on the heels of the Act’s house committee approval, raise a number of questions, ones that implicate my advocacy of traceable anonymity (which took cues from Dan Solove’s Future of Reputation) and Paul Ohm‘s important criticism that trading traceability anonymity for section 230 immunity would be like throwing Napalm when a surgical strike would do, or something creative like that. A key question is whether the arrests show that the Act’s data retention requirements may be unnecessary. Does the Act buy us too little and cost us too much? As the arrests show, law enforcement can find child pornographers, even those who engage in the most sophisticated practices to remain hidden. Conor Friedersdorf argues that the Act may lead us down a slippery slope to J. Edgar Hoover and the potential for government abuse of the massive ISP databases. He also wisely worries that massive mandated databases are rife for the picking by the group Anonymous, which by my lights isn’t more than a group of bigoted thugs who have fooled the media into believing they are “hacktivists.” (More on Anonymous on the blog and my future book Cyber Civil Rights: Combating Hate in the Information Age). Does this discussion cast doubt on the notion that Internet intermediaries should retain IP addresses in order to enjoy Section 230′s immunity from liability for the postings of others? Should we instead think about a notice and track regime, with a proviso to punish those who seek to abuse the privilege?

The Pluses of Google+

Ari Waldman — Wed, 20 Jul 2011 14:46:02 +0000

I love shiny new toys. Sometimes, its a crisp new book (Pauline Maier, for one… thanks Gerard!); other times, it’s something plush and adorable, like the yellow Angry Birds doll my 5-year-old nephew “bought” for me last month. Last week, it was Google+.

Google+ is social networking done the Google way. The soft launch is part of Google’s long-running master plan to enter the social networking market and try to do it better than the basically moribund MySpace and the supposedly plateauing Facebook. We are told that Google+’s chief asset is its ability to simulate real relationships, and our different interactions with different types of friends, on the Internet.

Google+ introduces us to circles, where you can take the 800 or so “friends” you would have on Facebook and break them down on your own terms. You have friends, acquaintances, co-workers, well-wishers, frenemies, those-guys-you-met-at-that-terrible-bar, whatever. And, you can use these classifications to tailor your interactions, thus avoiding the problem of your mother, sister or child accessing a picture meant for your pals.

There are also sparks, which are news and video aggregators. It is easy enough to tell a spark what you enjoy doing when you’re not working on important affairs of state, thus allowing you to spend “more time wasting time without wasting your time looking how to waste time.”

And, hangouts are Google+’s attempts to recreate chance encounters. I’m not sure these are completely functioning yet, though. Remember when you used to visit the mall or walked through the West Village and ran into someone you hadn’t seen in years? Hangouts attempt to turn an online social networking into a place where anything social can happen, only with Google+, you “bump” into someone through a video message.

Let’s assume for the moment that all this works as well as we hope and that Google+ allows us to recreate real life in the virtual realm. Facebook is not really trying to recreate real life and simulate precisely how we interact with one another in the physical world. It is trying to supplement it, foster new interactions in new ways. At times, we don’t like that. Facebook’s forced socialization and privacy issues give many social networkers pause. There are many other digital technologies that seek to supplement our physical social world. Grindr, a geolocating social networking service for gay men, is one such example. Grindr allows its members to be out and about, smartphone in hand and find other gay men in the vicinity. Its purpose is to eschew traditional social networking that keeps you saddled to your computer and to let you physically meet people you have something in common with who may be living across the street or down the block. It is interactive, mobile and a multi-purpose tool.

So, Google+ is trying to forge a different path, i.e., using the Internet as an extension of our physical social circles and to keep those circles the way they are now. Of course, that is not to say that Google+ will not bring us closer to new friends — we can still interact with friends of friends, let people we barely know into our network and share content with whomever we please. But, Google+’s chief draw appears to be its greater fidelity to real life. If that is true in the long run, as Google works out the kinks and listens to its users, is that what we want in our online social networks?

The benefits are clear — we can avoid the grandmother seeing you at the bar problem. But there are also disadvantages — we lose the liberating potential of reaching new people. What do you think?

Technology Musings

Taunya Banks — Sun, 03 Apr 2011 18:43:13 +0000

Recently the New York Times carried a front page story about an eighth grade girl who foolishly took a nude picture of herself with her cell phone and sent it to a fickle boy – sexting. The couple broke up but her picture circulated among her schools mates with a text message “Ho Alert” added by a frenemy. In less than 24 hours, “hundreds, possibly thousands, of students had received her photo and forwarded it. In short order, students would be handcuffed and humiliated, parents mortified and lessons learned at a harsh cost.” The three students who set off the “viral outbreak” were charged with disseminating child pornography, a Class C felony.

The story struck a nerve, not only with the affected community, but with the Times’ readers as well. Stories about the misuse and dangers of technology provide us with opportunities to educate our students, and us. In a Washington State sexting incident, for example, the teen charged had to prepared a public service statement warning other teens about sexting to avoid harsher criminal penalties. But the teen’s nude photo is still floating around. Information has permanence on the internet.

Few of us appreciate how readily obtainable our personal information is on the internet. Just google your name and see what you learn about yourself. One of my students did and found, along with the usual links to law school and other websites like Facebook, a statement he made while running for an office in the Christian Legal Society posted on a website unknown to him. Without paying he found his name, home town and state, and a list of his immediate family members. Googling his phone number the first link that popped up was a map that located where he lived. The next link was to spokeo.com “a people search engine that organizes vast quantities of white-pages listings, social information, and other people-related data from a large variety of public sources.” According to Spokeo, its “mission is to help people find and connect with others, more easily than ever.” This site provided, without charge, the initials of all his family members, his approximate age and that of his parents and sister. It revealed the family’s home address, approximate home value and length of residence. Then my student saw a Google picture of his house and himself walking to his car with his backpack, presumably leaving to go to school. He was stunned.

Much of this information reaches the internet through social networking catching us, and our students, off guard. Some of us have Facebook accounts and followers on twitter, while others, concerned about privacy, think we can avoid internet scrutiny altogether, but alas we cannot. While Facebook is more of a “socializing” network, LinkedIn calls itself a “professional network” designed to promote professional contacts. It too has a “friend” feature and I have received email requests from students and law faculty I vaguely know to join their LindedIn network. I’ve declined. Just how “social” should we be in our professional capacity as law professors, students and lawyers? This question plagues all of us in the legal arena, even judges.

In 2009 the Judicial Ethics Advisory Committee of the Florida Supreme Court, in addressing several issues about a judge’s use of a social networking site, wrote that these sites generally serve two purposes. First and foremost they are places “to post pictures, comments, and other material that visitors to the site can view.” But increasingly networking sites are places “to identify a member’s ‘friends’….[,] a person who requests to be identified as the member’s ‘friend’”. The Committee concluded that “a judge may [not] add lawyers who may appear before the judge as ‘friends’ on a social networking site, [or] permit such lawyers to add the judge as their ‘friend.’”

Should we develop similar networking standards for professors and their students? I plan to explore this question in my torts class this fall. So I am constructing a series of problems that involve social media to keep them engaged in thinking about tort law. This also is an opportunity to get them thinking about how their use of social media may raise ethical and professional issues starting as early as law school. Wish me luck.

Vaidhyanathan’s Googlization: A Must-Read on Where “Knowing” is Going

Frank Pasquale — Sat, 12 Mar 2011 17:38:55 +0000

Google’s been in the news a lot the past month. Concerned about the quality of their search results, they’re imposing new penalties on “content farms” and certain firms, including JC Penney and Overstock.com. Accusations are flying fast and furious; the “antichrist of Silicon Valley” has flatly told the Googlers to “stop cheating.”

As the debate heats up and accelerates in internet time, it’s a pleasure to turn to Siva Vaidhyanathan’s The Googlization of Everything, a carefully considered take on the company composed over the past five years. After this week is over, no one is going to really care whether Google properly punished JC Penney for scheming its way to the top non-paid search slot for “grommet top curtains.” But our culture will be influenced in ways large and small by Google’s years of dominance, whatever happens in coming years. I don’t have time to write a full review now, but I do want to highlight some key concepts in Googlization, since they will have lasting relevance for studies of technology, law, and media for years to come.

Cryptopicon

Dan Solove helped shift the privacy conversation from “Orwell to Kafka” in a number of works over the past decade. Other scholars of surveillance have first used, and then criticized, the concept of the “Panopticon” as a master metaphor for the conformity-inducing pressures of ubiquitous monitoring. Vaidhyanathan observes that monitoring is now so ubiquitous, most people have given up trying to conform. As he observes,

[T]he forces at work in Europe, North America, and much of the rest of the world are the opposite of a Panopticon: they involve not the subjection of the individual to the gaze of a single, centralized authority, but the surveillance of the individual, potentially by all, always by many. We have a “cryptopticon” (for lack of a better word). Unlike Bentham’s prisoners, we don’t know all the ways in which we are being watched or profiled—we simply know that we are. And we don’t regulate our behavior under the gaze of surveillance: instead, we don’t seem to care.

Of course, that final “we” is a bit overinclusive, for as Vaidhyanathan later shows in a wonderful section on the diverging cultural responses to Google Street View, there are bastions of resistance to the technology:

One search engine professional, Osamu Higuchi, posted an open letter to Google staff in Japan on his blog in August 2008. The letter urged Google staff to explain to their partners in the United States that Street View demonstrates a lack of understanding of some important aspects of daily life in Japan. Osamu urged Google to remove largely residential roads from Street View. “The residential roads of Japan’s urban areas are part of people’s living space, and it is impolite to photograph other people’s living spaces,” Osamu wrote. . . .

A person walking down the street peering into residents’ yards would be watched right back by offended residents, who would consider calling the police to report such dangerous and antisocial behavior. But with Google Street View, the residents can’t see or know who is peeping. Osamu’s pleas and concerns were shared by enough others in Japan that by May 2009, Google announced it would reshoot its Street View images of Japanese cities with the cameras mounted lower, to avoid peering over hedges and fences.

There are a number of other examples in the book of technology being modified to adopt to cultural norms. But the dominant story is of cultural norms being reshaped by deployment of new technologies.

Public Failure

Progressives often cite “market failure” as a reason for regulation. But the term itself has a hidden laissez-faire bias, implying that markets generally succeed and that intervention is extraordinary. Vaidhyanathan balances the playing field by introducing the idea of the “public failure,” which itself is parasitic on a larger vision of endeavors naturally performed or sponsored by government or civil society. As he explains,

[N]eoliberalism. . . .had its roots in two prominent ideologies: techno-fundamentalism, an optimistic belief in the power of technology to solve problems . . . and market fundamentalism, the notion that most problems are better (at least more efficiently) solved by the actions of private parties rather than by state oversight or investment.

Neoliberalism [included] . . . substantial state subsidy and support for firms that promulgated the neoliberal model and supported its political champions. But in the end the private sector calls the shots and apportions (or hoards) resources, as the instruments once used to rein in the excesses of firms have been systematically dismantled. . . . .

Google has deftly capitalized on a thirty-year tradition of “public failure,” chiefly in the United States but in much of the rest of the world as well. Public failure, in contrast, occurs when instruments of the state cannot satisfy public needs and deliver services effectively. This failure occurs not necessarily because the state is the inappropriate agent to solve a particular problem (although there are plenty of areas in which state service is inefficient and counterproductive); it may occur when the public sector has been intentionally dismantled, degraded, or underfunded, while expectations for its performance remain high.

Vaidhyanathan’s call for a “Human Knowledge Project” in response to this trend is one of the few tech policy proposals that is bold, ambitious, and comprehensive enough to address the challenges posed by privatized knowledge systems. I will address that in more detail in a future post; for those dying to know my thoughts, here is a video where I a) analogize Google’s role in the knowledge system to private insurers’ role in the health system, and b) propose a Medicare-like alternative, or “public option,” to assure a transparent baseline of access to knowledge for those not served by Google and similar systems.

Facebook as Hitbook, Sigh

Danielle Citron — Tue, 15 Feb 2011 14:20:02 +0000

Facebook and other social network sites offer much to celebrate. They have given new life to long-standing relationships and cemented new ones while providing innovative means to share ideas and engage with different communities. Offline relationships are extended online. Student groups meet in classrooms as well as on YouTube channels. Employees talk in the office and online (sometimes even to critique their bosses with co-workers, see Kashmir Hill‘s always- thought-provoking commentary).

Naturally, with all of this socializing comes the far darker side of human relationships. Social network sites sponsor threats, harassment, and hatred, leading to important, though always outmatched, voluntary efforts to address destructive behaviors. Given the scale of these sites, the Chief Safety Officers of those social network sites need help identifying malicious activity that their Terms of Service prohibit. This summer, Facebook and the police learned about another disturbing case: a Chester County man tried to use Facebook to hire a hit man to kill a woman who accused him of rape. In July, the woman called the police after seeing a posting on the man’s Facebook page that offered $500 for “a girls head.” The man later updated the posting, saying that he “needed the girl knocked off right now.” As the Huffington Post recently reported, the man pleaded guilty to rape, criminal solicitation of murder, and other counts.

Wikipedia’s Efforts to Close its Gender Gap

Danielle Citron — Tue, 01 Feb 2011 16:39:35 +0000

Time magazine recently did a true-to-form story on Wikipedia, where guest editors (and our very own featured author) Jonathan Zittrain (see here too), Robert McHenry, Benjamin Mako Hill, and Mike Schroepfer assisted in writing/editing/re-writing a feature entitled Wikipedia’s “Ten Years of Inaccuracy and Remarkable Detail.” As the piece explained, Wikipedia just celebrated its 10th birthday. The site has 17 million entries in more than 250 languages, quite a feat given that Encyclopedia Brittanica only has 120,000 and only in English. The Time wiki-like piece notes that Wikipedia has a “diverse, international body of contributors.”

According to The New York Times, most contributors are male. More specifically, “less than 15 percent of its hundreds of thousands of contributors are female.” This, in turn, has skewed the gender disparity of topics and emphasis. Wikimedia’s executive director Sue Gardner explains that topics favored by girls such as friendship bracelets can seem short when compared with lengthy articles on something boys typically like such as toy soldiers or baseball cards. The New York Times notes that a category with five Mexican feminist writers might not seem so impressive when compared with 45 articles on characters in “The Simpsons.”

Why is this so? Joseph Reagle, a fellow at the Berkman Center for Internet and Society at Harvard and author of “Good Faith Collaboration: The Culture of Wikipedia,” explains that Wikipedia’s early contributors shared “many characteristics with the hard-driving hacker crowd,” including an ideology that “resists any efforts to impose rules or even goals like diversity, as well as a culture that may discourage women.” He notes that adopting an ideology of openess means being “open to very difficult, high-conflict people, even misogynists.” The demographics of Wikipedia’s editors may also stem, in part, from the tendency of women to be “less willing to assert their opinions in public.”

How Wikipedia is now, and has been, responding is worth noting. Sue Gardner told the Times that she hopes to raise the share of women contributors through subtle persuasion and outreach to welcome newcomers to Wikipedia. Dave Hoffman and Salil Mehra’s terrific piece Wikitruth Through Wikiorder demonstrates that the site has already fostered efforts to create a more inclusive environment. As Hoffman and Mehra explain, Wikipedia has an Arbitration Committee whose volunteer members rule on disputes and set forth concrete rules on how users should behave. The Arbitration Committee has sanctioned users who make homophobic, ethnic, racial or gendered attacks or who stalk and harass others. According to Hoffman and Mehra’s empirical study, in cases when either impersonation or anti-social conduct like hateful attacks occur, the Administrative Committee will ban the user in 21% of cases. Wikipedia’s more than 1,500 administrators, in turn, enforce those rules. Wikipedia also permits users to report impolite, uncivil, or other difficult communications with editors in its Wikiquette alerts notice board.

The Ugly Persistence of Internet Celebrity

Danielle Citron — Sun, 30 Jan 2011 23:16:38 +0000

Many desperately try to garner online celebrity. They host You Tube channels devoted to themselves. They share their thoughts in blog postings and on social network sites. They post revealing pictures of themselves on Flickr. To their dismay though, no one pays much attention. But for others, the Internet spotlight finds them and mercilessly refuses to yield ground. For instance, in 2007, a sports blogger obtained a picture of a high-school pole vaulter, Allison Stokke, at a track meet and posted it online. Within days, her picture spread across the Internet, from message boards and sport sites to porn sites and social network profiles. Impostors created fake profiles of Ms. Stokke on social network sites, and Ms. Stokke was inundated with emails from interested suitors and journalists. At the time, Ms. Stokke told the Washington Post that the attention felt “demeaning” because the pictures dominated how others saw her rather than her pole-vaulting accomplishments.

Time’s passage has not helped Stokke shake her online notoriety. Sites continuously updated their photo galleries with pictures of Stokkes taken at track meets. Blogs boasted of finding pictures of Stokke at college with headings like “Your 2010 Allison Stokke Update,” “Allison Stokke’s Halloween Cowgirl Outfit Accentuates the Total Package,” and “Only Known Allison Stokke Cal Picture Found.” Postings include obscene language. For instance, a Google search of her name on a safety setting yields 129,000 results while one with no safety setting has 220,000 hits. Encyclopedia Dramatica has a wiki devoted to her (though Wikipedia has faithfully taken down entries about Ms. Stokke).

Ms. Stokke’s struggles exemplify the limitations of privacy tort law in the digital age. The public disclosure tort only applies to private matters, not to pictures taken in public at track meets or sorority parties. And it provides no relief on matters deemed newsworthy, which may be applicable given the persistent interest in Ms. Stokke over the past four years. The intrusion on seclusion claim, too, offers no help as it provides relief only when parties invade spaces deemed private. Without law’s help, Ms. Stokke and her family tried to take matters into their own hands but were outmatched by a leering online crowd. As soon as they asked sites to take the pictures down (and many did), others appeared. Perhaps Eric Schmidt had it right when he suggested that young people change their names to move beyond their digital pasts. Ms. Stokke’s persistent and unwanted online celebrity shows the continued importance of Daniel Solove’s book The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.

Love’s Labour’s Lost in Cyberspace

Danielle Citron — Thu, 27 Jan 2011 19:27:31 +0000

Early this month, a class of Match.com subscribers sued the service for breach of contract, breach of the implied covenant of good faith, and negligent misrepresentation in federal district court in the Northern District of Texas. The complain t alleges that while Match.com claims to have “millions of active subscribers, well over half of the profiles on its site belong to inactive members who have canceled their membership or allowed their subscriptions to lapse and/or are fake and fraudulent profiles posted by scammers and others.” It asserts that as for inactive members, Match.com “takes virtually no action to remove these profiles . . . for months and sometimes years,” only removing them after former subscribers call to complain. As to fake and fraudulent profiles, the complaint states that Match.com “makes little to no effort to vet, police, or remove these profiles.”

According to the complaint, Match.com intentionally failed to remove the profiles of inactive and former subscribers in order to induce members of the class action “to either become or remain paying members.” The complaint claims that Match.com: (1) “routinely and intentionally represents that there are significantly more active members on the website than there actually are,” (2) falsely labels profiles as “active within [#] days” when the accounts belong to canceled and/or inactive accounts,” (3) sends “former and inactive members ‘winks’ informing them that a potential match is trying to contact them in order to get them to renew their subscriptions (only to find out after they do so that the supposed seeker does not exist), (4) fails “to effectively vet new profiles to determine whether they are fake or fraudulent despite easily discernible ‘red flags’ (including repeated use of imagery and language, and use of notorious IP address origins), and (5) misleads users into believing that the site has equal numbers of male and female members while the “makeup of actual active users is heavily skewed towards single males.”

To support their allegations, Plaintiffs point to changes in the site’s architecture. For instance, whereas members could themselves hide their profiles after becoming inactive members from 2006 to 2007, only Match.com employees could block a member’s profile from view beginning in 2008. The complaint also recounts the testimony of former Match.com employees who attest that the company’s database included a “huge” number of “filler profiles.” As for the complaint’s allegation that Match.com failed to police the site for fraudulent members, the plaintiffs seemingly point to language in the Terms of Use agreement that permits Match.com to review and delete content that violates its terms. They also suggest that “computer technologies exist that would allow the company to effectively and efficiently police its website for the benefit and safety of its customers.”

So what might we make of all of this? The fraudulent misrepresentation claims seem likely to survive a motion a dismiss given the purported testimony of former employees’ regarding filler profiles and intentional refusal to hide profiles of inactive members. The breach of contract and implied covenant claims are, in part, based upon the company’s alleged failure to police its site of fraudulent postings. Even accepting all of plaintiffs’ allegations as true, it is difficult to see how Match.com has alleged a cognizable claim that it obligated itself to police the site. According to Match.com’s Terms of Use, users agree not to post false information and Match.com retains the right to remove content that violates its terms (including offensive hate speech and stalking). It also states that Match.com is not responsible for content created by users and does not screen members. It would be terrific to hear what contract scholars like Dave and Larry as well as our commentators think of the suit. Love definitely has gotten tougher in the Information Age.