Category: Social Network Websites

5

Megan Meier Case Update — Drew Indicted

myspace1.jpgI’ve blogged about the Megan Meier case a while ago. This is the case where Megan Meier, a teenager, committed suicide after her online friend from Myspace suddenly started to reject her and say mean things to her. The “friend” on Myspace was actually Lori Drew, the mother of one of her classmates, and some other individuals. They created the fake profile and were pretending to be Meier’s fictional friend.

Now, Drew has been indicted by a federal grand jury for a violation of the Computer Fraud and Abuse Act (CFAA). Here’s the indictment.

Drew was charged with conspiracy as well as three counts of accessing protected computers without authorization. According to the indictment:

On or about the following dates, defendant DREW, using a computer in O’Fallon, Missouri, intentionally accessed and caused to be accessed a computer used in interstate commerce, namely, the MySpace servers located in Los Angeles County, California, within the Central District of California, without authorization and in excess of authorized access, and, by means of interstate commerce obtained and caused to be obtained information from that computer to further tortious acts, namely intentional infliction of emotional distress on [Megan Meier].

From the AP:

Each of the four counts carries a maximum possible penalty of five years in prison.

Drew will be arraigned in St. Louis and then moved to Los Angeles for trial.

The indictment says MySpace members agree to abide by terms of service that include, among other things, not promoting information they know to be false or misleading; soliciting personal information from anyone under age 18 and not using information gathered from the Web site to “harass, abuse or harm other people.”

Drew and others who were not named conspired to violate the service terms from about September 2006 to mid-October that year, according to the indictment. It alleges that they registered as a MySpace member under a phony name and used the account to obtain information on the girl.

Drew and her coconspirators “used the information obtained over the MySpace computer system to torment, harass, humiliate, and embarrass the juvenile MySpace member,” the indictment charged.

UPDATE: Over at the Volokh Conspiracy, Orin Kerr believes that the indictment should be dismissed. Kerr believes that it is a stretch to apply the CFAA to violations of a site’s terms of service.

If the computer owner says that you can only access the computer if you are left-handed, or if you agree to be nice, are you committing a crime if you use the computer and are nasty or you are right-handed? If you violate the Terms of Service, are you committing a crime?

Kerr also argues that the prosecution will have a ver yhard time demonstrating that Drew intended to violate MySpace’s terms of service. He writes: “But here there is no evidence that Drew even read the TOS. Most people don’t, of course; I would be surprised if 1 person in 100 actually tried reading it. If Drew wasn’t aware that she was violating the TOS, she couldn’t be exceeding her authorized access intentionally.”

I agree with Kerr on these first two reasons. While Drew’s conduct is immoral, it is a very big stretch to call it illegal.

Kerr offers a third reason why the indictment is faulty — it is unclear whether the goal of the conspiracy was to obtain information, as was charged in the indictment. Kerr writes: “[I]t doesn’t seem that Drew had the intent to obtain information from her victim. Her apparent goal was to harass her victim and to cause emotional distress, not to obtain information from her.” On this reason, however, I’m not so sure I agree. The news accounts I read about the case indicated that one of Drew’s primary motivations for creating the fake profile was to learn information from Megan Meier. She wanted to know information from Megan that pertained to her own daughter, who was a classmate of Megan’s. The harassing came later on.

3

Facebook in Real Life

Here’s a hilarious video imagining what a social network website encounter would be like in real life.

One of the difficulties with social network websites is that they present a very simplified picture of human relationships. A person’s social world cannot readily be divided up into friends and not-friends. Human relationships are much more complicated and diverse. The simplified matrix of relationships available on social network websites can result in some awkwardness, and it can also result in too much information disclosure. We might want to disclose a lot of information to certain close friends, but much less information to acquaintances or to friends in a more professional context. There is no easy solution for this problem, because a social network website with hundreds of categories for relationships might be rather complicated and oppressive to use. And people might not be pleased to know precisely where on one’s relationship matrix they stand. Jack might think he’s good friends with Jill, but Jill might classify him as merely a distant acquaintance whom she merely wants to associate with for the purpose of climbing hills.

Hat tip: Sivacracy

Facebook Frenzy: Faking Friendships?

Thoreau was famously skeptical of communications technology, wryly observing that when the telegraph connected Maine and Texas, citizens of each state could find they have little to say to one another. Shannon Vallor, Professor of Philosophy at Santa Clara University, struck a similarly cautious note at a fascinating discussion of the ethics of social networking at Stanford. Mining the rich tradition of virtue theory in moral philosophy, Vallor observed that social networking can both undermine and reinforce the persistent dispositions of character that promote human flourishing. Here are some similar observations of Vallor’s from another panel:

[W]hat impact is social networking technology having on the ways that people build and sustain close interpersonal relationship and, in particular, the communicative virtues that help such relationships to flourish? I will identify five communicative virtues that I believe warrant careful reflection in connection with social networking technology.

First is patience. Patience is, without a doubt, one of the most important virtues for sustaining close relationships. It develops through communicative activities such as listening. For example, listening to a friend tell a story or recount a lengthy anecdote without jumping in and finishing the story oneself or interrupting with hey, that reminds me of this thing that happened to me yesterday. Patience, once it becomes not just a momentary indulgence of the other, but an enduring part of one’s own character, that is, a virtue, allows one’s relationships with others to manifest deeper, mutual understanding, greater and more lasting commitments and a feeling on the part of others that you are willing to connect with them on their terms and not just yours; that your interest in them does not end with their ability to keep you constantly amused or fascinated.

Yet the style of communication favored by digital natives and fostered by social networking sites like Facebook and MySpace, privileges brevity and directness. And, thus, we must ask whether, and in what ways, such technologies can also encourage and reward patience as a virtue.

Read More

Computers, Freedom, and Privacy Conference

As a member of the Program Committee, I just wanted to post this announcement for CFP. This has been a great conference and I’m sure this year’s will be a terrific event. Note that the deadline for Panel, Tutorial, and Speaker proposals is March 21, 2008.

COMPUTERS, FREEDOM, AND PRIVACY: TECHNOLOGY POLICY ’08

18th Annual CFP conference

May 20-23, 2008

Omni Hotel

New Haven, CT

CALL FOR PROPOSALS

This election year will be the first to address US technology policy in the information age as part of our national debate. Candidates have put forth positions about technology policy and have recognized that it has its own set of economic, political, and social concerns. In the areas of privacy, intellectual property, cybersecurity, telecommunications, and freedom of speech, an increasing number of issues once confined to experts now penetrate public conversation. Our decisions about technology policy are being made at a time when the architectures of our information and communication technologies are still being built. Debate about these issues needs to be better-informed in order for us to make policy choices in the public interest.

Open participation is invited for proposals on panels, tutorials, speaker suggestions, and birds of a feather sessions through the CFP: Technology Policy ’08 submission page. More details below.

Read More

18

Facebook Banishment and Due Process

facebook3.jpgRecently, I was talking with David Lat, author of the blog Above the Law, and he was complaining about being banished from Facebook. David was an active user of Facebook, and he suddenly and inexplicably found himself banned from the site. Facebook didn’t supply him with any reason.

I found the issue quite intriguing, and David said I could blog about it. In particular, what makes this issue of interest to me is how it applies more generally to Web 2.0 applications. With Web 2.0, people invest a lot of time creating profiles, uploading information, and so on. And they start to depend upon these applications in their lives.

lat-david-2.jpgDavid also said he has a lot of important information on his Facebook profile. He uses it as a way to communicate with people, and he uses it to help him gather information for use in his blogging. So being kicked off Facebook is a big deal to David. It can impact his job. It can also impact his friendships and professional relationships. For example, David told me he received emails from several friends who wondered where he had gone. They thought David might be ignoring them or might no longer be their “friend” on Facebook.

As more of our lives become dependent on Web 2.0 technologies, should we have some sort of rights or consumer protection? Is Facebook the digital equivalent to the company town?

David checked Facebook’s website, which has a FAQ about disabled accounts. Facebook states:

Your account was disabled because you violated Facebook’s Terms of Use, to which you agreed when you first registered for an account on the site. Accounts can either be disabled for repeat offenses or for one, particularly egregious violation.

Facebook does not allow users to register with fake names, to impersonate any person or entity, or to falsely state or otherwise misrepresent themselves or their affiliations.

Read More

2

The Future of Reputation — Now Online for Free!

future-of-reputation-free2.jpgI’m very happy to announce that my publisher is allowing me to post a copy of The Future of Reputation: Gossip, Rumor, and Privacy on the Internet free online. Of course, I’d love it if you bought a copy, but if I can’t convince you to buy it, then I hope you’ll at least read it for free online. There really is a free lunch after all! And if you read the book and don’t like it, well . . . you get what you pay for.

I think that it is great that Yale University Press is allowing me to do this. I hope more publishers decide to let their authors do this in the future — especially academic presses, whose mission is not just to make a profit but to help spread ideas.

The book is licensed under a Creative Commons license — it can be used for non-commercial uses.

To download the full-text of the book, click here.

2

Facebook Applications: Another Privacy Concern

facebook3.jpgRecently, I’ve been complaining about Facebook’s mishaps regarding privacy. Back in 2006, Facebook sparked the ire of over 700,000 members when it launched News Feeds. In 2007, Facebook launched Beacon and Social Ads, sparking new privacy outcries. An uprising of Facebook users prompted Facebook to change its policies regarding Beacon. For more about Facebook’s recent privacy issues, see my post here.

But that’s not all. Over at CNET, Chris Soghoian reports about some severe privacy concerns with Facebook applications. An application (or “app” for short) is a program that is created by a third party that adds interesting features to one’s profile. These apps have become quite popular with Facebook users. But they come with some very serious potential dangers. Soghoian writes:

[A] new study suggests there may be a bigger problem with the applications. Many are given access to far more personal data than they need to in order to run, including data on users who never even signed up for the application. Not only does Facebook enable this, but it does little to warn users that it is even happening, and of the risk that a rogue application developer can pose. . . .

In order to install an application, a Facebook user must first agree to “allow this application to…know who I am and access my information.” Users not willing to permit the application access to all kinds of data from their profile cannot install it onto their Facebook page.

What kind of information does Facebook give the application developer access to? Practically everything. . . .

The applications don’t actually run on Facebook’s servers, but on servers owned and operated by the application developers. Whenever a Facebook user’s profile is displayed, the application servers contact Facebook, request the user’s private data, process it, and send back whatever content will be displayed to the user. As part of its terms of service, Facebook makes the developers promise to throw away any data they received from Facebook after the application content has been sent back for display to the user.

So when you use a third party application, you basically must put your trust in that third party to follow Facebook’s rules in good faith. In other words, Facebook users use applications at their own risk.

But what if an application is created by some hacker in Russia? Or is designed by a creepy child molester to harvest people’s personal information? Should Facebook be doing more to protect users against the bad-apple application developers?

Soghoian notes that in many cases, applications are being given access to much more personal data than they actually need to function:

Read More

1

Responses to Blog Reviews of The Future of Reputation: Part III

Cover 4 120 x 176.jpgIn this post, I’ll be responding to a few more reviews of The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. This is the third installment (for more responses to reviews, see Part I and Part II).

1. Ethan Ackerman at Technology & Marketing Law Blog

Ethan Ackerman, an attorney and former legislative and technology counsel in the US Senate, has reviewed the book as a guest blogger on Professor Eric Goldman’s Technology & Marketing Law Blog. He writes:

It is this aspect of Solove’s book – the deep AND wide thinking about an individual’s interaction with the modern Internet – that moves the book out of the one-point-rigorous-analysis of an academic article and the semi-random anecdotal topicality of a blog post and into the category of critical (in the must-read sense) literature. Where Solove’s previous work tackled the pressing but somewhat solvable problems that arose from individuals losing control of their personal information to government and commercial entities, this book tackles individuals’ loss of access and control of their information at the hands of other individuals – and, increasingly, by their own hand on blogs, social networking and image sharing sites of their own.

One of the things that enticed me to write about the issues in my book was the fact that they are so difficult to solve. In the end, there’s no good solution, just ways to cope. Ethan understands and sympathizes with my struggle, and he writes:

I’d have to agree with what I think Solove’s ultimate aim is here – informing people and getting them to think more about privacy themselves. To put words in Solove’s mouth, if everyone is more informed and thinks about these issues themselves, not only will any ultimate solutions probably be better, but they will also perhaps be moot, as more people will have chosen the non-problematic action in the first place.

The most effective solutions encourage norm change, and that occurs not just through the law but through making people more aware of the consequences of their online speech. Currently, I see both in the law and in the discourse an exaltation of speech over privacy, a strong sentiment that people should be able to say whatever they want with impunity. Shaping these norms to a more even balance between free speech and privacy is key if we are going to make any headway in addressing these problems.

2. Jon Garfunkel at Civilities

Software architect Jon Garfunkel has posted a review of the book at his blog Civilities. He writes:

The book was a delight to read, intensely footnoted and calmly presented. While there is no shortage of rhetoric extolling the virtues of new media, Solove takes that as obvious enough, and presents instead the dark side of cyberspace.

Jon agrees with my criticism of the CDA § 230, which provides immunity for ISPs and blogs for content posted by others, but he notes that I should do more to lay out the contours of an alternative rule:

Read More

3

The Woes of Web 2.0

From CNN comes yet another story about people who disclose too much information on their blogs and social network websites:

On a Facebook group that celebrates young women getting drunk, there’s no such thing as going too far.

One young woman dances on top of a bar. Another sits on the toilet drinking a beer. Several vomit. One appears with a bruised and bandaged face (“I just got drunk and fell out of a car,” she writes.). In another photo, two women urinate into a waterfall.

What you won’t find on this page — called “Thirty Reasons Girls Should Call it a Night” — is humiliation and embarrassment. For the most part, the women post the photos themselves, seemingly with pride. This makes many adults — teachers, counselors, parents — worry that students aren’t thinking through the consequences of showing themselves drunk to the world.

Many photos on the site are accompanied by full names and the colleges the women attend, apparently without much concern that parents, or potential employers, will take a look.

Recently, a commenter to one of my posts pointed me to this apt cartoon at Geek Culture’s The Joy of Tech.

facebook-cartoon.jpg

Used with permission.

Will having embarrassing information on the Internet affect people’s employment prospects in the future? Or will it all just grow passé? Are we witnessing a generational shift, where people will just get used to being more exposed than ever before? Will people be less harsh in judging others, as everybody will have their drunk naked photos and other private information online? Or will there be consequences and regrets? Only time will tell, but I find it to be an interesting issue for cultural speculation.

6

Facebook’s Beacon, Blockbuster, and the Video Privacy Protection Act

facebook3.jpgblockbuster-video.gif

The news has been buzzing lately about Facebook’s Beacon, where participating websites share personal information with Facebook. Beacon originally had a poor notice and opt-out policy, but after significant public criticism, Facebook changed to an opt-in policy. Even under the new opt-in policy, however, the participating companies are still turning data over to Facebook, and that spells potential trouble for at least one of the 40 companies in the Beacon program — Blockbuster Video.

Over at Laboratorium, Professor James Grimmelmann (NY Law School) has an excellent post arguing that Blockbuster’s participation in Facebook’s Beacon violates the Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710. James writes:

The VPPA states:

A video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider shall be liable….

18 U.S.C. § 2710(b)(1). The important first question is who’s a “video tape service provider.” That’s defined in paragraph (a)(4):

[T]he term “video tape service provider” means any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials. . . .

Blockbuster clearly qualifies as a video tape service provider. To the extent it transmits information to Facebook about a customer’s video purchases — no matter what Facebook ultimately does with that data (i.e. regardless of whether it appears in a person’s profile, is stored by Facebook in a database, or is deleted), Blockbuster could be liable under VPPA. The statute is an opt-in statute, requiring that the customer provide “informed written consent . . . at the time the disclosure is sought” in order for the disclosure to be permissible.

James also analyzes whether Facebook could be liable as well:

There’s the joint enterprise theory; since Facebook and Blockbuster acted together, and Blockbuster is liable, so too is Facebook. There’s a split in the VPPA caselaw as to whether liability runs only against the video tape service provider, or can run also against the person who induced the disclosure.

James concludes:

Put this all together, and the legal situation looks a bit bleak for Facebook and Blockbuster. The VPPA provides damages of $2,500 per violation, plus punitive damages and attorneys’ fees. I have no idea how many movies wound up in people’s news feeds, but it doesn’t have to be too many for the total to hurt. Class action lawyers, start your engines.