Justice Breyer's Information Available on Limewire

It does not take much to have a security breach. Just one person can facilitate it. In this case, someone at a high-end investment firm installed LimeWire at the office. According to AP the breach began at the end of last year and continued to June of this year. Breyer’s birthday and Social Security number were part of the breach. Apparently around 2,000 other clients have also had their data shared on LimeWire.

Again the fact of data leaks or breaches is not so new. But given the high profile of the people involved in this one, there may be a movement to have laws passed about the problem. Remember video rentals matter because of Robert Bork’s encounter with data privacy issues during his nomination for the Supreme Court. This data problem is different from Bork’s. So a legislative response may come but it will likely address the issue of identity theft. On the other hand, if senators, representatives, and White House staffers found that even their legal but perhaps interesting surfing habits were part of public knowledge and gossip, maybe the data collection and Internet monitoring that some think is necessary will be seen a threat. One paper that may be of interest on this idea is Neil Richards’s Intellectual Privacy.

Posted by Deven Desai at 01:01 PM | Comments (0) | TrackBack

Volokh and Sunstein Discuss Free Speech and the Blogosphere

Over at Bloggingheads, Cass Sunstein and Eugene Volokh discuss free speech and the blogosphere. It's very interesting discussion and well worth watching.

Hat tip: U. Chicago Law Faculty Blog

Posted by Daniel J. Solove at 11:36 AM | Comments (0) | TrackBack

Personal Blogging: The Dangers of Too Much Information

Former Gawker editor Emily Gould has an interesting article in the NY Times Magazine about the perils of revealing too much information online:

It’s easy to draw parallels between what’s going on online and what’s going on in the rest of our media: the death of scripted TV, the endless parade of ordinary, heavily made-up faces that become vaguely familiar to us as they grin through their 15 minutes of reality-show fame. No wonder we’re ready to confess our innermost thoughts to everyone: we’re constantly being shown that the surest route to recognition is via humiliation in front of a panel of judges.

But is that really what’s making people blog? After all, online, you’re not even competing for 10 grand and a Kia. I think most people who maintain blogs are doing it for some of the same reasons I do: they like the idea that there’s a place where a record of their existence is kept — a house with an always-open door where people who are looking for you can check on you, compare notes with you and tell you what they think of you. Sometimes that house is messy, sometimes horrifyingly so. In real life, we wouldn’t invite any passing stranger into these situations, but the remove of the Internet makes it seem O.K.

At her blog, Emily Magazine, she has a post about reading my book, The Future of Reputation, on the subway: "If I saw me reading that book on the subway I would think it was funny too."

Posted by Daniel J. Solove at 10:46 AM | Comments (1) | TrackBack

Is the Computer Fraud and Abuse Act Unconstitutionally Vague?

At the National Law Journal, attorney Nick Akerman (Dorsey & Whitney) contends that the Computer Fraud and Abuse Act (CFAA) indictment of Lori Drew (background about the case is here) is an appropriate interpretation of the statute:

While this may be the first prosecution under the CFAA for cyberbullying, the statute neatly fits the facts of this crime. Drew is charged with violating §§ 1030(a)(2)(C), (c)(2)(B)(2) of the CFAA, which make it a felony punishable up to five years imprisonment, if one "intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer if the conduct involved an interstate . . . communication" and "the offense was committed in furtherance of any . . . tortious act [in this case intentional infliction of emotional distress] in violation of the . . . laws . . . of any State."

There is no question that the MySpace network is a "protected" computer as that term is defined by the statute. Indeed, "[e]very cell phone and cell tower is a 'computer' under this statute's definition; so is every iPod, every wireless base station in the corner coffee shop, and many another gadget." U.S. v. Mitra, 405 F.3d 492, 495 (8th Cir. 2005). There is also no question that a violation of MySpace's TOS provides a valid predicate for proving that the defendant acted "without authorization." What the commentators ignored in their critique of this indictment is that the "CFAA . . . is primarily a statute imposing limits on access and enhancing control by information providers." EF Cultural Travel B.V. v. Zefer Corp., 318 F.3d 58, 63 (1st Cir. 2003). A company "can easily spell out explicitly what is forbidden." Id. at 63. Thus, companies have the right to post what are in effect "No Trespassing" signs that can form the basis for a criminal prosecution.

If this interpretation of the law is correct, then the law is probably unconstitutionally vague. A vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. The CFAA, as construed by the prosecution in the Drew case, will probably be found vague because it authorizes or encourages arbitrary and discriminatory enforcement.

Suppose I put a notice on this post that says: "No attorneys may post a comment to this blog." Suppose Nick Ackerman comes to this site, sees this post, and and writes a comment that is defamatory. Under his theory, he can be prosecuted for violating the CFAA. He has "trespassed" on this site. Moreover, if a blog has a policy that it will not tolerate "rude, uncivil, or off-topic comments," then commenters who make such comments that are tortious (intentional infliction of emotional distress, public disclosure of private facts, false light, defamation, etc.) can be liable for a CFAA violation. Moreover, any use of a website that goes against whatever terms the operator of that site has set forth that constitutes a negligence tort is also criminal.

The problem here is that the CFAA's applicability would be extremely broad -- so broad that the cases likely to be prosecuted would be arbitrary. Since tort law is common law, and is very flexible, broad, and evolving, people would not have adequate notice about what conduct would be legal and not legal. There's a reason why tort law is different from criminal law -- we are willing to accept a lot more ambiguity and uncertainty in tort law than in criminal law, where the stakes involve potential imprisonment.

Moreover, Nick Akerman only focuses on the CFAA § 1030(c)(2)(B)(2), which makes it a felony to exceed authorized access if the offense was committed in furtherance of any tortious act.

The CFAA § 1020(a)(2)(C) makes it a criminal misdemeanor to "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication." If I'm interpreting this correctly (and I don't purport to be an expert on the CFAA), under the Drew prosecutor's interpretation of the CFAA, any time a person violates a website's terms of service and access any information from the site, there's a criminal violation. That means that if I post on this blog a notice that says: "No attorneys may access any other parts of this blog other than the front page," and an attorney accesses any other page on my blog, then there's a CFAA violation. Could the law possibly be this broad? I think it would require a narrowing interpretation in order to avoid problems of unconstitutional vagueness.

The CFAA strikes me as a very poorly drafted statute. The Drew indictment demonstrates the problems with the law. Either courts should fix the CFAA interpretively by narrowing its scope, or else strike it down as unconstitutionally vague. But what clearly cannot stand is for the law to be interpreted as the Drew prosecutor seeks to interpret it.

Hat tip: Dan Slater at the WSJ Blog

Posted by Daniel J. Solove at 02:29 PM | Comments (14) | TrackBack

My New Book, Understanding Privacy

I am very happy to announce the publication of my new book, UNDERSTANDING PRIVACY (Harvard University Press, May 2008). There has been a longstanding struggle to understand what "privacy" means and why it is valuable. Professor Arthur Miller once wrote that privacy is "exasperatingly vague and evanescent." In this book, I aim to develop a clear and accessible theory of privacy, one that will provide useful guidance for law and policy. From the book jacket:

Privacy is one of the most important concepts of our time, yet it is also one of the most elusive. As rapidly changing technology makes information more and more available, scholars, activists, and policymakers have struggled to define privacy, with many conceding that the task is virtually impossible.

In this concise and lucid book, Daniel J. Solove offers a comprehensive overview of the difficulties involved in discussions of privacy and ultimately provides a provocative resolution. He argues that no single definition can be workable, but rather that there are multiple forms of privacy, related to one another by family resemblances. His theory bridges cultural differences and addresses historical changes in views on privacy. Drawing on a broad array of interdisciplinary sources, Solove sets forth a framework for understanding privacy that provides clear, practical guidance for engaging with relevant issues.

Understanding Privacy will be an essential introduction to long-standing debates and an invaluable resource for crafting laws and policies about surveillance, data mining, identity theft, state involvement in reproductive and marital decisions, and other pressing contemporary matters concerning privacy.

Here's a brief summary of Understanding Privacy. Chapter 1 (available on SSRN) introduces the basic ideas of the book. Chapter 2 builds upon my article Conceptualizing Privacy, 90 Cal. L. Rev. 1087 (2002), surveying and critiquing existing theories of privacy. Chapter 3 contains an extensive discussion (mostly new material) explaining why I chose the approach toward theorizing privacy that I did, and why I rejected many other potential alternatives. It examines how a theory of privacy should account for cultural and historical variation yet avoid being too local in perspective. This chapter also explores why a theory of privacy should avoid being too general or too contextual. I draw significantly from historical examples to illustrate my points. I also discuss why a theory of privacy shouldn't focus on the nature of the information, the individual's preferences, or reasonable expectations of privacy. Chapter 4 consists of new material discussing the value of privacy. Chapter 5 builds on my article, A Taxonomy of Privacy, 154 U. Pa. L.. Rev. 477 (2006). I've updated the taxonomy in the book, and I've added a lot of new material about how my theory of privacy interfaces not only with US law, but with the privacy law of many other countries. Finally, Chapter 6 consists of new material exploring the consequences and applications of my theory and examining the nature of privacy harms.

Understanding Privacy is much broader than The Digital Person and The Future of Reputation. Whereas these other two books examined specific privacy problems, Understanding Privacy is a general theory of privacy, and I hope it will be relevant and useful in a wide range of issues and debates.

For more information about the book, please visit its website.

Posted by Daniel J. Solove at 12:03 AM | Comments (5) | TrackBack

More Misguided Responses to the Megan Meier Incident

Last week brought the unfortunate news that Lori Drew was indicted for a violation of the Computer Fraud and Abuse Act for her ill-conceived hoax on Megan Meier. According to an MSNBC article:

Andrew DeVore, a former federal prosecutor who co-founded a regional computer crime unit in New York, said Friday the interpretation raises constitutional issues related to speech and due process — in the latter case, because it doesn't allow for adequate notice of when using an alias online is criminal.

Because corporations would end up setting criminal standards, a completely legal act at one site could be illegal at another, said DeVore, who has no direct involvement in the case.

Now, the Missouri legislature has just passed a law in response to the incident. According to the bill summary:

Currently, the crime of harassment includes communications meant to frighten or disturb another person. Under this act, communications conducted to knowingly frighten, intimidate, or cause emotional distress to another person are included. Harassment includes communications by any means.

Harassment includes knowingly using unwanted expressions that put the person in reasonable apprehension of offensive physical contact or harm or knowingly making unwanted communications with a person.

A person also commits harassment:

1) By knowingly communicating with another person who is, or who purports to be, seventeen years of age or younger and in so doing, and without good cause, recklessly frightens, intimidates, or causes emotional distress to such other person; or

2) By engaging, without good cause, in any other act with the purpose to frighten, intimidate, or cause emotional distress to another person, cause such person to be frightened, intimidated, or emotionally distressed, and such person's response to the act is one of a person of average sensibilities considering the person's age.

This law is incredibly dumb, and I hope that the governor is wise enough not to sign this uniformed and very poorly crafted piece of legislation. It is yet another misguided response to the Megan Meier incident. As I discussed in my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale 2007), we must be careful not to adopt responses to problematic online communication that are too authoritarian and too chilling of free speech.

Under this law, a person could be guilty of a crime for recklessly frightening, intimidating or causing emotional distress to a person they know is 17 or younger. That's incredibly broad -- most likely overbroad under the First Amendment. It sweeps in a potentially broad range of protected expression under the First Amendment.

It might also be unconstitutionally vague. A vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. This law does both. It is often very difficult to assess how others might interpret one's words, especially online. The law also encourages arbitrary enforcement, as it cannot possibly be enforced in most instances.

This law is an attempt to update a harassment law. I believe that such harassment laws exist in a number of states. Many of these underlying laws also share some of the problems I've discussed.

Consider the following case: Child 1 teases Child 2 by saying that he's a "nerd." Child 2 starts to cry. Child 1 repeats the insult. Child 1 has knowingly communicated with Child 2 and without good cause, has recklessly caused that child emotional distress. Yup, let's charge Child 1 with a crime and all other children of his or her ilk. Let's have Missouri start building jails, so it can lock up all those children who insult, frighten, or cause emotional distress to each other.

The problem with both the federal prosecution and the Missouri law is the "if it's bad it must be a crime" mentality. There is a lot of conduct that's bad -- sometimes really bad -- but that's not a crime and that shouldn't be a crime. Trying to stretch the law to criminalize everything we dislike is not a productive solution. Sadly, it scores political points, which is why a federal prosecutor and the Missouri legislature are acting so irresponsibly.

Hat tip: Media Prof blog

Posted by Daniel J. Solove at 05:39 PM | Comments (9) | TrackBack

Revenge of the Bodysnarkers

Author Hannah Seligson coins a new term in her critique of celeb-mocking websites: bodysnarking, which she defines as

the snide, often witty, comments that have become a ubiquitous part of under-30 female conversation. In an age when the digital camera is a must-bring accessory for a night out (how else are you going to upload the pictures to Facebook?), when blogs give everyone with an opinion a venue for comment, and when tabloid culture has made it fine to dissect other women's looks, bodysnarking appears to be a favorite female pastime.

The watershed moment for bodysnarking, Ms. Redd says, came a few years ago when Google introduced its advertising program AdSense. "The program allowed sites to track pages viewed and make ad revenue based on the number of visitors. [Blogger] Perez Hilton realized that nobody cared about his personal shopping trips; they cared when he [mocked mostly female celebrities.]" The masses had spoken: Bodysnarking was now a revenue generator.

As I've noted before, sometimes the technology that "gives the people what they want" serves only to reinforce destructive trends. In addition to Seligson's analysis, I'd say that the rise of the bodysnarkers is an unexpected side effect of the prevalence of plastic surgery. Whereas "defects" in appearance were once largely assumed unavoidable, they can now be "cured." So celebrity's "fans" demand ever more appearance-wise. Given their wealth, whatever can be fixed, must be fixed.

The bodysnarkers may also be reacting to the trend of "faked photos:"

Increasingly, photos for print are enhanced and perfected to an astonishing degree. Not only are moles, acne and subtle facial hair erased from already pretty faces, but retouchers are routinely asked by editors and advertisers to enlarge eyes, trim normal-size ears, fill in hairlines, straighten teeth and lengthen . . . already-narrow necks, waists and legs . . . .

Some of the "10 million women and one million men in the United States who struggle with anorexia and bulimia" turn these impossible standards on themselves. The bodysnarkers choose to reinforce the norms for celebrities. . . and increasingly for others. It's not surprising that some people simply give up in response. As one article notes, "the contrast between the girls on the catwalks and the girls at the mall is creating an atmosphere ripe for binge dieting and the kind of unhealthy eating habits that ultimately result in weight gain, not loss."

Posted by Frank Pasquale at 08:53 AM | Comments (0) | TrackBack

Megan Meier Case Update -- Drew Indicted

I've blogged about the Megan Meier case a while ago. This is the case where Megan Meier, a teenager, committed suicide after her online friend from Myspace suddenly started to reject her and say mean things to her. The "friend" on Myspace was actually Lori Drew, the mother of one of her classmates, and some other individuals. They created the fake profile and were pretending to be Meier's fictional friend.

Now, Drew has been indicted by a federal grand jury for a violation of the Computer Fraud and Abuse Act (CFAA). Here's the indictment.

Drew was charged with conspiracy as well as three counts of accessing protected computers without authorization. According to the indictment:

On or about the following dates, defendant DREW, using a computer in O'Fallon, Missouri, intentionally accessed and caused to be accessed a computer used in interstate commerce, namely, the MySpace servers located in Los Angeles County, California, within the Central District of California, without authorization and in excess of authorized access, and, by means of interstate commerce obtained and caused to be obtained information from that computer to further tortious acts, namely intentional infliction of emotional distress on [Megan Meier].

From the AP:

Each of the four counts carries a maximum possible penalty of five years in prison.

Drew will be arraigned in St. Louis and then moved to Los Angeles for trial.

The indictment says MySpace members agree to abide by terms of service that include, among other things, not promoting information they know to be false or misleading; soliciting personal information from anyone under age 18 and not using information gathered from the Web site to "harass, abuse or harm other people."

Drew and others who were not named conspired to violate the service terms from about September 2006 to mid-October that year, according to the indictment. It alleges that they registered as a MySpace member under a phony name and used the account to obtain information on the girl.

Drew and her coconspirators "used the information obtained over the MySpace computer system to torment, harass, humiliate, and embarrass the juvenile MySpace member," the indictment charged.

UPDATE: Over at the Volokh Conspiracy, Orin Kerr believes that the indictment should be dismissed. Kerr believes that it is a stretch to apply the CFAA to violations of a site's terms of service.

If the computer owner says that you can only access the computer if you are left-handed, or if you agree to be nice, are you committing a crime if you use the computer and are nasty or you are right-handed? If you violate the Terms of Service, are you committing a crime?

Kerr also argues that the prosecution will have a ver yhard time demonstrating that Drew intended to violate MySpace's terms of service. He writes: "But here there is no evidence that Drew even read the TOS. Most people don't, of course; I would be surprised if 1 person in 100 actually tried reading it. If Drew wasn't aware that she was violating the TOS, she couldn't be exceeding her authorized access intentionally."

I agree with Kerr on these first two reasons. While Drew's conduct is immoral, it is a very big stretch to call it illegal.

Kerr offers a third reason why the indictment is faulty -- it is unclear whether the goal of the conspiracy was to obtain information, as was charged in the indictment. Kerr writes: "[I]t doesn't seem that Drew had the intent to obtain information from her victim. Her apparent goal was to harass her victim and to cause emotional distress, not to obtain information from her." On this reason, however, I'm not so sure I agree. The news accounts I read about the case indicated that one of Drew's primary motivations for creating the fake profile was to learn information from Megan Meier. She wanted to know information from Megan that pertained to her own daughter, who was a classmate of Megan's. The harassing came later on.

Posted by Daniel J. Solove at 05:46 PM | Comments (5) | TrackBack

Facebook in Real Life

Here's a hilarious video imagining what a social network website encounter would be like in real life.

One of the difficulties with social network websites is that they present a very simplified picture of human relationships. A person's social world cannot readily be divided up into friends and not-friends. Human relationships are much more complicated and diverse. The simplified matrix of relationships available on social network websites can result in some awkwardness, and it can also result in too much information disclosure. We might want to disclose a lot of information to certain close friends, but much less information to acquaintances or to friends in a more professional context. There is no easy solution for this problem, because a social network website with hundreds of categories for relationships might be rather complicated and oppressive to use. And people might not be pleased to know precisely where on one's relationship matrix they stand. Jack might think he's good friends with Jill, but Jill might classify him as merely a distant acquaintance whom she merely wants to associate with for the purpose of climbing hills.

Hat tip: Sivacracy

Posted by Daniel J. Solove at 08:00 PM | Comments (3) | TrackBack

Facebook Frenzy: Faking Friendships?

Thoreau was famously skeptical of communications technology, wryly observing that when the telegraph connected Maine and Texas, citizens of each state could find they have little to say to one another. Shannon Vallor, Professor of Philosophy at Santa Clara University, struck a similarly cautious note at a fascinating discussion of the ethics of social networking at Stanford. Mining the rich tradition of virtue theory in moral philosophy, Vallor observed that social networking can both undermine and reinforce the persistent dispositions of character that promote human flourishing. Here are some similar observations of Vallor's from another panel:

[W]hat impact is social networking technology having on the ways that people build and sustain close interpersonal relationship and, in particular, the communicative virtues that help such relationships to flourish? I will identify five communicative virtues that I believe warrant careful reflection in connection with social networking technology.

First is patience. Patience is, without a doubt, one of the most important virtues for sustaining close relationships. It develops through communicative activities such as listening. For example, listening to a friend tell a story or recount a lengthy anecdote without jumping in and finishing the story oneself or interrupting with hey, that reminds me of this thing that happened to me yesterday. Patience, once it becomes not just a momentary indulgence of the other, but an enduring part of one’s own character, that is, a virtue, allows one’s relationships with others to manifest deeper, mutual understanding, greater and more lasting commitments and a feeling on the part of others that you are willing to connect with them on their terms and not just yours; that your interest in them does not end with their ability to keep you constantly amused or fascinated.

Yet the style of communication favored by digital natives and fostered by social networking sites like Facebook and MySpace, privileges brevity and directness. And, thus, we must ask whether, and in what ways, such technologies can also encourage and reward patience as a virtue.

Second, fidelity. Fidelity is a crucial part of any enduring relationship. It develops through the communicative practice of openly expressing commitments to another and honoring them and, in that way, honoring the uniqueness and the value of the relationship itself. Expressions of fidelity range from the simple commitment to go to a movie on a Saturday night with a friend, even if a more exciting opportunity later presents itself, to the lifelong commitment expressed in a vow of marriage. The expression of fidelity shows that you do not regard the other as replaceable, that even if someone else comes along who can occupy the same role and deliver the same social benefits, this could not, for you, be a substitute for the original bond.

Yet we must ask whether the focus on friend collecting, on many social networking sites, by stressing a purely quantitative measure of friendship, may undermine the virtue of fidelity by providing a framework in which friends are each assigned identical unit values and in which one’s sociality is measured by the sum total of those units, rather than the irreplaceable value of any single relationship.

Perhaps symptomatic of my own impatience, I'll leave Vallor's discussions of honesty, perseverance, and tolerance for another time. I would like at some point to ground my own reservations about the Blackberry in a philosophical language as rich as hers.

PS: For those interested in the philosophy of technology, the new journal Studies in Ethics, Law, and Technology looks very interesting.

Posted by Frank Pasquale at 12:00 AM | Comments (0) | TrackBack

Does the Roomates.com Case Affect CDA § 230 Immunity for JuicyCampus?

The U.S. Court of Appeals for the Ninth Circuit (en banc) has just issued a very interesting opinion interpreting a federal law providing immunity from liability for online speech -- the Communications Decency Act (CDA), 47 U.S.C. § 230. The case is Fair Housing Council v. Roommates.com, LLC, 2008 WL 879293 (9th Cir. April 3, 2008) (en banc).

The CDA § 230 states: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." Most courts have interpreted § 230 to immunize the operators of websites or blogs against distributor liability for comments posted by others.

I have been critical about the way that this statute has been interpreted:

Unfortunately, courts are interpreting Section 230 so broadly as to provide too much immunity, eliminating the incentive to foster a balance between speech and privacy. The way courts are using Section 230 exalts free speech to the detriment of privacy and reputation. As a result, a host of websites have arisen that encourage others to post gossip and rumors as well as to engage in online shaming. These websites thrive under Section 230’s broad immunity.

Websites such as JuicyCampus, which encourage and facilitate gossip and rumors about college students, exploit § 230 immunity.

The Roommates.com case suggests a limit to § 230 immunity that some might believe creates a way to hold sites like JuicyCamus.com responsible for the gossip and rumors they solicit. In the end, I don't believe that Roommates.com will save the day and penetrate § 230's armor for sites like JuicyCampus.

Roommates.com allows users to post listings for roommates. When a user creates a listing, Roomates.com requests particular information from users, requesting preferences for gender, sexual orientation, and kids. Much of this information is solicited via drop down menus which list the various choices. Users can also put additional comments in a section that allows for an open-ended narrative. Two Fair Housing Councils in California sued Roommates contending that the site violated the Fair Housing Act (FHA), 42 U.S.C. § 3601 and state housing discrimination statutes. The FHA prohibits any "statement . . . with respect to the sale or rental of a dwelling that indicates . . . an intention to make [a] preferenc,e limitation, or discrimination" based on certain categories (such as gender or sexual orientation). California law has a related restriction.

Roommates.com contended that it was immune under the CDA § 230. It claimed that it just provided options for its users and is not the "information content provider." But the Ninth Circuit concluded that § 230 immunity didn't apply. According to the statute, an "information content provider" is one who is "responsible, in whole or in part, for the creation or development of" the content. Writing for the court, Chief Judge Kozinski noted:

The FHA makes it unlawful to ask certain discriminatory questions for a very good reason: Unlawful questions solicit (a.k.a. "develop") unlawful answers. Not only does Roommate ask these questions, Roommate makes answering the discriminatory questions a condition of doing business. This is no different from a real estate broker in real life saying, "Tell me whether you're Jewish or you can find yourself another broker." When a business enterprise extracts such information from potential customers as a condition of accepting them as clients, it is no stretch to say that the enterprise is responsible, at least in part, for developing that information.

The court also held that Roommates.com was not immune for its search system, which allowed users to search according to discriminatory criteria:

For example, a subscriber who self-identifies as a "Gay male" will not receive email notifications of new housing opportunities supplied by owners who limit the universe of acceptable tenants to "Straight male(s)," "Straight female(s)" and "Lesbian(s)." Similarly, subscribers with children will not be notified of new listings where the owner specifies "no children." Councils charge that limiting the information a subscriber can access based on that subscriber's protected status violates the Fair Housing Act and state housing discrimination laws. It is, Councils allege, no different from a real estate broker saying to a client: "Sorry, sir, but I can't show you any listings on this block because you are [gay/female/black/a parent]." If such screening is prohibited when practiced in person or by telephone, we see no reason why Congress would have wanted to make it lawful to profit from it online.

Roommate's search function is similarly designed to steer users based on discriminatory criteria. Roommate's search engine thus differs materially from generic search engines such as Google, Yahoo! and MSN Live Search, in that Roommate designed its system to use allegedly unlawful criteria so as to limit the results of each search, and to force users to participate in its discriminatory process.

What are the implications of the court's holding? What about sites like JuicyCampus.com that encourage gossip and rumor? Are they immune under the court's reasoning?

While I believe that sites like JuicyCampus.com shouldn't have as broad an immunity under the CDA § 230 as they do, I don't believe that they'd lose § 230 immunity even under the holding of Roommates.com. The Ninth Circuit notes:

Roommate does not merely provide a framework that could be utilized for proper or improper purposes; rather, Roommate's work in developing the discriminatory questions, discriminatory answers and discriminatory search mechanism is directly related to the alleged illegality of the site. . . . Roommate is directly involved with developing and enforcing a system that subjects subscribers to allegedly discriminatory housing practices.

However, the site would be immune for what people wrote in the "additional comments" section:

The fact that Roommate encourages subscribers to provide something in response to the prompt is not enough to make it a "develop[er]" of the information under the common-sense interpretation of the term we adopt today. It is entirely consistent with Roommate's business model to have subscribers disclose as much about themselves and their preferences as they are willing to provide. But Roommate does not tell subscribers what kind of information they should or must include as "Additional Comments," and certainly does not encourage or enhance any discriminatory content created by users. Its simple, generic prompt does not make it a developer of the information posted.

Although JuicyCampus.com wants students to spread gossip and rumor, not all gossip and rumor are defamatory or invasive of privacy. Only some of the comments on JuicyCampus are tortious. I believe that the gossip and rumor solicited by JuicyCampus is too open-ended to lose immunity under the Roommates.com decision. As much as I'd like to see JuicyCampus be held responsible for the content it facilitates, I don't think that the Roommates.com decision is knight coming to the rescue.

One final word on Roommates.com. The case involves a major difficulty with applying § 230 to some Web 2.0 applications -- it is often hard to figure out exactly who is responsible for providing content. I blogged about this problem a while ago. Often, sites solicit content in standardized formats; they have fields for entering information; they structure the way people input data to the site. They thus play a role in shaping the content users supply. Who, exactly, then is the content provider? The answer is very tricky, but a lot hinges upon it. Roommates.com doesn't provide a clear rule that addresses this issue -- a lot remains to be wrangled out in cases to come.

For a thoughtful analysis and critique of the case, see Eric Goldman's post at Technology & Marketing Law Blog.

Posted by Daniel J. Solove at 10:55 AM | Comments (9) | TrackBack

The AutoAdmit Saga: Ciolli Strikes Back

There's been a new development in the AutoAdmit saga, which has been discussed a lot on this blog. Anthony Ciolli is now firing back, suing the two Yale Law School students who originally sued him, their attorneys (including Professor Mark Lemley), and ReputationDefender.

A while ago, Ciolli was dropped from the lawsuit .

He is now suing for wrongful initiation of civil proceedings, abuse of process, libel, slander, false light, tortious interference with contract, and appropriation of name or likeness.

The complaint is here.

Posted by Daniel J. Solove at 12:28 PM | Comments (1) | TrackBack

The Future of Reputation -- Now Online for Free!

I'm very happy to announce that my publisher is allowing me to post a copy of The Future of Reputation: Gossip, Rumor, and Privacy on the Internet free online. Of course, I'd love it if you bought a copy, but if I can't convince you to buy it, then I hope you'll at least read it for free online. There really is a free lunch after all! And if you read the book and don't like it, well . . . you get what you pay for.

I think that it is great that Yale University Press is allowing me to do this. I hope more publishers decide to let their authors do this in the future -- especially academic presses, whose mission is not just to make a profit but to help spread ideas.

The book is licensed under a Creative Commons license -- it can be used for non-commercial uses.

To download the full-text of the book, click here.

Posted by Daniel J. Solove at 01:19 AM | Comments (2) | TrackBack

Money Magazine Interview

In the March issue of Money Magazine, I'm interviewed as part of their profile series "The Big Idea." Despite the photographer's taking dozens of pictures of me, the editors chose one with me looking rather serious. So much for my attempts at cultivating the image of being a light-hearted guy.

Posted by Daniel J. Solove at 12:50 PM | Comments (0) | TrackBack

C-SPAN Interview on The Future of Reputation

Apologies for the self-promotion, but I can't resist mentioning for interested readers that I'm currently appearing on C-SPAN and C-SPAN-2 in a 30-minute interview about my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.

The interview was broadcast on C-SPAN last night, and it will be rebroadcast on C-SPAN-2 at 8 AM and again at 8 PM this Monday, February 4th.

You can also view the interview online here, but note that the C-SPAN Video Player version currently doesn't work. So try the Windows Media Player version, which is the bottom orange icon. You can also watch the video on YouTube. (See below for the embedded video).

For Solove junkies, you can also watch a lecture I gave about the book here, and listen to a radio interview (the Kojo Nnamdi show on NPR) here.

Posted by Daniel J. Solove at 11:28 AM | Comments (1) | TrackBack

Snow-Day Shouting Shaming

Yet another YouTube shaming cycle is in progress. A student who called an administrator at home to complain about snow day policy got a witheringly angry message from the administrator's wife . . . which the student promptly posted on YouTube. The WaPo breaks (and analyzes) the story:

A phone call to a Fairfax County public school administrator's home last week about a snow day -- or lack of one -- has taken on a life of its own. Through the ubiquity of Facebook and YouTube, the call has become a rallying cry for students' First Amendment rights, and it shows that the generation gap has become a technological chasm.

"How dare you call us at home! If you have a problem with going to school, you do not call somebody's house and complain about it," [the] minute-long message began. At one point, she uttered the phrase "snotty-nosed little brats," and near the end, she said, "Get over it, kid, and go to school!"

The student defended himself by claiming that

[The] message was not intended to harass. He said that he tried unsuccessfully to contact [the administrator] at work and that he thought he had a basic right to petition a public official for more information about a decision that affected him and his classmates. He said he was exercising freedom of speech in posting a Facebook page. The differing interpretations of his actions probably stem from "a generation gap," he said. "People in my generation view privacy differently. We are the cellphone generation. We are used to being reached at all times," he said.

Though I'm usually on Dan's side in terms of skepticism about online shaming, I think the privacy and petition issues here are mind-bendingly meta. I wouldn't want a phone message of mine put up online. . . but on the other hand, it's difficult to discuss the underlying issue of "was this an appropriate response to the student" without hearing the medley of scorn, rage, and exasperation in the caller's voice. On the other hand, I would not have published the names of the administrator and the caller, as the WaPo did (and I certainly would not have disseminated their home phone number, as the student did). They have already have endured "dozens more calls," and the caller has probably learned her lesson about not being so angry in phone messages.

Posted by Frank Pasquale at 03:51 PM | Comments (6) | TrackBack

Seinfeld, Language, and Law

Years ago law prof Jedediah Purdy warned us of Seinfeld's charms. Here's a reviewer's account:

The ironic man, whom Mr. Purdy personifies as the sitcom character Jerry Seinfeld . . . is an outright menace. With his ''style of speech and behavior that avoids all appearance of naivete -- of naive devotion, belief, or hope,'' the individual armored in the irony . . . has withdrawn from the political arena just when it needs him most.

But he's certainly outfront with lawsuit PR. Now courts may have to wrestle with the polysemic potential of his irony (and humor generally).

Seinfeld was on Letterman last year, and his comments on the woman now suing his wife for plagiarism were not exactly conciliatory. Now he's being sued for defamation. Here's the video, which gets interesting 40 seconds in:

Jonathan Turley gives excellent background and analysis; he has the following comment

Seinfeld called Lapine . . . “hysterical.” He said: “Now you know, having a career in show business, one of the fun facts of celebrity life is wackos will wait in the woodwork to pop out at certain moments of your life to inject a little adrenaline into your life experience.” He further noted that Lapine could be dangerous, joking “if you read history, many of the three-name people do become assassins . . . Mark David Chapman. And you know, James Earl Ray. So that’s my concern.”

The Seinfelds are clearly going to defend on the basis that his statements were opinion and not factual representations covered by defamation rules.

A few thoughts below the fold. . .

As James Grimmelmann notes, there are a few exceptions to the immunity for opinions:

The relationship of subjective opinion to objective fact . . . is not simple. Thus, for example, Milkovich v. Lorain Journal Co., while stating the rule that the Constitution shields opinions, leaves in place two significant exceptions. A statement of opinion may imply an underlying fact (the Court’s example: “In my opinion John Jones is a liar.”), and even a statement of opinion may be false if not honestly held (the Court’s example: “I think Jones lied,” where the speaker thought nothing of the sort).

In this context, is the "assassin" joke only funny if there is some objective implication of imbalance or impropriety regarding the person whom it's aimed at? I find the case a bit difficult because Jerry Seinfeld (the person) has sometimes glided effortlessly between being a certain persona and playing one. For example, consider this video of him on Larry King Live:

Is Seinfeld here seamlessly sliding into "playing an obnoxious character" or is he being an obnoxious character? Is this the "true self" speaking, or spinning out some subtle humor (that the miffed King appears not to be in on)?

Having listened to his talk at the NY Academy of Sciences, I'm reminded of Stephen Pinker's takes on the slipperiness of language, here related by reviewer William Saletan:

Language is a social medium with social purposes. Sometimes, we use it not to communicate facts about the world but to filter them. We euphemize bribes as “contributions” to preserve the dignity of lobbyists and legislators. We phrase treaties vaguely because if they were clear, nobody would sign them. . . . . We complain about doublespeak but rely on double meanings.

Turley has the following take on Seinfeld's double meanings:

While he appears to be joking, he is also clearly portraying Lapine –at a minimum — as unbalanced. . . . Terms like wacko can be claimed to have a more innocent meaning. Under the principle of Mitior sensus, “when words have two meanings, lenient and severe, they will always be construed in the more lenient sense.” Yet, this is generally a jury decision and the Seinfelds and their publisher will first be subject to discovery — a potentially risky business.

Having read a few cases in this area, I've been worried by some judges' willingness to take every potentially defamatory statement piecemeal, characterize them individually as opinions or "obvious hyperbole," and dismiss the underlying defamation case. A series of innuendoes, jokes, dismissals, and jibes can probably undermine a reputation far more effectively than one false fact.

On the other hand, Seinfeld himself has satirized the lengths he would have to go to in order to avoid any unwanted overtones--not that there's anything wrong with that!

Posted by Frank Pasquale at 11:01 PM | Comments (10) | TrackBack

Online Chat at the Washington Post

I’ve been invited by the Washington Post to host an online chat on the Washington Post website about privacy, free speech, and anonymity on the Internet. The chat will take place from 11 AM to noon EST today.

The discussion will cover the Megan Meier case, which I blogged about several times (see here and here for example), as well as broader issues related to my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. You can participate in the chat, or read along, here.

Posted by Daniel J. Solove at 12:03 AM | Comments (1) | TrackBack

Book Review: Lawrence Friedman's Guarding Life's Dark Secrets

Professor Lawrence M. Friedman (Stanford Law School)
Guarding Life's Dark Secrets: Legal and Social Controls over Reputation, Propriety, and Privacy
(Stanford University Press, November 2007)
ISBN: 978-0-8047-5739-3

Professor Lawrence Friedman's Guarding Life's Dark Secrets: Legal and Social Controls over Reputation, Propriety, and Privacy is a wonderful and accessible history of the norms and law that shaped reputation over the past two centuries. Friedman's book builds on some of his earlier work on norms and law in the Victorian era which I found immensely useful as I wrote my book, The Future of Reputation. Whereas my book mostly explores the present and future challenges to protecting reputation, Friedman's explores the past. His book is written in a lively and engaging style, and it is fascinating.

Friedman focuses much of his book on the Victorian era of the nineteenth century. The key phenomenon in his book is what Friedman terms the "Victorian compromise." The Victorian era is famous for its staunch moral code and sense of propriety. Throughout history, Western society has had periods of licentiousness and reticence, and the Victorian era is the symbol for being buttoned-up and prudish. In England and America, this was a period of strong laws against countless forms of disfavored sex, from adultery to sodomy. But Friedman notes that a lot of vice was, in fact, tolerated during this period. According to the Victorian compromise:

Vice at least was tolerable, although only in small amounts and only if discreet and under a good deal of control. Hence a kind of double standard evolved. A prime example was the so-called red-light zone or district. These zones flourished in city after city. Houses of prostitution, gambling dens, and all sorts of vice were rampant in these districts. The law--and the police--winked at them and accepted them as part of urban life. . . . This double standard was the essence of the Victorian compromise. It stands in sharp contrast to the attitude and behavior in (say) Puritan Massachusetts Bay, in the colonial period, with its policy of zero tolerance toward vice and illegal sex. (p. 67)

Friedman further notes that public discussion of sex during Victorian times was strictly taboo, and "[s]ex was meant for the privacy of the home." (p. 72). There was a large double standard when it came to the sexual behavior of men and women. For women, all sex outside of marriage was adultery. "But a married man was criminally liable only if he had sex with a married woman. In other words, for a man sex with a prostitute--or a single woman--was not criminal adultery at all." (p. 73)

In a chapter on blackmail, Friedman observes that the blackmail laws fit with the Victorian compromise -- they were designed to help elites protect their public reputations, to help prevent them from being threatened and extorted by the often poorer individuals who were blackmailing them (their illicit lovers or servants). He notes that "the blackmail statutes began to appear roughly about the same time and with the same underlying ethos as the other laws that made up the Victorian compromise." (p. 99). A similar point is made in Angus McLaren's book-length account of blackmail, Sexual Blackmail: A Modern History (2002). McLaren observes that courts would ignore the truth or falsity of the blackmailer's accusations, which, if true, would often mean that the blackmail victim had engaged in serious criminal conduct (sodomy, for example).

Thus, the Victorian compromise operated to maintain a facade of respectability in public while sin occurred in the dark recesses of the private sphere. It's ok to do it, the ethos of the age said, just be sure to hide it. The Victorian compromise "depended on privacy and secrecy." (p. 215)

The need to protect one's reputation in the Victorian age was heightened by a new danger -- the burgeoning American press, which was highly sensationalistic during the nineteenth century. The lurid nature of newspaper stories was one of the factors that prompted Samuel Warren and Louis Brandeis) to write The Right to Privacy, 4 Harv. L. Rev. 193 (1890), which gave birth to the privacy torts. Friedman observes:

Harriet Martineua thought that the American press was the worst in the world. Charles Dickens, writing in 1842, called the American press a monster of depravity. The press "has its evil eye in every house, and its black hand in every appointment in the state, from a president to a postman"; its "only stock in trade" is "ribald slander," and its "evil" influence spreads throughout the country. Anthony Trollope, writing some twenty years later, was just as critical; the things in the newspapers, he said, were "never true." The forte of the press was "abuse of individuals," abuse "which is as violent as it is perpetual. . . . All ideal of truth has been thrown overboard. . . . The only object is to produce a sensation. . . . Falsehood has become so much a matter of course with American newspapers that it has almost ceased to be a falsehood." (p. 44-45)

Another dimension of protecting reputation involved safeguarding it from false rumors. Friedman's book contains two chapters on defamation, and he marshals interesting facts about defamation cases and gender:

Most defamation cases--at least the reported cases--were brought by men, who were suing other men (or, commonly, newspapers). . . . Typically, women's cases were about chastity (or the lack of chastity); they sued over language that said or implied indecency, whoring, and sexual misconduct in general. Out of 130 reported defamation cases published between 1897 and 1906, only 43 were brought by women. All but one of these cases dealt with "imputations of immorality." (p. 49)

The Victorian compromise came to an end, when, beginning in the late nineteenth century, the anti-vice movement pushed through stronger anti-vice laws. These laws criminalized abortion, closed down red light districts, censored obscenity, and clamped down on prostitution -- things that before had never been viewed as legitimate, but that had been tolerated in the shadows. But this new strictness didn't hold. In the middle of the twentieth century, there was a radical shift in the other direction, liberalizing restrictions on sex, contraception, and obscenity.

Friedman's discussion of the Victorian compromise raises very interesting questions about privacy. Was privacy a way for Victorian society to maintain a monumental hypocrisy? Did privacy help grease a society that was rife with class, race, and gender double standards? The picture Friedman paints of the Victorian era isn't pretty, and the norms and laws protecting privacy and reputation are what helped hold society together during this age. Maybe things would have been better without privacy. Or maybe not. Perhaps privacy was a way to cope with a set of social rules that our society has long since moved away from or repudiated.

Overall, Guarding Life's Dark Secrets is a terrific thought-provoking history, but there are times where Friedman becomes a bit too fast and loose with his own opinions, departing from the more detached tone of the historian and shifting to the more opinionated tone of a social critic. This happens as Friedman delves into a discussion of the present in later chapters in the book.

Friedman could also do more exploring the law of privacy. His chapter on the development of privacy law is far too short, and it does not contain the same level of detail and thoroughness as some of the other chapters. The chapter does, however, contain some interesting background into a few of the more well-known privacy tort cases, and I came away learning a few new things after reading it.

But these are quibbles. For anyone interested in blackmail, defamation, and other laws protecting reputation in America, Friedman's richly-detailed book is a must-read. It contains a fascinating look at the norms relating to privacy, sex, and gender during the nineteenth and twentieth centuries. I highly recommend this book.

For those who are interested in the topics in Friedman's book, I'd also recommend:
* A History of Private Life (volumes I-V) (Michelle Perrot ed., 1992)
* Robert C. Post, The Social Foundations of Privacy: Community and Self in the Common Law Tort, 77 California Law Review 957 (1989)
* Reva B. Siegel, "The Rule of Love": Wife Beating as Prerogative and Privacy, 105 Yale Law Journal 2117 (1996)
* Thomas Nagel, Concealment and Exposure and Other Essays (2002)
* Angus McLaren, Sexual Blackmail: A Modern History (2002)
* David H. Flaherty, Privacy in Colonial New England (1972)
* John D’Emilio & Estelle B. Freedman, Intimate Matters: A History of Sexuality in America (2d ed. 1997)

Posted by Daniel J. Solove at 04:00 PM | Comments (2) | TrackBack

Who Is Googling Whom, and For What?

PEW Internet & American Life Project has released a new report on online privacy called Digital Footprints by Mary Madde, Susannah Fox, Aaron Smith, and Jessica Vitak. The report provides some very interesting statistics.

1. People are starting to google themselves. According to the survey:

Nearly half of all internet users (47%) have searched for information about themselves online, up from just 22%, as reported by the Pew Internet Project in 2002. Younger users (under the age of 50) are more prone to self-searching than those ages 50 and older. Men and women search for information about themselves in equal numbers, but those with higher levels of education and income are considerably more likely to monitor their online identities using a search engine.

2. Many people are not concerned about the amount of personal information about themselves online:

"Fully 60% of internet users say they are not worried about how much information is available about them online. . . . Similarly, the majority of online adults (61%) do not feel compelled to limit the amount of information that can be found about them online. Just 38% say they have taken steps to limit the amount of online information that is available about them.

3. Although most people are not surprised about the information that turns up in a google search under their name, a decent amount (21%) are:

Among those who have searched for their name online, 62% find that the amount of relevant information about them generally matches their expectations. One in five selfsearchers (21%) are surprised by how much information they find online about themselves, while 13% express disbelief at how little information comes up in their results.

4. Although teenagers are more likely to have online profiles than adults, a greater percentage of the adults with profiles make them publicly visible than do the teenagers:

The Pew Internet Project has reported extensively on teenagers’ use of social networking websites, finding that 55% of online teens have created an online profile and that most restrict access to them in some way. Looking at adults, their use of social networking profiles is much lower (just 20%), but those who use the sites appear to do so in a more transparent way. . . .

Among adult internet users who maintain an online profile, 82% say that their profile is currently visible compared with 77% of online teens who report this.

5. Most people search for contact information when googling another person, but a decent amount search for other information (photos, records, background):

72% of people searchers have sought contact information online. 37% of people searchers look to the Web for information about someone’s professional accomplishments or interests. 33% of people searchers have sought out someone’s profile on a social and professional networking site. 31% have searched for someone’s photo. 31% have searched for someone else’s public records, such as real estate transactions, divorce proceedings, bankruptcies, or other legal actions. 28% have searched for someone’s personal background information.

Posted by Daniel J. Solove at 07:24 PM | Comments (1) | TrackBack

Kosher Food, Social Justice, and Shaming (Blumenthal Guest)

The last year or so has seen a fascinating movement in the kosher food world-the development of the "hekhsher tzedek" -variously translated as a "righteous seal" or "Justice certification." Initiated largely by the Conservative Jewish movement, the certification is seen as a complement to the traditional kosher certification, which attests that the food in question has been prepared according to Jewish ritual law. According to the United Synagogue of Conservative Judaism, the seal would certify that "food and meat processors have met a set of standards that determine the social responsibility of kosher food producers, particularly in the area of workers' rights." Thus, kosher food could receive two certifications-one showing that it is ritually kosher, one showing that the workers in a particular plant were treated ethically, fairly, and legally. The USCJ was to consider a resolution establishing the certification at its December conference last week. It was expected to pass easily, though I have not seen follow-up reports.

The idea is controversial, for a number of reasons legal and otherwise. One is motive-some see the move as motivated by antipathy toward one of the larger kosher facilities, AgriProcessors, in Iowa, where worker mistreatment and unsafe conditions were alleged in the spring of 2006.

Another set of issues concerns the proper purviews of government, religious, and lay groups: objections have been raised that responding to such worker treatment is the role of government agencies and the justice system. There are interesting echoes here of the kosher fraud statute cases of the last several years, in which constitutional challenges to state definitions of "kosher" were upheld. These cases essentially led to more informal, social regulation of kosher food sellers, reflecting the sort of "shaming" and social norms issued often discussed here at CO. See Shayna M. Sigman, Kosher Without Law: The Role of Nonlegal Sanctions in Overcoming Fraud Within the Kosher Food Industry, 31 FLA. ST. U. L. REV. 509 (2004). (My own opinion is that those cases may be wrong, and the statutes not unconstitutional, but that's another discussion.)

But other questions have been raised, too-for instance, what effect, if any, would such certification have on the value of the ritual certification (i.e., would the religious aspect of it be devalued)? Is there potential liability for a certifying group if there is an accident or mistreatment at a plant that has been certified? What standards would the certifying group use?

All of these notions, I think, raise good issues for legal scholars (and students looking for note topics!).

Posted by Jeremy Blumenthal at 10:49 PM | Comments (2) | TrackBack

Responses to Blog Reviews of The Future of Reputation: Part III

In this post, I'll be responding to a few more reviews of The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. This is the third installment (for more responses to reviews, see Part I and Part II).

1. Ethan Ackerman at Technology & Marketing Law Blog

Ethan Ackerman, an attorney and former legislative and technology counsel in the US Senate, has reviewed the book as a guest blogger on Professor Eric Goldman’s Technology & Marketing Law Blog. He writes:

It is this aspect of Solove's book - the deep AND wide thinking about an individual's interaction with the modern Internet - that moves the book out of the one-point-rigorous-analysis of an academic article and the semi-random anecdotal topicality of a blog post and into the category of critical (in the must-read sense) literature. Where Solove's previous work tackled the pressing but somewhat solvable problems that arose from individuals losing control of their personal information to government and commercial entities, this book tackles individuals' loss of access and control of their information at the hands of other individuals - and, increasingly, by their own hand on blogs, social networking and image sharing sites of their own.

One of the things that enticed me to write about the issues in my book was the fact that they are so difficult to solve. In the end, there's no good solution, just ways to cope. Ethan understands and sympathizes with my struggle, and he w