Category: Privacy (Gossip & Shaming)

No More Secret Dossiers: We Need Full FTC or CFPB Investigation of “Fourth Bureau” Reputation Intermediaries

There is a superb article by Ylan Q. Mui on the growth of new firms that create consumer reputations. They operate outside the traditional regulation of the three major credit bureaus. Mui calls this shadowy world of reputational intermediaries the “fourth bureau.” The Federal Trade Commission should conduct an immediate investigation of the “black box” practices described by an industry leader in the article. This should be part of a larger political and social movement to stop the collection of “secret dossiers” about individuals by corporate entities. The Murdoch scandal now unraveling in Britain is only the most extreme example of a wholesale assault on privacy led by unscrupulous data collectors.

Once a critical mass of data about a person has been collected for a commercial purpose, she deserves to know what the data is and who is gathering it. Once an educator, employer, landlord, banker, or insurer makes a decision based on that data, the affected individual should be able to challenge and correct it. I have made a preliminary case for such reforms in my chapter Reputation Regulation, in this book. I now think this agenda is more urgent than ever, given the creeping spread of unaccountable data mining in the internet sector to a wild west of reputational intermediaries.

From a Fair Credit Reporting Act to a Fair Reputation Reporting Act

To understand why, it’s helpful to take a step back and look at how poorly regulated even the established credit bureaus are. As Shawn Fremstad and Amy Traub have noted in the Demos report Discrediting America, ample empirical evidence has confirmed that a vast number of traditional credit bureau files are erroneous:
Read More


When Can Public Schools Discipline Students for Off-Campus Speech?

I’ve been spending a lot of time lately focusing on privacy issues at schools.  I find these issues fascinating, and I have been working on them in the trenches, as I created a company last year to provide tools and resources to schools to help them better address privacy problems and to develop a comprehensive privacy program (or enhance their existing privacy program).  The company is called TeachPrivacy.  If you’re a school official (K-12, higher ed), a teacher/professor, or a concerned parent, please contact me if you’re interested in my project.

My immersion in this project is one of the reasons I haven’t been blogging as frequently of late.  But today, there was a great convergence between blogging and my company, and I worked up a lengthy analysis of two new federal appellate cases involving the First Amendment and off-campus speech.  The issue has important ramifications for how public schools deal with cyberbullying and other harmful speech online.

The U.S. Court of Appeals for the Third Circuit just issued two important decisions regarding a public school’s power to discipline students for off-campus speech.  Both cases were previously decided by Third Circuit panels (three judges from the court).  The Third Circuit, acting en banc (the full court) vacated these decisions, reheard the cases, and has now issued new opinions in both.

Layshock v. Hermitage School District

On a computer outside school grounds, a high school student (Justin Layshock) made a fake MySpace profile in his principal’s name.  Using a photo of the principal, the student impersonated the principal and answered a series of questions.  He wrote:

Birthday: too drunk to remember
Are you a health freak: big steroid freak
In the past month have you smoked: big blunt3
In the past month have you been on pills: big pills
In the past month have you gone Skinny Dipping: big lake, not big dick
In the past month have you Stolen Anything: big keg . . . .

Later on, at school, the student used a computer to access the profile and he showed it to other students.  Some students were looking at the profile in a computer lab class and giggling.  School officials eventually limited computer use for a period of 5 days and cancelled computer programming classes.

The student later admitted to writing the profile and apologized to the principal.  Later on, the district punished the student with a 10-day suspension, banned him from extracurricular activities, and did not allow him to participate in graduation ceremonies.  The student challenged the discipline as a violation of his First Amendment right to free speech.  In Layshock v. Hermitage School District (3rd Cir. June 13, 2011) (en banc), the court sided with the student.

The prevailing standard for when schools can impose discipline for off-campus speech was developed from the U.S. Supreme Court’s decision Tinker v. Des Moines Independent Community School District, 393 U.S. 503 (1969).  When off-campus speech causes a material and substantial disruption of the school environment, the school can impose discipline.  Otherwise, off-campus speech would receive full First Amendment free speech protections (unless it were a threat). This is known as the “substantial disruption” standard.

In Layshock, the court noted that the school district was not claiming there was a “substantial disruption.”  Instead, the school wanted the court to recognize that there was a “sufficient nexus” between the profile and the school to allow the school to regulate it.  Layshock took a picture of the principal from the school’s website, the speech was “aimed at the School District community and the Principal and was accessed by Justin [Layshock].”  The court held:

Read More


Bullet, So Not Dodged

The question that I had been dreading came at last: “Mom, can I have a Facebook page?”  My daughter provided a strong defense: she’s 13, so she meets Facebook’s Terms of Service age requirement; she’s nearly an adult in her religion’s eyes (her bat mitzvah is in a week); past practices proves she’s responsible; and well, she feels ready.  (And I just discovered, she’s done her homework: see this Yahoo Answers! “My mom won’t let me get a Facebook page, how do I convince her?” thread that I found on my computer).

Next came the conversation.  We talked about how increasingly social media activity is part of one’s life’s biography.  Anything said and done in social network spaces becomes part of who you are in our Information Age.  Colleges may ask for your Facebook password.  Over 70% of employers look at social media data for interviewing and hiring (and sad to say, the outcomes are grim for applicants who over 60% of the time don’t get the interview or job due to social network profiles).  It’s not just what you post that speaks volumes — your social network (friends and their friends) tells some of your story for you.  There goes any control that you thought you had.  FB users often wrestle with whether they should de-friend those whose online personas don’t match their sensibilities (or the way in which they want others to perceive them).  This means that users need to keep a careful eye on their friends’ profiles (as well as ever-changing privacy settings).

That’s a lot of responsibility.  Or, as Bill Keller of the New York Times put it when he allowed his 13-year old daughter to join Facebook, he felt “a little as if I had passed my child a pipe of crystal meth.”  Beyond the potential privacy and reputational concerns that accompany social media use, an online life has other potential perils, like overuse (and thus inattention to studies, face-to-face family time, etc.) that cyber-pessimists underscore (see Nicholas Carr’s The Shallows).  And bullying, serious harassment, bigotry increasingly appear in mainstream social media in ways that kids can’t necessarily avoid (my work explores those problems, see here, here, and here, as well as terrific work by guest bloggers Ari Waldman and Mary Anne Franks).  Of course, there’s also lots of positive stuff emerging from these networked spaces.  Social media outlets like Facebook allow us to enact our personalities.  They let us express ourselves in ever-changing and expanding ways.  FB and other outlets host civic engagement as Helen Norton and I have emphasized.

I wonder, too, if my kid has a meaningful choice.  Can digital natives really stay away from social media if all of their friends socialize there?  And will employers and colleges expect that applicants partake in these activities because everyone else does?  Someday, will resisting having a Facebook profile express something negative about you?  Will it signal that you’re not socially adjusted or successful?  As Scott Peppet underscores in his work, we may be forced to give up our privacy to show that we are indeed healthy, social, smart, and the like.  That’s a lot to process, right?  I’m going to chew on this a while.  Your thoughts are most welcome!


Technology Musings

Recently the New York Times carried a front page story about an eighth grade girl who foolishly took a nude picture of herself with her cell phone and sent it to a fickle boy – sexting. The couple broke up but her picture circulated among her schools mates with a text message “Ho Alert” added by a frenemy.  In less than 24 hours, “hundreds, possibly thousands, of students had received her photo and forwarded it. In short order, students would be handcuffed and humiliated, parents mortified and lessons learned at a harsh cost.”  The three students who set off the “viral outbreak” were charged with disseminating child pornography, a Class C felony.

The story struck a nerve, not only with the affected community, but with the Times’ readers as well.  Stories about the misuse and dangers of technology provide us with opportunities to educate our students, and us. In a Washington State sexting incident, for example, the teen charged had to prepared a public service statement warning other teens about sexting to avoid harsher criminal penalties.  But the teen’s nude photo is still floating around.  Information has permanence on the internet.

Few of us appreciate how readily obtainable our personal information is on the internet.   Read More


The Sext Wars: Consent, Secrecy, and Privacy

The sexting phenomenon reveals much about contemporary social attitudes towards sexual expression, consent, and privacy, especially with regard to minors. One of the most troubling aspects of the debate over what can and should be done about “sexting-gone-bad” scenarios is the tendency to treat the parties involved as more or less moral and legal equivalents. A typical “sexting-gone-bad” scenario is one in which a young person takes an intimate cellphone photograph of him- or herself, forwards it to an actual or potential romantic interest, and discovers that this photograph has been forwarded to many other individuals, including strangers, classmates, and family members. There are at least four distinct categories of individuals involved in such a scenario: the creator of the image, the intended recipient, the distributor, and the unintended recipient. The second and third categories are sometimes the same person, but not always, and the number of individuals in the fourth category is potentially enormous. The legal response in many of the first sexting cases was to bring child pornography charges (creation, distribution, or possession) against all the individuals involved; the social response has likewise treated the various players as roughly morally equivalent. In some sexting cases, the distributors of the images have not been charged at all, whereas the creators have been. The view that the creators of sexual cellphone images are as bad as or worse than the distributors of those images combines many  troubling social attitudes about sexual expression and privacy.

First and most obviously, child pornography is clearly not the right frame of reference for the majority of these cases. The specter of child pornography, rightly invoked in relationships marked by coercion, exploitation, and serious asymmetries of age and power, is too often applied to any situation involving minors and sexuality. Whatever legitimate concerns society might have about sexual activity among consenting teenagers of roughly the same age, they should be clearly distinguished from concerns about pre-pubescent sexual activity and sexual contact between adults and children. The fact that the consequences of a conviction for child pornography include lifelong registration as a sex offender illustrates how poorly suited child porn charges are for most sexting cases.

Thankfully, states have begun to move away from the knee-jerk use of child pornography charges in sexting cases, but the treatment of creators as equal to or worse than distributors persists in both legal and social responses to sexting. The most alarming feature of this equivalence is its erasure of the significance of consent. In the typical sexting scenario (I leave to one side what I would call “harassment sexting” and deal only with images that the creator reasonably believes are welcome) a minor makes a choice to reveal herself sexually to one other person. We may think her choice is unwise or unduly motivated by social pressure, but we must recognize that it is in any event a consensual sexual act (barring extreme youth or mental incapacity). By contrast, the person who distributes the image to other individuals acts not only without consent but most often with the full knowledge and intent that the creator will be humiliated by the distribution. Thus, the distributor engages in a non-consensual sexual act. There is nothing equivalent about consensual and non-consensual sexual acts –  the person who sends an image of herself to another person is not equally or more responsible than the person who takes that image and forwards it to hundreds of others. To hold otherwise is to engage in victim-blaming, whether the act in question is sexting or sexual assault. A civilized society recognizes that a person subjected to non-consensual sexual activity should not be scrutinized for what she wore, how much she drank, whom she flirted with, or whether she sent someone a sexual image of herself. The only proper and relevant question is whether she consented to the act in question. Read More


New Privacy Law Reference Book: Privacy Law Fundamentals

Professor Paul Schwartz (Berkeley School of Law) and I recently published a new book, PRIVACY LAW FUNDAMENTALS.  This book is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases.

The book explains the major provisions of all of the major privacy statutes, regulations, cases, including state privacy laws and FTC enforcement actions. It provides numerous charts and tables summarizing the privacy statutes (i.e. statutes with private rights of action, preemption, and liquidated damages, among other things). Topics covered include: the media, domestic law enforcement, national security, government records, health and genetic data, financial information, consumer data and business records, government access to private sector records, data security law, school privacy, employment privacy, and international privacy law.

This book provides an concise yet comprehensive overview of the field of privacy law for those who do not want to labor through lengthy treatises.  Paul and I worked hard to keep it under 200 pages — our goal was to include a lot of information yet do so as succinctly as possible.   PRIVACY LAW FUNDAMENTALS is written for those who want a handy reference, a bird’s eye view of the field, or a primer for courses in privacy law.

We wrote this book to be a useful reference for practitioners — ideally, a book they’d keep at the corner of their desks or in their briefcases.

We also think it can serve as a useful study aid for students taking privacy law courses.

You can check it out here, where you can download the table of contents.


Salutary Legislative Efforts to Permit Pseudonymous Litigation

Cyber harassment often invades victims’ privacy by exposing their sensitive personal information, revealing photographs, and the like.  Because search engines reproduce information cached online, time’s passage cannot alleviate their reputational, emotional, and physical damage.  Unlike newspapers, which were once only easily accessible in libraries after their publication, search engines now index all content on the web, and can produce it instantaneously.  Victims must live with digital privacy invasions that are deeply humiliating, reputation-harming, and potentially dangerous, as well as searchable and accessible from anywhere, and by anyone, in the world.  Often, the information is taken out of context, producing a distorted and damaging view of the person.

While lawsuits can serve to redress victims for these harms, they also risk compounding the severity of these privacy problems.  Law often permits victims to sue perpetrators for intentional infliction of emotional distress, invasion of privacy, and defamation.  But victims typically must bring such civil lawsuits in their own names.  As a result, the complaints, which are available to the press and interested individuals, further publicize the cyber harassment, exacerbating the privacy harms suffered by victims.  In turn, victims may refrain from pursuing their harassers in court not because they lack legitimate claims but because they fear exposing themselves to further privacy invasions.

Hawaii’s proposed Senate Bill 288, if enacted, could be invoked to combat this problem when the online harassment occurs in domestic abuse cases.  The bill would permit pseudonymous papers “in cases of alleged domestic abuse where the alleged victim has already received an order of protection, temporary restraining order, or protective order against the accused party.”  The bill covers cases where pseudonymous filing is “reasonably necessary to protect the privacy of the alleged victim and will not unduly prejudice the prosecution of the defense.”  The proposed legislation permits victims of domestic abuse, including cases involving online harassment, to bring law’s coercive power to bear against perpetrators.  Because the bill allows courts to weigh the victim’s interest in privacy against the public’s interest in disclosure, it aims to protect privacy and transparency.  Disappointingly, however, the bill only covers cases involving domestic abuse, thus failing to reach instances of online harassment involving privacy invasions where victims may refuse to sue their attackers for fear of publicity.


The Ugly Persistence of Internet Celebrity

Many desperately try to garner online celebrity.  They host You Tube channels devoted to themselves. They share their thoughts in blog postings and on social network sites.  They post revealing pictures of themselves on Flickr.  To their dismay though, no one pays much attention.  But for others, the Internet spotlight finds them and mercilessly refuses to yield ground.  For instance, in 2007, a sports blogger obtained a picture of a high-school pole vaulter, Allison Stokke, at a track meet and posted it online.  Within days, her picture spread across the Internet, from message boards and sport sites to porn sites and social network profiles.  Impostors created fake profiles of Ms. Stokke on social network sites, and Ms. Stokke was inundated with emails from interested suitors and journalists.  At the time, Ms. Stokke told the Washington Post that the attention felt “demeaning” because the pictures dominated how others saw her rather than her pole-vaulting accomplishments.

Time’s passage has not helped Stokke shake her online notoriety.  Sites continuously updated their photo galleries with pictures of Stokkes taken at track meets.  Blogs boasted of finding pictures of Stokke at college with headings like “Your 2010 Allison Stokke Update,” “Allison Stokke’s Halloween Cowgirl Outfit Accentuates the Total Package,” and “Only Known Allison Stokke Cal Picture Found.”  Postings include obscene language.  For instance, a Google search of her name on a safety setting yields 129,000 results while one with no safety setting has 220,000 hits.  Encyclopedia Dramatica has a wiki devoted to her (though Wikipedia has faithfully taken down entries about Ms. Stokke).

Read More


The Offensive Internet

Harvard University Press recently published The Offensive Internet: Speech, Privacy, and Reputation, a collection of essays edited by Saul Levmore and Martha Nussbaum.  Frank Pasquale, Dan Solove, and I have chapters in the book as do Saul Levmore, Martha Nussbaum, Cass Sunstein, Anupam Chander, Karen Bradshaw and Souvik Saha, Brian Leiter, Geoffrey Stone, John Deigh, Lior Strahilevitz, and Ruben Rodrigues.  Stanley Fish just reviewed the book at New York


The Year in Privacy Books 2010

Here’s a list of notable privacy books published in 2010.

Previous lists:

Privacy Books 2009

Privacy Books 2008

This list contains a few books published late in 2009 that I missed on the 2009 list.

Adam D. Moore, Privacy Rights: Moral and Legal Foundations (Penn. St. U. Press 2010)

My blurb: “Privacy Rights is a lucid and compelling examination of the right to privacy.  Adam Moore provides a theoretically rich and trenchant account of how to reconcile privacy with competing interests such as free speech, workplace productivity, and security.”

Cass Sunstein, On Rumors (Farrar , Strauss and Giroux 2009)

A very short essay on the damage wrought by false online rumors and a discussion of how and why such rumors spiral out of control, such as the phenomena of social cascades and group polarization.  The book is worth reading, but quite short for a book (only 88 pages of primary text, in a very tiny book the size of a paperback).

Stewart Baker, Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism (Hoover Institution Press 2010)

A provocative argument for stronger security protections and a vigorous attack on privacy.  The arguments against privacy are often glib and dismissive, but the book is worth reading for Baker’s extensive personal experience dealing with the issues.

Christena Nippert-Eng, Islands of Privacy (U. Chicago 2010)

A fascinating sociological account of people’s attitudes toward privacy and their behaviors with regards to preserving their privacy.  It contains numerous interviews, quoted copiously, of people in their own voices discussing how they conceal their secrets.  Engaging and compelling reading.

Hal Niedzviecki, The Peep Diaries: How We’re Learning to Love Watching Ourselves and Our Neighbors (City Lights Press 2009)

This book is an extended essay on self-exposure online.  It is filled with many interesting anecdotes.  The book has a journalistic style and raises observations and questions more than it proposes solutions or policies.  The “notes” at the end consist only of a brief bibliography for each chapter, and there are no indications of which facts in the book came from which particular sources — a pet peeve of mine.

Bill Bryson, At Home: A Short History of Private Life (Doubleday 2010)

An extensive history of the home, which as I’ve explored in some of my own writings, plays an important role in the history of privacy.  Bryson’s narrative reads well, but he only supplies a bibliography at the end — no endnotes or indications of the sources of particular facts and details.  I find this practice to be quite problematic for a work of history.

Shane Harris, The Watchers: The Rise of America’s Surveillance State (Penguin 2010)

An engaging narrative that chronicles the surveillance and security measures the United States undertook after 9/11.  Filled with interesting facts, the book reads like a story.

Robin D. Barnes, Outrageous Invasions: Celebrites’ Private Lives, Media, and the Law (Oxford 2010)

There are some very interesting parts of this book, but it at times seems like a grab bag of topics relating to celebrities and its central argument could use more development.  Nevertheless, it is worth reading because it discusses some interesting cases and explores comparative legal perspectives on the issues.

David Kirkpatrick, The Facebook Effect (Simon& Schuster 2010)

A fascinating account of the rise of Facebook.  There are times when Kirkpatrick seems too sympathetic to Mark Zuckerberg and Facebook, but overall, this book is illuminating and engaging.

Viktor Mayer-Schonberger, Delete: The Virtue of Forgetting in the Digital Age (Princeton 2009)

An interesting discussion of the “right to be forgotten.”  Some of the ground in this book appears to be already well-trodden, but Mayer-Schonberger’s keen insights on data retention and destruction make it a worthy addition to the literature.