Privacy and Tattletales

What happens when a commenter’s privacy expectations collide with a would-be tattletale? This recent news story raises that question, with some interesting facts.

The story began when a pseudonymous commenter stopped by the St. Louis Post-Dispatch site and left a vulgar comment in the reader commentary section. The site admin deleted the comment, and the commenter re-posted it. At this point, the site admin decided to do some basic sleuthing. He traced the commenter’s IP address to a local school, and then he alerted the school (which turned out to be the commenter’s employer) that the vulgar comment had originated from its IP address. The school’s sysadmin was able to trace it from there, and the commenter ultimately lost his job.

I don’t know that any legal privacy rights have been violated here. (Dan?) But this does seem like overreaching by the site admin. Penalties like comment deletion or even banning are within the norms of site administration. Ratting someone out to their boss? I’m not so sure.

But what about Autoadmit? Those commenters also thought that their obnoxious comments would be anonymous; and they were also surprised by the way that the veil was lifted. Do they also enjoy a right to privacy in their attacks? The difference, I think, is in the nature of their comment. Autoadmit comments were attacks, targeted at specific women. The Post-Dispatch comment was obnoxious, but not targeted enough that anyone sued over it.

And in addition, autoadmit commenters’ identities were not simply revealed by an administrator’s whim. Instead, plaintiffs had to go through a legal process to obtain that information.

Are those distinctions that matter? Well, if a person’s comments have harmed others to the extent that they are willing to bring suit — as in the Autoadmit case — then perhaps they deserve scrutiny. (Especially given the gendered nature of those harms, as Danielle Citron’s research makes clear.) However, a site admin actively ratting out potty-mouthed commenters to their employers seems to fall on the other side of the line.

Which brings us to the subject I’m sure you’re all waiting for: What does this mean for me?

Well, for one thing, be careful with your comments.

But I can offer a very modest safe space. I can’t change other people’s actions, but I will say this: If you are a commenter here and you begin to ramble or fight or drop into potty humor, I may tell you to cut it out. I may delete your comment. I may even ban you altogether, especially if you show a persistent pattern of problem comments. But I will not send your stupid comments to your employer. They’re a nuisance, but they’re not worth anyone’s job. (One exception — if your comments indicate that you are planning or in the act of committing a crime or action which might endanger other people’s safety, I reserve the right to tell the authorities.)

You may also like...

3 Responses

  1. anon says:

    They characterize their privacy policy and terms of use as contractual – “These Terms of Use and the Privacy Policy constitute the entire agreement between you and us.”

    In the privacy policy, they acknowledge they collect IP addresses, but then describe a use for those IP addresses that does not include ratting you out to your boss. They also promise not to release personally identifiable information without permission, but state inaccurately that IP addresses are not personally identifying.

    Browsewrap contracts are sketchy, and it’s often not clear whether privacy problems are really “agreements” or just aspirational, but their own documents create a litigable legal issue, in my opinion.

  2. AYY says:

    But they didn’t rat him out based on something he said on his own computer. If he used a school computer hasn’t he waived his privacy rights as to the school’s knowledge of what he’s doing?

  3. Neil Richards says:

    I’ve worried about this problem, too. In cases like these, there’s probably no breach of the contractual privacy policy, tort privacy law, or statutory privacy rules. But that doesn’t mean what the journalist did was right/optimal/fair/nice/etc. I’ve argued that where privacy law is inapplicable (or inappropriate), norms can and should fill the gap. Specifically, web admins need to adopt the professional norms of confidentiality that librarians have adopted for decades. The argument can be found in longer form here: