Law and Revenge Porn

The New York Times has an interesting article on attempts to use law to combat revenge porn. It quotes a series of experts, including Danielle Citron, Mary Anne Franks, Eric Goldman, Eugene Volokh, Charlotte Laws, and Marc Randazza. (Danielle has an excellent new book out on the topic, which I recommend. Disclosure: she kindly asked me for feedback on drafts.) So far, there have been a variety of tactics employed: tort law, state criminal law, breach of confidence claims, and proposals for a federal criminal law. Barriers range from the immunity for intermediaries from Section 230 of the Communications Decency Act to law enforcement indifference. I favor trying different moves until we find one that works with minimal countervailing costs. But, both the NYT and legal scholars overlook a mechanism that I find to be the most promising: intellectual property law. Today, I’m going to explain why I think using copyright, in particular, to deal with this problem is the most sensible approach. In the next post, I’ll outline the substance of my proposal.

Concentrating on revenge porn sets the focus too narrowly. Revenge porn is parasitic upon a larger trend that is socially valuable and desirable: the creation and sharing of intimate media – nude or sexually explicit photos or videos – among consenting partners. Intimate media can bring people together – it allows them to express romantic and sexual feelings in new ways. People take revealing photos of themselves with smartphones and share them with a spouse. They engage in steamy Skypeing. They record themselves in intimate activity and watch the videos later. Partners in long-distance relationships can use intimate media to overcome limitations of space and distance. For people with minority sexual preferences, creating intimate media can help them challenge prevailing gender norms, empower them to engage with others while protected by greater anonymity and psychological distance, and permit them greater control over self-representation. This type of sharing is increasingly lauded by mainstream media, relationship counselors, and that reliable bellwether of safely provocative tastes, Cosmopolitan magazine. Put simply, the consensual use of intimate media is merely a technological update to long-established romantic practices, from love letters to racy poems to phone sex. Thus, we should structure legal regulation to both encourage production of intimate media, by consenting partners, and to discourage abuse of those photos and videos.

Production of intimate media, though, is threatened by revenge porn, among other abuses. Partners who are considering sending a racy photo to a loved one may hesitate, or abstain, based on fears it will spread beyond the intended audience (usually, an audience of one). And they’re right to worry: non-consensual distribution and display of this content is regrettably common. Researcher Holly Jacobs found that 22% of heterosexual respondents to her survey, and 23% of LGBT ones, had experienced someone sharing intimate media without their consent. Revenge porn causes tangible injuries: recruiters reject job candidates for inappropriate photos on the ‘Net, or on social media. Anecdotal evidence abounds: the “drunken pirate” teacher denied an education degree, or the high school English teacher forced to resign for modeling swimsuits online – even under an assumed name. And revenge porn causes less tangible injuries: it deprives subjects of the power to decide with whom they share sensitive, even secret aspects of themselves. The problem is also, presently, a gendered one – women appear to be disproportionately targeted, perhaps reinforcing social norms about sexual activity (a man who is sexually active is a playboy, a woman who is so is a whore). Revenge porn not only harms those people captured in the images or videos, it also deters others who would find benefit in sharing intimate media with a partner. Thus, I view the social disutility of revenge porn even more broadly than most scholars do.

What we need is a regime that regulates this type of material to encourage the creation of consensual intimate media, and to discourage non-consensual distribution and display (such as revenge porn). That sounds exactly like what copyright law does: it establishes legal rules that lead people to generate content by punishing forms of unauthorized sharing and use. Intimate media are one example of amateur, non-commercial production of expressive content. And, they are a fragile example: the risk that an intimate photo or video will spread beyond its intended audience deters at least some people from creating this material. Using copyright as a mechanism is appealing – it simultaneously punishes unauthorized sharing or display as infringement, with the usual panoply of remedies available, and it encourages production of intimate media by assuring creators that the law will enforce their choice of audience.

This argument tends to draw objections both from copyright scholars and from privacy scholars. Copyright experts sound complaints in at least two forms. First, using copyright law in this fashion is an undesirable deviation from the proper goals or contours of the doctrine. Second, other mechanisms, such as privacy law or criminal law, are better suited to this purpose. Privacy scholars typically sign on to the second objection, and also prefer to deploy legal regimes that they view as having greater expressive power regarding the problem of revenge porn.

I’ll take up the first objection in my next post, but want to note briefly that, if one argues my proposal departs from the true path of copyright, one bears the onus of establishing what that path is and where it leads. As for expressivism, I think criminal sanctions likely do carry greater moral disapprobation than copyright ones. However, as I explain below, I think copyright offers greater enforcement and, concomitantly, greater deterrence for potential violators and greater relief to victims. I’m willing to trade inchoate condemnation for concrete relief.

Privacy law is the most intuitive answer to the problems intimate media face. The content is intended for a limited audience that is usually connected closely to the creators or people featured in it, and so unauthorized distribution feels like a privacy violation. But, I think a privacy approach has three potential shortcomings. First, privacy law does not yet take seriously the promise and potential of intimate media. Rather, it focuses exclusively on the harms that flow from unauthorized sharing. Copyright, by contrast, embraces intimate media – it creates a generative legal regime for consensual content, and reduces harm by treating it as infringement. Second, under Section 230 of the Communications Decency Act, privacy laws (with the important exception of federal criminal statutes) do not apply to intermediaries such as Web sites. Thus, they fail to address the key harm that unauthorized distribution and display creates: the ongoing availability of material even after the initial disseminator has been punished. While privacy scholars often advocate repeal or alteration of Section 230, their proposals have proved politically non-viable to date, and they would likely exact significant, undesirable costs on intermediaries, who would have to engage in proactive monitoring of their sites or services. Lastly, even if Section 230 were modified, First Amendment objections from intermediaries might well block privacy enforcement against them. Copyright works in alignment with Section 230, and has built-in accommodations for First Amendment interests.

Similarly, criminal law appears attractive at first blush: it leverages the investigative powers of the state, bypasses 230′s immunity, and brings societal stigma to bear upon offenders. However, I think criminal law has three important drawbacks relative to copyright. First, enforcement levels are likely to be lower. Prosecutors – especially federal ones – face significant resource constraints. Revenge porn cases would compete with ones focused on terrorism, narcotics, white collar crime, immigration violations, and so forth. A useful parallel is criminal enforcement of IP laws. In 2008, Congress passed the PRO IP Act, which devoted additional resources to IP prosecutions, and the Obama administration has made criminal enforcement a relative priority. Yet prosecution is still rare: each year since 2008, the Department of Justice has brought fewer than 200 cases per annum, charging fewer than 300 defendants. Contrast that to the scale of private enforcement by the RIAA and MPAA alone. Second, the current problem with prosecution of revenge porn appears to be a lack of interest from law enforcement, not a dearth of legal tools. Danielle Citron’s new book documents quite extensively the reluctance of police to investigate, and prosecutors to charge, such cases. Indeed, the prosecution of Holly Jacobs’s former boyfriend drew significant media attention precisely because of its rarity. New laws will not in themselves drive more cases. Distributed, private enforcement under copyright is likely to be far more effective. And, finally, here too First Amendment scrutiny is a significant hurdle. Under Chief Justice John Roberts, the Supreme Court has been increasingly skeptical of laws that criminalize the sharing of information, from prescription data to animal crush videos to protests at funerals to violent video games to lies about one’s military service. Any criminal law will have to be crafted and drafted with particular care to survive review. Copyright, by contrast, has well-established First Amendment safeguards that receive considerable judicial deference.

To summarize: revenge porn is parasitic upon the socially valuable trend of consenting partners creating, and sharing with one another, intimate media. Copyright law holds the most promise to encourage consensual use while punishing unauthorized sharing and display. In the next post, I’ll lay out my proposal, and address a few potential objections to it.

Copyright and the Naughty Bits

My article Exposed is now up on SSRN. It’s coming out in volume 98 of the Minnesota Law Review in 2014. Here’s the abstract:

The production of intimate media – amateur, sexually explicit photos and videos – by consenting partners creates social value that warrants increased copyright protection. The unauthorized distribution of these media, such as via revenge porn, threatens to chill their output. To date, scholarly attention to this problem has focused overwhelmingly on privacy and criminal law as responses, neglecting the power of intellectual property doctrine to curtail harms and spur beneficial uses. Copyright law leverages an established, carefully limited system of intermediary liability that addresses the true risks of abuses, such as revenge porn. Importantly, copyright is also consonant with key statutory protections, such as Section 230 of the Communications Decency Act, that protect the thriving Internet ecosystem.

This Article proposes creating within the Copyright Act a right for identifiable people captured in intimate media to block unauthorized distribution and display of those images or video. It then uses the proposal, and issues for intimate media more broadly, as a window into contentious scholarly debates over the nature of authorship and the balance between copyright and free speech. The Article closes by identifying the rise of intimate media and its concomitant challenges as part of the ongoing revolution in information production.

Feedback welcomed!

On Jurisdictional Sequencing

My colleague and friend Alan Trammell, a civil procedure expert, has posted a great new paper to SSRN, titled Jurisdictional Sequencing (47 Georgia Law Review 1099 (2013)). Here’s the abstract:

This Article offers a critical re-assessment of subject matter jurisdiction, arguably the most fundamental constraint on federal courts. The project examines the nature and purposes of subject matter jurisdiction through the lens of jurisdictional sequencing, a practice that allows a federal court to decide certain issues — and even dismiss cases — before it has verified subject matter jurisdiction.

Despite many scholars’ antipathy toward jurisdictional sequencing, it is a legitimate practice that reveals a nuanced understanding of jurisdiction’s unique structural role in protecting federalism and separation of powers. Specifically, elected institutions have principal responsibility for crafting conduct rules that regulate people’s primary activities. Federal courts may interpret and apply conduct rules — and thus in a meaningful sense “make law” — only when they have verified their subject matter jurisdiction. By contrast, federal adjudication does not implicate the structural concerns at the heart of subject matter jurisdiction when courts dismiss cases based on other rules (what I term allocative rules). Re-imagining the precise role of subject matter jurisdiction reveals how federal courts can decide cases more efficiently and also respect essential constraints on the allocation of powers.

Well worth the read!

Help Research On On-Line Harassment

Colette Vogele is a researcher and attorney who works to combat revenge porn, and who runs the site Without My Consent. She’s launching a survey to measure the incidence of on-line harassment. I’m writing on the topic at the moment, and I can say unequivocally that the field badly needs reliable empirical data. Please participate in the survey! Details are below:

Are you a person, 18 years old or over, who has harassment on the Internet? If so, we would appreciate your taking the time to complete a survey.

Our names are Dan Taube, Keely Kolmes and Colette Vogele, and we would like to request your participation in our research on the experience of online harassment. Being harassed online includes things like having someone intrude into your privacy online, someone using the Internet or mobile phone technology to harm your reputation, or someone stalking you online. We want to learn about the kinds of experiences people have, how they cope, and the resources they use to address the problem.

This study has been approved by the Institutional Review Board of Alliant International University.

As a participant, we will ask you a number of multiple choice questions, and some short answer questions, regarding your experiences of harassment on the Internet. Next, we will ask you to give us information about your age, sex, and similar things. It will take at most 15 minutes to finish the survey.

Your input may help in developing better services and resources for people who have experienced online harassment.

No names or personal information will be linked to the study and your participation will be completely anonymous so long as you do not put your name in your responses. If you should wish to contact the researchers directly, your participation may become confidential rather than anonymous, although your name will not be linked to any of the data you submit.

To be eligible for the study, you must be 18 or older, have had (or be currently having) an experience of online harassment, and be able to read and understand English.

If you meet these requirements and want to participate, you can find the survey at: http://goo.gl/pPg5G

If you do not qualify for the study but you know others who might be interested in participating, feel free to forward this notice or URL.

Thank you for your interest and participation.

The Law of Internet Intermediaries: Meet the New Boss, Same as the Old Boss

I have a short essay, Middlemen, up at the Florida Law Review Forum. It’s a response to Jacqui Lipton‘s thought-provoking article, Law of the Intermediated Information Exchange (bonus: first page is at 1337!). And, it has a footnote about turtles. Here’s the introduction:

Meet the new boss, same as the old boss.

The Internet was supposed to mean the death of middlemen. Intermediaries would fade into irrelevance, then extinction, with the advent of universal connectivity and many-to-many communication. The list of predicted victims was lengthy: record labels, newspapers, department stores, travel agents, stockbrokers, computer stores, and banks all confronted desuetude. Most commentators lauded the coming obsolescence as empowering consumers and achieving greater efficiency; a few bemoaned it. But disintermediation was inevitable.

Jacqueline Lipton’s article “Law of the Intermediated Information Exchange” shows how foolish that conclusion was. Tower Records and Borders bookstores folded, and newspapers struggle to survive. But music fans don’t buy directly from Universal Music or Sony Music—they get the latest Jay-Z or Muse tracks from Apple’s iTunes Music Store. College students surf Craigslist to find listings of apartments for rent. News junkies stay glued to Reddit, or Twitter. Kayak collects cheap flight reservations for us. And Google helps us find . . . everything. We simply swapped one set of middlemen for another.

Gene Patents, Oil-Eating Bacteria, and the Common Law

The Supreme Court issued its decision in Association for Molecular Pathology v. Myriad Genetics today. A unanimous Court (with a short, quirky concurrence from Justice Scalia) held that the patent claims directed to isolated, purified DNA sequences did not recite patentable subject matter under 35 U.S.C. 101; by contrast, those directed to complementary DNA (DNA with the exons removed) did recite patentable subject matter. The case has generated much discussion but little controversy. Myriad’s stock price soared (presumably because the opinion wasn’t even more damaging) and then dipped. And the entire contretemps may be overtaken by whole-genome sequencing.

I think there are three interesting points to the case. First, it exemplifies the wonders and terrors of entangling the common law with complex statutory schemes. Second, it continues the War of the Roses between the Supreme Court and the Federal Circuit. Finally, despite the Court’s invocation of Chakrabarty, it shows how far the law and the society in which it is embedded have traveled since the fights over recombinant DNA in the 1970s and 1980s.

Unlike in copyright law, most of the Supreme Court’s precedent on patent law – at least, its modern precedent – deals with questions of statutory interpretation. Thus, we have KSR v. Teleflex interpreting obviousness (section 103), Microsoft v. AT&T interpreting extraterritorial infringement (section 271(f)(1)), and Merck v. Integra Lifesciences interpreting the research exemption to infringement (section 271(e)(1)). The question is not whether Congress has exceeded its powers under Article I, section 1, clause 8 of the Constitution. Rather, it is how to figure out what Congress meant when drafting the Patent Act. Section 101, which describes what constitutes patentable subject matter, is admirably, dangerously concise: “Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor…”

Genes are a “composition of matter,” as are inoculants of multiple strains of plant root nodule bacteria. But the Supreme Court has held that neither is entitled to a patent. Why? The Court has read into Section 101 three exceptions: laws of nature, natural phenomena, and abstract ideas. The list is short, and yet the Court has had to return repeatedly to this trinity of exceptions to define their scope and meaning. The Court’s precedent has both principled and practical justifications for the exclusions. The principled theory is that none of these three is a product of human ingenuity; rather, they are pre-existing rules of nature that are not, in any sense, inventions. The practical reason is that granting patents over subject matter falling within these zones would confer too great a property right to the alleged inventor – it would hinder, rather than promote, innovation. The challenge is that the theoretical rationale forces the Court into difficult and even absurd line-drawing problems, and the practical one seems to invade Congressional prerogatives as to the best way to generate innovative effort. In short, the Court’s common law drafting of statutory exemptions may have arrived, eventually, at a workable balance, but at the significant costs of uncertainty, judicial effort, and institutional conflict. We might be better off if the trinity had never existed.

Second point: the Court lives to reverse the Federal Circuit. It did so on automatic injunctions for victorious patent plaintiffs, on the test for whether an invention comprises an ineligible abstract idea, on whether the CAFC has exclusive jurisdiction over patent malpractice cases, and now on whether isolated DNA is patent-eligible. (There are more!) My standard explanations for this perpetual battle are that the Federal Circuit was instituted to be pro-patentee, while the Supreme Court carries no such mandate, and that this debate has devolved into a contest of rules (the practitioner-oriented CAFC) versus standards (the more academically-inclined Court). But, if the goal of jurisprudence in the lower courts and courts of appeals is to do justice while not being reversed, the Federal Circuit has a pretty poor recent track record. On the other hand, the uncertainty in the Supreme Court’s opinions often means that the CAFC’s approach has significant gravitational effect, as the emphasis on the “machine or transformation” test in USPTO guidelines and post-Bilski jurisprudence proves.

Lastly, when the Supreme Court decided Diamond v. Chakrabarty in 1980, holding that a General Electric research scientist could patent an invented 0il-eating bacterium carrying four hydrocarbon-metabolizing plasmids, the result was met with no small amount of terror. It was the beginning of corporate control over life itself. It enabled soulless firms to manipulate the very stuff of living tissue, and to block countermeasures with the force of intellectual property law. Today, while advocates have complained about the high cost of Myriad’s breast cancer detection regime, and worried about the effects on women’s health, there is no such comparable disturbance in the Force. We’ve accepted the biotechnology industry (even with the occasional jitter about GMO crops). That’s an interesting commentary on technological change, and perhaps one that makes it easier for the Court to issue its decision in a contentious area.

We haven’t seen the last opinion from the Court on its trio of exceptions. Let the parsing of the opinion begin!

Search and the First Amendment

Jane and I are in Arlington, Virginia, for a conference on Competition Policy in Search and Social Media at George Mason University. Jane, Neil Richards, Dawn Nunziato, and Stuart Benjamin will discuss the interplay of the First Amendment, regulation, and search / social media. I expect an entertaining fight over whether search results are speech, not speech, or something in between.

Reporting Fail: The Reidentification of Personal Genome Project Participants

Last week, a Forbes article by Adam Tanner announced that a research team led by Latanya Sweeney had re-identified “more than 40% of a sample of anonymous participants” in Harvard’s Personal Genome Project. Sweeney is a progenitor of demonstration attack research. Her research was extremely influential during the design of HIPAA, and I have both praised and criticized her work before.

Right off the bat, Tanner’s article is misleading. From the headline, a reader would assume that research participants were re-identified using their genetic sequence. And the “40% of a sample” line suggests that Sweeney had re-identified 40% of a random sample. Neither of these assumptions is correct. Even using the words “re-identified” and “anonymous” is improvident. Yet the misinformation has proliferated, with rounding up to “nearly half” or “97%.”

Here’s what actually happened: Sweeney’s research team scraped data on 1,130 random (presumably) volunteers in the Personal Genome Project database. Of those 1,130 volunteers, 579 had voluntarily provided their zip code, full date of birth, and gender. (Note that if the data had been de-identified using the HIPAA standard, zip code and date of birth would have been truncated.) From this special subset, 115 research participants had uploaded files to the Personal Genome Project website with filenames containing their names. (Or the number might be 103—there are several discrepancies in the report’s text and discrimination matrix which frustrate any precise description.) Another 126 of the subgroup sample could be matched to likely identities found in voter registration records and other (unidentified) public records, for a total of 241 re-identifications.

So, from the subset of 579 research participants who provided birth date, zip code, and gender, Sweeney’s team was able to provide a guess for 241 of them—about 42%. Sweeney’s research team submitted these 241 names to the PGP and learned that almost all of them (97%) were correct, allowing for nicknames.

A few things are noteworthy here. First, the 42% figure includes research participants who were “re-identified” using their names.  This may be a useful demonstration to remind participants to think about the files they upload to the PGP website. Or it might not; if the files also contained the participants’ names, the participants may have proceeded with the conscious presumption that users of the PGP website were unlikely to harass them. In any case, the embedded names approach is not relevant to an assessment of re-identification risk because the participants were not de-identified. Including these participants in the re-identification number inflates both the re-identification risk and the accuracy rate.

However, if these participants hadn’t uploaded records containing their names, some of them nevertheless would have been re-identifiable through the other routes. Sweeney’s team reports that 35 of those 115 participants with embedded names were also linkable to voter lists or other public records, and 80 weren’t. So, taking out the 80 who could not be linked using public records and voter registers (and assuming that the name was not used to inform and improve the re-identification process for these other 35), Sweeney’s team could claim to have reidentified 161 of the 579 participants who had provided their birthdates, zip codes, and gender. Even if we assume that all of the matches are accurate, the team provided a guess based on public records and voter registration data for only 28% of the sample who had provided their birth dates, zip codes, and genders.

In the context of the reidentification risk debate today, 28% is actually quite low. After all, Sweeney has said that “87% of the U.S. population are uniquely identified” by the combination of these three pieces of information. The claim has been repeated so many times that it has achieved nearly axiomatic status.

If anything, the findings from this exercise illustrate the chasm between uniqueness and re-identifiability. The latter requires effort (triangulation between multiple sources), even when the linkable information is basic demographics. Sweeney’s team acknowledges this, reframing the 87% figure as an “upper bound” based on estimates of uniqueness that do not guarantee identifiability. The press has not grasped that this study shows that reidentification risk is lower than many would have expected. Unfortunately reidentification risk is just technical enough to confuse the uninitiated. For a breathtaking misunderstanding of how Sweeney’s results here relate to her earlier 87% estimate, check out MIT’s Technology Review.

When there is a match, the question is whether the zip, birth date and sex uniquely identify an individual. Sweeney has argued in the past that it does with an accuracy of up to 87 per cent, depending on factors such as the density of people living in the zip code in question.

These results seem to prove her right.

Oh my god, no MIT Tech Review. That is not correct.

Though Sweeney’s study has some lapses in critical detail, it is much more careful and much less misleading than the reporting on it. I am especially disappointed by Tanner’s Forbes article.   Since Tanner is a colleague and collaborator of Sweeney’s and is able to digest her results, I am disturbed by the gap between Tanner’s reporting and Sweeney’s findings. The significance that many participants were re-identified using their actual names should not have escaped his notice. His decision to exclude this fact contributes to the fearmongering so common in this area.

Smoke If You Got ‘Em

I’m here in rainy, lovely Eugene, Oregon watching the Oregon Law Review symposium, A Step Forward: Creating a Just Drug Policy for the United States. (You can watch it live.) Jane is presenting her paper Defending the Dog – here’s the conclusion:

The narcotics dog doesn’t deserve the bad reputation it has received among scholars. The dog is the first generation of police tools that can usher a dramatic shift away from human criminal investigation and the attendant biases and conflicts of interests. Moreover, the reaction to the narcotics dog, as compared to the cadaver-sniffing dog, reveals an unsettling tendency to exploit criminal procedure when we are not enthusiastic about the underlying substantive criminal law. The natural instinct to do so may be counterproductive because drug enforcement will persist, with uneven results, and without a critical mass of public outrage.

Drug policy is a little far afield from my usual interests, but given the overwhelming use of Title III warrants (about 85% in 2011) to combat drug trafficking, and pending bills such as CISPA (which allows sharing for national security purposes – trafficking has long qualified), it seems well worth a Friday to learn more. (And, Jane’s empirical work brings some helpful rigor to the issue.) Updates as events warrant…

Privacy Law in Sixty Seconds (or so)

I am occasionally struck by my good fortune to write in an area that has such a supportive community. Much credit is due to the influence, ingenuity, and incessant hard work of Paul Schwartz and Dan Solove. Invariably, every privacy scholar has benefited from Dan’s and Paul’s support. This promotional video for their informal treatise Privacy Law Fundamentals nicely captures the combination of thougthfulness and goofiness that Paul and Dan have fostered. There are some jokes at the expense of celebrities and Europe, which is always good fun. (Privacy Law Fundamentals also happens to be the book I recommend to people who are new to privacy law.)