Saturday, July 25, 2015

invocations of Digital Millenium Copyright Act to stop internet revenge porn and data from Ashley Madison hack spark discussions of what the DMCA was NOT intended for

One of the challenges facing people in the age of the internet is that we're looking at the disclosure and distribution of stuff that was never intended to be published or publicly accessible.  The hack of Jennifer Lawrence's personal photographs is an example.  Now there are those who, not without some cause, suggest that the first line of prevention would be never taking nude selfies.  Points noted, but Terry Teachout blogged about the facile reasoning behind that.  For those who didn't read what he had to say he was just talking about the stuff people knowingly and voluntarily published.
Should unhappy shamees know better than to post the silly selfies and tasteless tweets that get them into trouble? Perhaps, but it’s too easy to answer yes. Twitter, after all, wasn’t created until 2006, and it took a fair amount of additional time for it to become a fully empowered agent of the secular arm of politico-personal correctness. We are still adjusting to that horrific development.

But Lawrence found herself dealing with information (i.e. images) she never intended for publication.  The technology of access and replication we have has advanced farther than our reasoned discourse on what constitutes socially accepted ethics for access in use in a way that can be easily enforced.  And why shouldn't this be a problem we face?  Our money isn't money, our money is information.  Who you are as a citizen is in many respects reducible to a single number, your SSN.

As it notes in a history on its website, “The Social Security number was created in 1936 for the sole purpose of tracking the earnings histories of U.S. workers. … The card was never intended to serve as a personal identification document.”

It can be easy to not feel any sympathy for users of Ashley Madison resources.  The nature of the hack and the personal information compromised is possible in other contexts.  There aren't necessarily legal precedents for this kind of thing.  The DMCA shouldn't apply since it was designed to protect copyrights of formally published commercially available content, not hacked nude selfies.
When Jennifer Lawrence’s personal photographs were stolen by a hacker and posted online her lawyers used the DMCA to block their spread since technically, she (and other women who were victimized by the photo theft) owned the copyright for the stolen pictures. In the case of the Ashley Madison hackers, company lawyers claim that ALM “owns” their customers’ content and thus have legal grounds to send DMCA takedown notices to prevent it being published online.  Although I’m not legal expert, it seems like a stretch.

old and broken as it is, is the only tool creators have to protect their work. When ALM lawyers send takedown notices in situations like this only serves to muddy the waters and give critics of the law ammunition to attack it.

One can understand why ALM is moving quickly to protect their business model, but shouldn’t the DMCA be reserved for clear instances of real copyright infringement?  Can the operators of Ashley Madison really claim to own the photographs and biographical material of its clients?

Perhaps ironically the group that did the hack claims they decided to publish information to demonstrate what they considered to be consumer fraud on the part of ALM.

As Mr. Krebs reported, “The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.”

Without paying that fee, accounts were hidden but not actually deleted. Therefore, they could still be accessible by anyone who can figure out the password – whether a hacker or suspicious spouse. But the Impact Group claims that even users who do pay to have their profiles, conversations, posts, and pictures removed still have personally identifying information such as real names and addresses in the company's databases.

While I'm not defending the group or perpetrator behind the Ashley Madison data breach, the company's practice of only deleting customers' most intimate data for a fee is strikingly similar to revenge porn. What's more, Ashley Madison is able to protect its users from being exposed through the DMCA because it claims ownership over users' photos and conversations in order to charge an extortion-like "administrative fee" for a full account delete.

In both cases, and in the case of revenge porn as well, property rights determine whether or not intimate details of people’s lives can be published against their will

Theoretically, but we live in a civilization in which our money isn't necessarily money, it's information.  Isn't that basically what we mean by fiat currency?  Our identities themselves can be construed, in a social and political and economic sense, not so much as who we really are in our physically embodied selves but the information about us within the massive array of information networks. 

The hackers stated that there was information which was not truly deleted even after ALM charged participants to have it deleted.

In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

Their demands continue:
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”

So there's that. It's possible for people to have information about them disclosed on the internet that they don't want disclosed but may not be able to control.

Thing is, this can go the other way in an information culture.  Thanks to a clerical error you can be pronounced dead because somebody at the Social Security office mistypes a number that gets you declared dead even though you're very much alive.
If a clerical error by a government employee gets you declared dead by the Social Security administration the burden of proof's gonna be on you to prove you're not dead and restore your own credit history. 

Who you are as a physical person is one thing, who you are on the internet and who you are as information in an information economy isn't quite the same thing.  If we have not fully come to terms with how to handle the consequences of stuff we voluntarily publish in wisdom or folly, we're less adept at figuring out how to formulate legal reactions to the disclosure and distribution of information that has been published that was never meant to be published.

No comments: