Following up on my prior column based on two recent books on shame and public shaming, I was curious about the legal implications of this subject. Accordingly, I sought out Bennet Kelley of the Internet Law Center, who agreed to address my questions. I first discovered Bennet when working on my book Worse Than Watergate (2004)—he has written for the Huffington Post for years and shared my concern about former President George W. Bush’s propensity to dissemble about important matters. Then, when I was publishing my most recent book, The Nixon Defense, Bennet invited me to do his weekly radio show, Cyber Law and Business Report where he discusses topics relating to cyber law, although so far we have been unable to schedule it. Here is our email exchange, and it contains information I was unaware of and appreciate having:
Q: Can you summarize in a general way the nature of privacy that a person might have online if he or she is active on social media? Do we give up any privacy rights by opening social media accounts—in addition to information that social media companies might glean from our accounts?
A: By its very nature engaging in social media involves relinquishing some privacy. How much we give up is a factor of the privacy settings of the site and what and how we choose to post information. The important question is do consumers fully understand this when they engage a social media site. My belief is that the answer to this question is both “yes” and “no” since few people actually read site terms. For example, in 2010, a gamer website pulled an April Fools prank where they changed their terms to give consumers a choice of receiving $10 or granting the site the “option to claim . . . your immortal soul,” and only 12 percent chose the cash.
Q: Following up on the situation confronting author and journalist Jon Ronson (via YouTube), who had his identity used by three academics who had their own Jon Ronson Twitter account posting messages generated by algorithms, would the real Ronson have a remedy in the United States?
A: In California he would since the state passed the first in the nation “e-personation” law which outlaws credible attempts to impersonate someone online for purposes of harming, intimidating, threatening, or defrauding another person The law has both criminal penalties and enables a victim to pursue civil remedies for damages or an injunction.
Q: Let’s say you are not a public person and your only public activity is your social media accounts on Facebook and Twitter (or wherever). Can others on Facebook and Twitter attempt to shame you over what might be totally innocent comments that the shamer has chosen to distort or misread? Is there any legal remedy? Does shaming at some point become cyberbullying, if so, when?
A: In 2011, I tweeted about some of the lesser known candidates running for President, one of whom was Sofia the Logos who claimed she was crucified in 2003 by “the Armenian mafia” and is the reincarnation of St. Mary Magdalene.” (Surprisingly she did not win.) I have a stalker who spun that to mean that by quoting such a statement I was adopting it and therefore was an enemy of the Armenian people.
Current law provides civil remedies for publishing false information, with claims for defamation or false light, but damages are difficult to prove, making it very expensive to pursue. If it gets to the point that it involves threats of physical harm or is causing extreme emotional harm then it becomes harassment and a victim may obtain a restraining order.
Q: How have you dealt with your stalker?
A: She was the defendant in a cyber-harassment case I brought in 2009 and will soon be tried for multiple counts of criminal harassment and restraining order violations.
Q: Let’s say you have no social media account whatsoever, that you are a totally private person, but you have fallen on tough times and your neighbors want you to repair and paint your house, and when you do not respond they launch a vicious anonymous attack against you that you learn about from others.
A: This is something all of us face every day. One person who knows even the slightest bit of information about us can upend our lives based on a viral campaign that includes something we did or did not say or do.
In China there is this phenomenon known as the human flesh search engine where social media is invoked to identify and shame someone who may have committed some perceived wrong. Once you are charged and convicted in one swift click, the wrath of social media includes death threats and pressure on your employer to fire you.
Legally it would be possible here in the United States for such a victim to obtain a restraining order or call law enforcement, but whom do you sue or arrest when your tormentors are in the thousands and all you know are their email addresses or fake user names. This requires some effort.
Q: Is there something similar to the “human flesh search engine” operating in the United States? Any examples? And are you saying there is no legal remedy for such aggravated activity?
A: You see it from time to time here, like the disturbed Florida woman who foolishly posted a racist rant towards Dunkin’ Donuts employees, the “MySpace Mom” who pushed Megan Meier to suicide, or the women speaking out against sexism in the video game industry who rightly or wrongly quickly feel the wrath of the “Twittersphere” which may include threats of harm.
The Gamergate controversy has highlighted the failure of the law to properly respond in such cases and Congresswoman Katherine Clark (D-MA), who represents one of the victims, has publicly chided the Justice Department for not doing more to prosecute these types of abuses. Their certainly are civil remedies available to victims, but I think it would send a huge message if law enforcement were more robust in this area.
Q: Setting aside for the moment Section 230 of the Communication Decency Act (CDA) which protects Internet Service Providers (ISPs) from content placed on their services by others, are there any viable legal actions against those who use the Internet to attack others?
A: You have to be creative. For example I am currently drafting a RICO and SPAM complaint against a band of online fraudsters who have bombarded my client with malware. This approach allows us to recover substantially more damages and fees than we would in a simple defamation or false light case.
Q: With regard to Section 230 of the CDA is there a need to change that law so if ISPs are given formal notice that they are publishing false and defamatory material that they be forced to remove it?
A: Among Internet legal authorities, Section 230 is considered by many to be the First Amendment or Magna Carta of the Internet and should never be touched. I think if something is adjudicated to be defamatory it should be taken down. Beyond that we should create better incentives to address online abuse by creating civil penalties and awarding attorneys’ fees in cases of serial defamers.
Q: Does participation in social media where a person vigorously debates public issues result in that person becoming a “limited public figure” under current defamation case law? Do the anti-SLAPP statutes come to play in seeking a legal remedy against abusive Internet conduct?
A: This is an evolving issue and one that remains somewhat unclear, but courts are finding that blog posts and online reviews can raise matters of public interest. In the recent Crystal Cox case, the Ninth Circuit reversed a ruling that only traditional forms of media and not bloggers were entitled to First Amendment protection.
The availability of an anti-SLAPP motion is something a harassment plaintiff must consider before filing any action. Fortunately and unfortunately, the behavior of the worst online offenders is usually sufficiently extreme so as to survive such a motion.
Q: When a person is inappropriately or disproportionately shamed—or excessively attacked by Internet vigilantes—how do you recommend they deal with the problem of all that negative information forever being on the Internet? Do reputation management companies effectively fix the problem, and if they do how do they do it?
A: It often is a multi-faceted approach that includes a legal response, online remediation which includes everything from creating more content to working with SEO [search engine optimization] and reputation repair companies to push the good content up and bad content down in search results; and (where appropriate) a media response to either draw sympathy for the victim or shame the shamers.
Q: Has American law on privacy and defamation kept pace with the Internet? Is there any country whose laws are keeping pace with the problems?
A: Law is reactive, so it will always lag somewhat as problems emerge. At the same time, I do agree with University of Maryland Law Professor Danielle Citron that we have been slow to respond to cyber harassment and even wrote a Huffington Post column entitled The Unbearable Unawareness of Cyber Harassment in 2010.
Even in privacy, the rapid changes in areas like behavioral targeting and big data have been a challenge for policymakers to comprehend and address.
One thing that I would stress is that while existing laws can often be used to address many of these problems, one should not underestimate the normative value of enacting legislation declaring that this city, state, or even nation will not tolerate certain conduct.
As to how we compare with other countries, while I am not an expert on European law, I think the United States has consistently been the first to address many of these issues as they emerged. We may not have always got it right, but I am not sure of another jurisdiction that can say it has done better.
GamerGate is a consumer revolt against games media. It is really that surprising the media is lying about it?
The reason for ‘the failure of the law to properly respond in such cases’ is quite simple. There is nothing to respond to. These are professional victims who lie about being harassed in order to beg for more money for their patreons.
http://en.wikipedia.org/wiki/Gamergate_controversy How were they “professional” victims other than being victims who were professionals?
The Wikipedia article about Gamergate is known to be horribly inaccurate.
I would like to know if factual information regarding unpaid debts can safely be posted on a publicly available website in an attempt to compel a scofflaw to pay or settle the debts.
In this case I have purchased a domain name with the scofflaws name.biz so that all searches for that person will result in a link to the site. I intend to post only verified accounts of unpaid debts.
This person is a “serial entrepreneur” that has left a trail of unpaid contractors all over the country. None of the debts warrant the legal expense to any one person. The scofflaw maintains a public image and social media presence such that it is the one asset that may be “enjoined” in order to compel response to payment requests.
This is good information to know. I have been harassed by a mentally ill person for several years. Section 230 has made it hard to bring justice, but the one good thing I have learned is that anything posted online is traceable. Shedding sunlight on the perpetrator is an option; sometimes public shaming is the only form of justice.
John – thanks again for this including me in this.
Hurin – I have to strongly disagree with your assessment of GamerGate. Death threats are no laughing matter, particularly when in the case of Anita Sarkesian there was the threat of a Montreal style massacre (referring to the 1989 massacre at École Polytechnique where a gunman shot and killed 14 women because, he claimed, feminism had ruined his life). Consumers vote with their pocketbook and not their trigger finger.
Terrykj – we can’t provide legal advice. You may want to consult with an attorney since what you are proposing is not without risk.
Welcome to the goldfish bowl.
There was a time when anything you did in private was private. If someone wanted to ask you about your private information you could decide whether or not you wanted to answer the questions. Amusingly enough, you even had a Constitutional right not to answer if you didn’t want to.
Now we are reaching the point where you can never be sure of any privacy. How many surveillance cameras have you walked past today? Have you communicated with anyone via email or your phone? Maybe a bit more searching would discover you in the background of a tourist’s picture?
Not so long ago your personal business was your own, and there had to be some reason for someone to intrude into it. A disagreement with a business partner? Reasonable suspicion of involvement in a crime? Without some kind of reason for an intrusion, you could believe in your privacy.
Not anymore. Don’t you feel like a goldfish yet?