PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Future of Reputation

In this post, I’ll be responding to a few more reviews of The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. This is the third installment (for more responses to reviews, see Part I and Part II).

1. Ethan Ackerman at Technology & Marketing Law Blog

Ethan Ackerman, an attorney and former legislative and technology counsel in the US Senate, has reviewed the book as a guest blogger on Professor Eric Goldman’s Technology & Marketing Law Blog. He writes:

It is this aspect of Solove’s book – the deep AND wide thinking about an individual’s interaction with the modern Internet – that moves the book out of the one-point-rigorous-analysis of an academic article and the semi-random anecdotal topicality of a blog post and into the category of critical (in the must-read sense) literature. Where Solove’s previous work tackled the pressing but somewhat solvable problems that arose from individuals losing control of their personal information to government and commercial entities, this book tackles individuals’ loss of access and control of their information at the hands of other individuals – and, increasingly, by their own hand on blogs, social networking and image sharing sites of their own.

One of the things that enticed me to write about the issues in my book was the fact that they are so difficult to solve. In the end, there’s no good solution, just ways to cope. Ethan understands and sympathizes with my struggle, and he writes:

I’d have to agree with what I think Solove’s ultimate aim is here – informing people and getting them to think more about privacy themselves. To put words in Solove’s mouth, if everyone is more informed and thinks about these issues themselves, not only will any ultimate solutions probably be better, but they will also perhaps be moot, as more people will have chosen the non-problematic action in the first place.

The most effective solutions encourage norm change, and that occurs not just through the law but through making people more aware of the consequences of their online speech. Currently, I see both in the law and in the discourse an exaltation of speech over privacy, a strong sentiment that people should be able to say whatever they want with impunity. Shaping these norms to a more even balance between free speech and privacy is key if we are going to make any headway in addressing these problems.

2. Jon Garfunkel at Civilities

Software architect Jon Garfunkel has posted a review of the book at his blog Civilities. He writes:

The book was a delight to read, intensely footnoted and calmly presented. While there is no shortage of rhetoric extolling the virtues of new media, Solove takes that as obvious enough, and presents instead the dark side of cyberspace.

Jon agrees with my criticism of the CDA § 230, which provides immunity for ISPs and blogs for content posted by others, but he notes that I should do more to lay out the contours of an alternative rule:

Clearly [§ 230] is intended to shield disinterested operators. But some websites clearly play a shaping role in the activities that take part on it. After all, if the Supreme Court ruled that Grokster “infringes contributorily by intentionally inducing or encouraging direct infringement,” why is a website innocent if it induces defamation? (as such DontDateHimGirl, sued again, could be construed as inducing.)

It’s possible, too, that a website or blog could be seen as inducing defamation if it supports untraceable anonymity.

This is an interesting proposal — perhaps sites like Juicy Campus (which I recently blogged about) and similar websites that directly solicit gossip and bask in their § 230 immunity should not be immune because they directly solicit and encourage the posting of defamatory or privacy-invasive content.

It would be a very interesting project to try to refashion § 230 by proposing specific statutory language. Can anybody propose a rewritten version of § 230 that strikes a better balance between reputation protection and free speech? I’d love to see some concrete attempts at reworking § 230.

3. Eric Turkewitz at New York Personal Injury Blog

Over at New York Personal Injury Blog, attorney Eric Turkewitz has reviewed the book. Eric writes:

The horror stories of Part 1 are gripping examples of issue identification, from the girl whose dog poops on the subway and the way a story about her rocketed around the Internet, to the lawyer-boyfriend who saw his ex kiss-and-tell on the web, for the whole world to see. Grouped together without the social sciences research that Solove intersperses with it, it would make for a fast and powerful lesson for rookie writers who are thinking of publishing anything on the web.

Turning to Part 2 of my book, Eric writes:

Some of Solove’s ideas on the legal solutions are unworkable though. A prime example comes in the context of allegedly defamatory comments that are left by others. At present, bloggers and website owners have immunity for anything posted by others under section 230 of the Communications Decency Act passed in 1996. (Though if bloggers screen the comments before publishing, it is possible they could be deemed an editor and subject to liability, an issue that Solove misses that I believe is being litigated in a couple of places.)

Solove says this immunity is too strong, and suggests a format where the blogger could contact the owner of the blog or website and ask that the defamatory comment be taken down, and if the request is refused, the site owner could then be sued. Of course, the owner is in no position to have a trial to find out if the allegedly defamatory statements are true or not, and therein lies the problem.

Eric raises a very interesting question about whether bloggers who pre-screen comments before they are posted lose their § 230 immunity. In a recent update to my information privacy law casebook, I pose this very question:

Suppose Cremers has a blog about stolen art. Smith is interested in spreading the rumor about the stolen art on Cremers’ blog. Consider the following situations and examine whether Cremers would have § 230 immunity under the majority’s rule and also under Judge Gould’s.

(a) Cremers’ blog allows anybody to post comments. Smith posts a comment about the rumor on Cremers’ blog. Batzel wants Cremers to delete the comment, but Cremers refuses to do so.

(b) Cremers has a comment moderation system on his blog where he must approve comments before they are published on his blog. Smith posts the stolen art comment and Cremers approves it, whereupon it is published on the blog.

(c) Smith emails Cremers and tells him about the stolen art rumor. Instead of posting the email itself, Cremers writes a blog post about the rumor in his own words and posts it.

(d) Smith calls Cremers and tells him the rumor about the stolen art. Cremers writes a post about the rumor.

Is there any meaningful difference between the above situations and the way that Cremers disseminated Smith’s email to the listserv? As a normative matter, should Cremers’ liability be different in any of the above situations? How should the law determine when a person should be deemed the content provider and when a person should be deemed to merely be relaying the content of another?

In the examples above, (a) is clearly protected by § 230 and (d) is not. But the cases in between are difficult, and it is hard to articulate meaningful distinctions between them. The point of my questions above is to demonstrate that it is sometimes very difficult to determine who exactly is the provider of content on a particular blog or website or listserv.

Eric raises a good point that restricting § 230 immunity will be problematic because bloggers will not want to face a trial in order to defend a comment against defamation charges. They will just take it down, even if it is not defamatory or invasive of privacy. Professor Rebecca Tushnet also raises this problem, and I’ll respond below when I address her review.

Overall, Eric thought the book was “a welcome read.” He also writes: “There are portions of Dan Solove’s new book that should be required reading. Not for lawyers, but for high school and college students.” In particular, he is speaking about Part 1 where I discuss the problems of too much information online.

4. Professor Rebecca Tushnet at 43(B)log

Professor Rebecca Tushnet (Georgetown Law Center) has written a review of my book at 43(B)log. She writes:

The book is about conflicts between privacy, free speech, openness, and control of one’s own information and reputation. Because the internet scales so easily, small pieces of information can get spread to millions of people, with consequences quite different from the ones that ordinarily follow “public” disclosure to, say, ten or twenty people. People pile on, turning even ordinary social sanctions for misbehavior into a virtual pillory, and mockery replaces empathy.

As many reviewers note, the strength of the book is that it acknowledges the paucity of easy answers, but that can also be frustrating.

Indeed — I was frustrated too. I typically have much more potent proposals for legal reform in my work. The lack of a stronger solution is not the product of a failure to try — I really struggled over this. Ultimately, the book is a reflection of my struggle, and I believe that the main contribution of the book is conveying the thoughts that went into my struggle.

Rebecca also finds my critique of § 230 immunity to be troubling:

Solove advocates, tentatively, moving the essentially absolute immunity of ISPs provided by Section 230 against non-IP tort claims to something more like notice-and-takedown under the DMCA. Given how easily notice and takedown can be abused, and how rarely posters challenge notices (which must seem very high-stakes indeed to nonlawyers), I am unenthusiastic about this idea unless the procedure was made very transparent and the penalties for ISPs were pretty limited.

Solove suggests penalties for abusers of a notice regime, but that only helps if you are willing to fight the abuser in court.

Rebecca’s critique of my proposal, which in effect creates a notice-and-takedown regime, stems from her experience with the DMCA’s notice-and-takedown regime for copyright violations. The DMCA regime is indeed fraught with problems, as zealous copyright owners are making overbroad takedown requests for material that is fair use. YouTube, for example, quickly takes down any videos upon receiving a takedown request, even when there is a good argument for fair use. And for the blogger, it is difficult not to be shaking in one’s boots when receiving a nasty take-down letter from an angry corporate lawyer threatening the apocalypse if one doesn’t comply. Facing such a Leviathon, with the muscular copyright law in its corner and armed with the threat of huge statutory damages, the wisest course of action is to back down and take down. I would like to see very punishing penalties for abusing the notice-and-takedown.

Turning back to defamation and invasions of privacy, I recommend in the book that liability be limited, and I suggest that perhaps there be a system of required mediation/arbitration before any lawsuit can proceed to trial. However, these limits and requirements might still not be enough protection against undue chilling of speech. It is always easier just to give in to the demand to take something down than to fight it in court. But this will always be a risk whenever there’s a system of liability for things one might say.

If there is too strong an incentive to take down speech without § 230, isn’t the takedown incentive too strong for a blogger’s own blog posts, which would not be protected under § 230? I haven’t heard many argue that there should be no defamation or public disclosure tort protections. But if we truly want free speech uninhibited by any chilling effect of potential litigation, then why not provide complete immunity for the things we say ourselves as well as for the content others supply? Why not expand § 230 to apply to all speech, whether online or offline, whether one is the speaker or not?

Section 230 is thus only part of the debate, but the issues go deeper, and the arguments for and against § 230 can apply far beyond the § 230 context.

5. Michael Stern at The American Lawyer

Lastly, although it is not a blog review, I can’t resist discussing Michael Stern’s review in the December 2007 issue of The American Lawyer magazine. Michael is a former journalist and English professor who currently heads Cooley Godward Kronish’s technology transactions group. He writes:

Solove, both a distinguished privacy law expert and a popular, prolific blogger, wants to be the Brandeis and Warren of the new millennium. Today’s pundits either exult that digital information needs to be free or despair that privacy is dead (“You already have zero privacy. Get over it,” as Scott McNealy, the former CEO of Sun Microsystems, famously put it). Solove wants to find a new middle ground, where the law can help foster new norms of personal and institutional behavior in the Internet era. The Future of Reputation is his version of Brandeis and Warren’s fashioning of a jurisprudence of last resort, remedies that can be invoked when decency fails.

Don’t be too discouraged by that hint of heavy lifting to come. Solove is an entertaining as well as a thoughtful writer. Much of Future is devoted to a detailed and often-amusing romp through the many disclosure debacles and privacy pratfalls of the digerati to date. Solove is a good storyteller, and he’s got doozies.

Toward the end of this review, Michael does a nice job musing over my proposals for legal reform:

Solove’s description of the problem is much more powerful than his prescription for addressing it. His modest proposals seem too little, too late in a world where the careless Facebook or MySpace posting of one’s adolescence can be Googled by prospective employers and colleagues forever, and you’re never out of range of some device’s unsleeping digital eye. . . .

But who knows? In 1890 the estimable E.L. Godkin had given up. “In truth,” he wrote in his Nation article, “there is only one remedy for the violation of the right to privacy within the reach of the American public. . . . It is to be found in attaching social discredit to invasions of it on the part of conductors of the press. . . . At present, this check can hardly be said to exist.” And then along came Warren and Brandeis, and a century of legal fees and damage awards in libel, slander, and invasion of privacy cases, which helped forge that very balance between the freedom of the old media press and the right to be left alone that the new media is now eroding. . . .

If we start the common law equivalent of toilet training now, who knows how far a responsible yet vigorous blogosphere could evolve?

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01