Whether they know it or not, thousands of male college athletes have been caught on videotape, often while showering or urinating and almost always naked, in their locker rooms at universities across the country. What's worse, the secretly made tapes have been mass-produced and are still being sold and distributed on Web sites.
On April 4, a Chicago Tribune article broke the story about the so-called "hidden camera" tapes -- and soon after, two lawyers quoted in the story, Louis Goldstein and Dennis Berkson, were flooded with calls by shocked students. In July, Goldstein and Berkson filed a civil case against the makers and distributors of the tapes on behalf of 28 of the young men.
"You can't get a more heinous violation without physically doing something to somebody," says Berkson. "Our clients have been surreptitiously videotaped while nude, in places and situations where you would think you would have absolute privacy."
"You work out with an athletic team and you don't really think about
somebody having an undercover camera in your shower," says "John Doe," a plaintiff who spoke on the condition of anonymity. "People found out about it at our school, so they were pulling up the pages and taking a look. What the
hell can we do?... We can't take the images away."
Berkson is confident that both the tape makers and the distributors will be found guilty -- Berkson filed the suit in Illinois, one of a few states with a law against secret videotaping.
"It goes without saying that we believe our clients were absolutely greatly harmed," Berkson states. "There is no legal basis for the distribution of these tapes. There is no question that our clients' likenesses were used without
their knowledge or authorization."
But the real pretrial controversy -- the aspect of this case that has made it compelling to legal scholars, techies and media and privacy advocacy groups like the Electronic Privacy Information Center (EPIC) -- revolves
around the part that is not likely to hold up in court: the complaint against the Internet service providers (ISPs) for hosting Web sites with images and advertisements which "explicitly state and promote the fact that the subject videotapes were taken with hidden cameras."
ISPs enjoy wide legal protection against being held liable for content published on the Web sites that they host -- even content as outrageous as surreptitiously made videotapes of unwitting college students. But the nude athlete taping incident, while extreme, is hardly the only example of how personal privacy is being endangered by the Internet. As it turns out, there is very little privacy protection of any kind mandated by law with regard to the Internet. Maybe nude pictures of you aren't on the Web, but plenty of other information about you could well be, and right now, the government is doing precious little to protect you.
ISPs are protected from liability under section 230(c) of the 1996 Communications Decency Act (CDA), a provision whose strength was demonstrated in a 1997 defamation case brought by Sidney Blumenthal and his wife against the infamous online gossip columnist Matt Drudge and the ISP America Online.
An Aug. 10, 1997, version of the Drudge Report cited anonymous
sources and uninspected court records in making the claim that Blumenthal, a high-ranking assistant to President Clinton, was a wife-beater. At the time,
Drudge had a licensing agreement with AOL that made his report available to all AOL subscribers. In exchange, AOL paid Drudge $3,000 a month. AOL did not make any effort to see if Drudge's claims were true.
Approximately 48 hours following the posting of the accusations against Blumenthal, and after he received a letter from Blumenthal's counsel, Drudge wrote a retraction which he, in turn, passed on to AOL for publication.
Under the terms of their licensing agreement, AOL had the right to remove anything from the report that violated its standards. So the plaintiffs (in the Blumenthal vs. Drudge case) argued that AOL was just as responsible for
allowing the Drudge Report to be published as the Washington Post would have been if it had published Drudge's defamatory remarks against Blumenthal without attempting to verify or edit them. Similarly, the complaint against the ISPs involved in the Chicago case [who include PSI Net, Tiac.net, and GTE Internet Working] is that they should not have allowed the publication of information about tapes that appeared to have been made without the participants' consent.
U.S. District Judge Paul Friedman knocked down the complaint against AOL. Referring to CDA section 230(c), Friedman excused AOL, an ISP, from liability for material posted by content provider Drudge.
Paradoxically however, he did not think the ISP was blameless. "AOL is not a passive conduit like the telephone company, a common carrier with no control and therefore no responsibility for what is said over the telephone wires," Friedman wrote in his opinion. "Because it has the right to exercise
editorial control over those with whom it contracts and whose words it disseminates, it would seem only fair to hold AOL to the liability standards applied to a publisher or, at least, like a book store owner or library, to the liability standards applied to a distributor."
Nevertheless, he continued, because of 230(c), AOL could not be found
guilty. He went on to say that Congress had given ISPs great immunity, excusing them almost entirely from responsibility though they play an "active, even aggressive role in making available content prepared by others."
As Andrew Shen, a policy analyst for EPIC, points out, "Congress' rationale for this section of the CDA was that since information is spread so quickly over the Internet, it would be unfair to regulate the online content [to]
the same [extent] as offline content."
Perhaps a different analogy than that of the newspaper would have worked better for the prosecuting attorneys in the Blumenthal case, or might work better for Berkson and Goldstein. For instance, doesn't an ISP more closely resemble a cable channel than a newspaper? Wouldn't a cable channel be held responsible if it did what AOL did? To take it one step further, wouldn't a cable channel also be responsible if it showed secretly made videotapes?
Certainly, says Shen. "A cable channel would be liable if it aired tapes over television like those taken in Chicago," he notes. But, again, Congress has given ISPs very strong immunity. "The protection they receive is even stronger than that available for content providers that operate in a
different medium, like cable," Shen points out.
John LoGalbo, associate general counsel for PSI Net, refused to comment on pending legislation, though he did note that "like every other service provider, we have a net abuse [or terms of service] policy which forbids our customers from using their Web sites for any unlawful purpose." As for whether ISPs should be held liable for content hosted on their networks, LoGalbo says that "the CDA cut the balance exactly right. ISPs will never be in a position to monitor the content their customers put on the network, and our customers
would be outraged if we tried to do that. People expect that their ISPs
are not going to be looking over their shoulders."
"The First Amendment to the Constitution protects public communications over the Internet," says LoGalbo. "Congress determined that lawsuits against ISPs would threaten to chill free speech over the Internet ... Before the law, every step that an ISP took to block content created the risk that the courts would view them as publishers. And publishers in the traditional sense are legally responsible for the authors' content."
But what is the "traditional sense" when applied to the Internet?
The real problem, of course, is that the Internet is a brand new beast and no analogy plundered from other media fits it perfectly, much to the dismay of lawmakers and others. For one thing, most Internet service providers are responsible for much more information -- inestimable amounts -- than a cable channel, which has a finite programming schedule. Says Jonathan Zittrain, Executive Director of the Berkman Center for Internet & Society at Harvard Law School, "I truly am a lover of analogies but this actually may be a case that really is sui generis -- in its own category."
Analogies aside, could it be that the sheer number of people involved in the Chicago case might encourage Congress -- in some future attempt to redraw privacy legislation -- to reconsider its laissez-faire attitude towards ISPs?
"We believe that there are over 1,000 wrestlers that we can identify who are on the tapes," says Berkson, referring to eight tapes that he and Goldstein are in possession of. Since it's highly likely that more than the eight
tapes they have were made, Berkson and Goldstein think it's possible that many thousands of young athletes have been captured by hidden cameras and are being seen by audiences worldwide. "Given the number of people that we
have identified and the number of people out there that we haven't
identified, we'll move to have this certified as a class action," Berkson continues.
Even if unmoved by the potential number of plaintiffs, Congress might find their testimonies harder to ignore. "How legal can it be to put naked images of people on the Internet without their permission?" John Doe asks. "If [a Congressperson's] son or daughter was put up naked on the Internet for the whole world to see, [the Congressperson] would want something done about it."
But what if the issue at hand wasn't nude pictures -- what about something relatively more mundane, such as consumer preference information, or your personal musical tastes? Regardless of the outcome of the Chicago case, EPIC believes Americans' privacy will continue to be threatened at many levels. "It is not that the Internet is at fault as a new medium for the invasion of privacy," Shen claims. Rather, he says, the emergence of the Internet has simply brought to light the fact that adequate laws for privacy protection are not in place. "If the government and FTC are committed to protecting privacy, they should support passing a comprehensive law that would protect personal data of all sorts -- online or offline -- before [something bad] happens," he says.
Both EPIC and the FTC, and most parties on either side of the privacy issue, seem to agree that one of the most important Internet privacy issues revolves around what Web sites do with personal information they collect -- for instance, the details collected through forms like the one a user must complete to set up a free e-mail account like Hotmail.
But the FTC party line is that a congressional measure to protect online privacy is unnecessary because the industry has greatly improved its methods for informing the public about what they do with the personal information it gathers.
When Victoria Streitfeld, a spokesperson for the FTC, was asked to describe the FTC's attitude, she pointed to a July 13, 1999, statement by FTC Chairman
Robert Pitofsky. "We continue to believe that effective [industry]
self-regulation is the best way to protect consumer privacy on the
Internet," he said.
Nevertheless, a Georgetown study of commercial Web sites -- the very one Pitofsky based his statement on -- reported that only a small percentage of frequently visited Web sites are using information disclosure policies that address the four principles of fair information practice; namely, notice, (notification of a site's privacy policies) choice, (the consumer's right to decide whether or not to reveal personal information) access, (the right to decide who will have to access to information) and security (the assurance that personal information will be kept off bounds from snooping eyes).
EPIC believes self-regulation is inadequate. In asserting that most Internet users likely feel the same, Shen points to 1998 Business Week/Harris poll that found 78 percent of then-current Internet users would use the information highway more often if privacy were guaranteed.
There is also some evidence of disagreement concerning privacy issues within the FTC itself. On July 27, in testimony to the U.S. Senate subcommittee on communications, FTC Commissioner Sheila F. Anthony said "I respectfully disagree with my colleagues in that I believe the time is ripe for Congress to enact federal legislation to protect online consumer privacy, at least to the extent of providing minimum federal standards." She verified her opinion recently, adding, "Consumer interest in privacy matters shows no sign of subsiding but appears to be growing."
But besides dissent among its members, there's another sign that the FTC is having problems coping with the issue of online privacy. On Oct. 12, EPIC filed suit against the FTC under the Freedom of Information Act, asking it to release its records on privacy complaints since the FTC
had not responded to EPIC's numerous written requests for the same.
Streitfeld says the FTC plans to get copies to the EPIC. But the agency first needs to segregate all the complaints it has received into two groups: those that could trigger a law enforcement investigation and those that won't.
After the FTC strips all identifying information from complaints that fall
into the first group, EPIC will receive copies.
Shen says EPIC has received no response at all from the FTC. "We can only assume the worst -- that the FTC has no formal procedure for tracking and dealing with privacy complaints," he says. "In simpler language, the FTC is a black hole for the privacy concerns of consumers."
In other words, not only is there no FTC-mandated privacy protection with respect to the Internet, but the FTC also appears to be having problems managing complaints about potential privacy violations -- thus underscoring how little protection there is for customers in the first place.
Ultimately, the FTC is hamstrung by a basic problem -- implementation of any kind of privacy standards is not as simple as it might sound.
"Technology is changing wildly as are people's expectations and use of it," Zittrain notes, "which makes it a risky time to pour the concrete of law unto something." He points out that there are a number of ways to redress substandard sources of information rather than try to police a powerful, mercurial medium that distributes information of all kinds -- the Internet, that is. "By the time information is on the Net," he says, "you've got an
awfully big hole in the dike to plug."
With the Internet, Andy Warhol's prophecy that everyone will have their 15 minutes of fame has, in some sense, come true -- it doesn't take much computer know-how, money, time or equipment to post whatever you want up on the Web for all the world to potentially see. Does that mean we all face a future in which nude pictures of us are published on the Web? Probably not -- anyone who illegally took such pictures -- as well as the individual Web sites that published them -- is still potentially liable, even if the ISP that hosts the Web site may not be. But a decrease in personal privacy still may be the long-term price we're going to have to pay for the Internet.
"I think privacy is very much endangered in this era -- all sorts of information about ourselves that it would have been too costly to collect and distribute [in the past] is now easily part of the record," says Zittrain. He brings up the example of a supermarket discount card; consumers are trading information about what they buy to save a few bucks.
At the same time, he notes, people have a hard time determining the value of their own privacy in its many manifestations. "There are certain hot button issues -- certainly being naked in a locker room is one of them -- but apart
from those obvious ones, I don't know that people have a consistent
conception," he says. "I am not sure we know what we value in terms of privacy. But it is also what we get used to and the more we get used to living in a world without privacy the more we'll end up embracing it."