The Nightmare Du Jour: Clearview AI Brings 1984 to 2020

Professor FrancoBy Alexandra M. Franco, Esq.

Have you ever had a picture of your face as your profile picture on a social media website? If the answer is yes, then it is very likely that a company called Clearview AI has it. Have you ever heard of Clearview AI? You probably haven’t—that is, unless you watched this alarming John Oliver segment or read this spine-chilling report from Kashimir Hill in The New York Times which gives any Stephen King novel a run for its money. If you are amongst the majority of people in the U.S. who has not heard of Clearview, it’s about time you did.

Clearview is in the business of facial recognition technology; it works primarily by searching the internet for images of people’s faces posted on social media websites such as Facebook and YouTube and uploading them to its database. Once Clearview a finds a picture of your face, the company takes the measurements of your facial geometry—a form of biometric data. Biometric data are types of measurements and scans of certain biological features which are unique to each person on earth for example, a person’s fingerprint. Thus, much like a fingerprint, a scan of your facial geometry enables anyone who has it to figure out your identity from a picture alone.

But Clearview doesn’t stop there. Once it has created a scan of your facial geometry, its algorithm keeps looking through the internet and matches the scan to any other pictures of you it finds—whether you’re aware of their existence or not and even if you have deleted them. It does this without your knowledge or consent. It does this without regard to social media sites’ terms of use, some of which explicitly prohibit the collection of people’s images.

So far, Clearview has done this process with over three billion (yes, billion with a b) images of people’s faces from the internet.

Indeed, what makes Clearview’s facial recognition service so powerful is, in part, their indiscriminate, careless and unethical collection of people’s photos en masse from the internet. So far, the majority of companies in the business of facial recognition have limited the sources from which they collect people’s images to, for example, mugshots. To truly understand how serious a threat to people’s privacy Clearview’s business model is, think about this: even Google—a company that can hardly be described as a guardian of people’s privacy rights—has refused to develop this type of technology as it can be used “in a very bad way.”

There is another thing that places Clearview miles ahead of other facial recognition services: its incredible efficiency in recognizing people’s faces from many types of photos—even if they are blurry or taken from a bad angle. You might be tempted to think: “But wait! we’re wearing masks now, surely they can’t identify our faces if we’re wearing masks.” Well, the invasiveness of Clearview’s insanely powerful algorithm surpasses even that of COVID-19; it can recognize a face even if it is partially covered. Masks can’t protect you from this one.

And Clearview has unleashed this monstrous threat to people’s privacy largely hidden behind the seemingly endless parade of nightmares the year 2020 has unleashed upon us.

2020 has not only been the COVID-19 year.  It has also been the year in which millions of people across the U.S. have taken to the streets to protest the police’s systematic racism, abuse and violence towards African Americans and other minorities. Have you been to one of those protests lately? In the smartphone era, protests are events in which hundreds of people are taking myriad pictures with their smartphones and uploading them to social media sites in the blink of an eye. If you have been to a protest, chances are someone has taken your picture and uploaded it to the internet. If so, it is very likely that Clearview has uploaded it to their system.

And to whom does Clearview sell access to its services?  To law enforcement!

Are you one of those Americans who have exercised their constitutional right to freedom of speech, expression and assembly during this year’s protests? Are you concerned about your personal safety during a protest in light of reports such as this one showing police brutality and retaliatory actions against demonstrators? Well, you may want to know that Clearview thought it was a great marketing idea to give away free trials of its facial recognition service to individual police officers—yes, not just to the police departments, to individual officers. So, in addition to riot gear, tear gas and batons, Clearview has given individual police officers access to a tool that allows them, at will and for any reason, to “instantaneously identify everyone at a protest or political rally.”

Does the Stasi-style federal “police” force taking demonstrators into unmarked vehicles have access to Clearview’s service? Who knows.

Also, as I’ve mentioned in the past, facial recognition technologies are particularly bad when it comes to identifying minorities such as African Americans. Is Clearview’s algorithm sufficiently accurate so that it doesn’t arrest or even shoot a law-abiding Black citizen because his face is mistaken for someone else’s? Again, who knows.

In its website, Clearview states that its mission is to enable law enforcement “to catch the most dangerous criminals… And make communities safer, especially the most vulnerable among us.” In light of images such as the one in this article and this one, such statement is slap in the face of the reality that vulnerable, marginalized communities have to endure every single day of their lives.

I would like to tell you that there is a clear, efficient way to stop Clearview, but the road ahead will inevitably be tortuous. So far, the American Civil Liberties Union has filed a lawsuit in Illinois State Court under the Illinois Biometric Privacy Act, seeking to enjoin Clearview from continuing their collection of people’s pictures. However, even though BIPA is the most stringent biometric privacy law in the U.S., it is still a state law subject to limitations. As a Stanford Law Professor put it, “absent a very strong federal privacy law, we’re all screwed,” and there isn’t one. And we all know that in light of the Chernobylesque meltdown our federal system of government is experiencing, there won’t be one anytime soon.

If there is anything that COVID-19 has taught us—or at least, reminded us of—is that some of the most significant threats to life and safety are largely invisible. Some take the form of deadly pathogens capable of killing millions of people. Others take the form of powerful algorithms that, in the words of a Clearview investor, could further lead us down the path towards “a dystopian future or something.” And, speaking of a dystopian future, in his—very, very often referenced—novel 1984, George Orwell wrote: “if you want a picture of the future, imagine a boot stomping on a human face—for ever.”

Clearview probably has that one, too.


Alexandra M. Franco is a Visiting Assistant Professor at IIT Chicago-Kent College of Law and an Affiliated Scholar with IIT Chicago-Kent’s Institute for Science, Law and Technology.

 

Autism Spectrum Disorders in Children Conceived with Donor Sperm: How Should the Law Respond?

Laurie Rosenow

In 2017 an Illinois mother of two children diagnosed with Autism Spectrum Disorder  (ASD) filed a complaint against a sperm bank alleging that the sperm donor used to conceive both of the children was not the man he claimed to be.[i]  Not only did Danielle Rizzo learn that donor H898 lied about his education, but he had failed to disclose a history of learning disabilities and other developmental issues.[ii]  Ms. Rizzo later discovered that she was not alone.  To date at least a dozen other children conceived with donor H898’s sperm have been diagnosed with Autism Spectrum Disorder.[iii]

In 2010 Ms. Rizzo purchased donor H898’s sperm from Idant Laboratories, who listed the donor as a 6’1 blonde-haired, blue-eyed college graduate with a master’s degree that had passed all of the lab’s health screenings.[iv]  The only thing that turned out to be true was his appearance.  Based on conversations with other women who had used donor H898 to conceive their children, some of whom had even met him, Rizzo learned that the donor had neither an undergraduate nor graduate degree as advertised and was diagnosed with ADHD, did not speak until age 3, and attended a special school for children with learning and emotional disabilities.[v]

When Rizzo’s children were 3 and 4 years old, she contacted geneticist and autism researcher Stephen Scherer, Director, Centre for Applied Genomics at The Hospital for Sick Children in Toronto and connected him with other families who had affected children from donor H898.  This group, known as an autism “cluster” offer a rare opportunity for scientist to study what causes and how to treat the disease.  Dr. Scherer cautioned that while his research to date is still preliminary, his hypothesis is that something in the donor’s DNA caused the children to develop ASD.[vi]

The word “autism” is derived from the Greek root for “self” and describes a wide range of interpersonal behaviors that include impaired communication and social interaction, repetitive behaviors, and limited interests.  These can be associated with psychiatric, neurological, physical, as well as intellectual disabilities that range from mild to severe.[vii]

Such a person may often appear removed from social interaction becoming an “isolated self.”[viii]  The Diagnostic and Statistical Manual of Mental Disorders (DSM-5) uses a broad definition of “autism spectrum disorder” that includes what were once distinct diagnostic disorders such as autistic disorder and Asperger syndrome.[ix]  ASD affects four times more males than females and symptoms usually manifest by the age of three.[x]\

The March of Dimes estimates that 6% of children born worldwide each year will have a serious birth defect that has a genetic basis.[xi]  The occurrence of ASD varies but is thought to be as high as 1% of the population.[xii]  Unlike diseases such as Cystic Fibrosis or Tay Sachs Disease for which carrier testing exists, the genetics of ASD is not yet well understood.  Geneticists such as Dr. Scherer suspect as many as 100 different genes may be associated with ASD.  Over 100 genetic disorders can exhibit features of ASD such as Rett Syndrome and Fragile X Syndrome, further complicating the diagnosis and understanding of ASD.  Dr. Scherer estimates that a subset of “high- impact” genes are involved in 5-20% of all ASD Diagnosis.[xiii]  Danielle Rizzo’s children were found by Dr. Scherer to carry two mutations associated with ASD.[xiv]

Despite the fact that genetic screening is available for many diseases, the United States does not require any genetic screening for gamete donors.  Under federal law, sperm banks in the United States are regulated by the Food and Drug Administration which requires donors of reproductive cells or tissue to undergo testing for certain enumerated communicable diseases such as HIV, Hepatitis B and C, chlamydia, and gonorrhea.[xv]  “Sexually intimate partners,” however, are exempted from such screening.[xvi]  The FDA also requires that an establishment that conducts donor screening must also review the donor’s medical records and social behavior for increased risk for communicable disease and conduct a physical exam of the donor.[xvii]  Retesting of donors is required after six months for any subsequent donations.[xviii]

Sperm banks in the U.S. are also not required to limit the number of semen samples sold or to keep track of live births resulting from their donors.  And no law prohibits a man from donating to as many sperm banks as he likes.  For example, a donor in Michigan who donated his semen twice a week between 1980 and 1994 had fathered at least 400 children by 2010.[xix]  A mother of a donor child was able to trace at least 150 half-siblings to her son using web-based registries.[xx]  Danielle Rizzo discovered that her donor, H898, was still being sold by at least four sperm banks, despite receiving calls and letters warning them of her experience.[xxi]  With the popularity of DNA home testing kits such as 23andMe and Ancestry.com as well as voluntary donor registries such as Donor Sibling Registry, even more children from donors like H898 are likely to be discovered.

In addition to the FDA rules mandating screening for communicable disease, the American Society for Reproductive Medicine (“ASRM”) advises sperm banks only include donors who are between the ages of 18-40 and provide a psychological evaluation and counseling to prospective donors performed by a mental health professional. [xxii]   The industry group recommends genetic testing for cystic fibrosis of all donors and other genetic testing that is indicated by the donor’s ethnic background.  The group does not recommend a chromosomal analysis of all donors.

The American College of Obstetricians and Gynecologists (“ACOG”) as well as ASRM recommend limiting the number of children born to a single gamete donor. [xxiii]  While populations will vary, to limit the possibility of consanguinity, AGOG recommends a maximum of 25 children born from a single donor per population of 800,000.[xxiv]  The challenge in setting limits on the number of children born to a sperm donor lies in obtaining the information and keeping updated records.  Many women purchase sperm from banks across the country and even the globe with no legal incentive to inform a sperm bank of any resulting children or their health status.  Sperm banks are also unlikely to share information with donors regarding the number of their semen vials sold let alone any children that result.

Despite the lack of a federal mandate, most sperm banks voluntarily screen for genetic defects.[xxv]  However, like ASD, many diseases that are thought to have a hereditary component cannot be tested for and clinicians and patients are forced to rely on the donor to give truthful and accurate medical and family histories as well as the banks to accurately document such information.

Like Danielle Rizzo, another mother of two children diagnosed with ASD conceived with donor H898’s sperm filed a lawsuit against Idant Labs including claims for fraud, negligent misrepresentation, strict products liability, false advertising, deceptive business practices, battery, and negligence.[xxvi]  Danielle Rizzo settled her claims against Idant’s parent company Daxor Co. in 2017 for $250,000 though she alleges it is a fraction of the estimated $7 million in care that will be needed for both of her children.[xxvii]

Similar lawsuits were filed against Xytex, a sperm bank based in Atlanta, Georgia, regarding sperm it sold from Donor #9623 named Chris Aggeles who was advertised as having a genius level IQ of 160 pursing a PhD in neuroscience engineering.[xxviii]   In fact, the donor at the time was a high school drop out with a history of mental disorders including schizophrenia, bipolar disorder, and narcissistic personality disorder and a criminal record.[xxix]  He had been a donor at Xytex for fourteen years. The plaintiffs claimed the company did not verify any of the information the donor had given them but Xytex claims it discloses to prospective clients that any representations by the donor were his alone.[xxx]  Recently nine families with 13 children conceived with sperm from Aggeles settled their claims for wrongful birth, failure to investigate, and fraud.[xxxi]

Despite monetary damages awarded in settlement of these lawsuits, a case filed in the Third Circuit against Idant was dismissed because the court found the argument of liability based on quality of sperm to be indistinguishable from New York’s prohibition against wrongful life claims.[xxxii]  “The difficulty B.D. now faces and will face are surely tragic, but New York law, which controls here, states that she ‘like any other [child], does not have a protected right to be born free of genetic defects.’”  Idant in this case had sold the sperm of Donor G738 to a mother in Pennsylvania whose daughter was diagnosed as a Fragile X carrier.

Both mothers of the children diagnosed with ASD from donor H898’s sperm left professional careers to care for their children and alleged severe financial losses as a result.[xxxiii]  Donor H898, however, was not a party to the suits nor were any other establishments selling vials of his semen and therefore not bound to any settlement agreements reached which might restrict future donations.  Since lawsuits only offer the possibility of damages and other relief after an injury has occurred and some jurisdictions, like New York, will not even consider claims related to defective sperm, policies that focus on avoiding harm prior to insemination should be considered.

Because screening is not available for many diseases that likely have a strong genetic component, the family and medical history of donors becomes critical as a secondary method of screening.  Sperm banks could require signed, sworn affidavits from donors attesting to the truthfulness and accuracy of the information they provide to encourage more accurate reporting by donors.  Many banks claim they run criminal background checks on donors but they could also verify claims of employment and education with a simple phone call.  Laws mandating a cap on the number of vials an individual may donate make sense in light of the vast numbers of children possibly being conceived from popular donors.  It may also be time for sperm banks in the U.S. to follow the example of the UK which allows children conceived from donor gametes to obtain medical information from donors at age 16 and the full name, date of birth, and address of their donors at age 18.[xxxiv]  In the age of DNA testing, social media, and cyber stalking, anonymity may be unrealistic.  If sperm banks do not tighten their internal policies for screening donors, more avoidable tragedies are likely to occur.

Laurie Rosenow in an attorney and former Senior Fellow at the Institute for Science, Law & Technology.

 

[i] Rizzo v. Idant Labs, Case No. 17-cv-00998, N.D. Ill. Jan 31, 2017.

[ii] IdSee also, Arianna Eunjung Cha, “The Children of Donor H898,” Wash. Post, Sept. 14, 2019.

[iii] IdSee also, Doe v. Idant Labs, complaint filed NY State Supreme Court, Civil Branch, June 2016.

[iv] Cha, “The Children of Donor H898.”

[v] Id.

[vi] Id.  Dr. Scherer also noted, however, that the donor could have other biological children who are not affected.

[vii] Yuen, R.K.C. et al, “Whole Genome Sequencing Resource Identifies 18 New Candidate Genes for Autism Spectrum Disorder,”  20 Nat. Neurosci., 602-611 (2017).

[viii] “What Does the Word ‘Autism’ Mean? WebMD, available at https://www.webmd.com/brain/autism/what-does-autism-mean#1.

[ix] Autism Spectrum Disorder, Diagnostic Criteria, Centers for Disease Control, available at https://www.cdc.gov/ncbddd/autism/hcp-dsm.html.

[x] Yuen et al, “Whole Genome Sequencing Resource Identifies 18 New Candidate Genes for Autism Spectrum Disorder.”  For examples of common behaviors found in children with ASD, see National Institute of Mental Health. Autism Spectrum Disorder Overview, available at https://www.nimh.nih.gov/health/topics/autism-spectrum-disorders-asd/index.shtml.

[xi] March of Dimes Global Report on Birth Defects 2006, available at https://www.marchofdimes.org/global-report-on-birth-defects-the-hidden-toll-of-dying-and-disabled-children-full-report.pdf

[xii] Anney, Richard et al, “A Genome-wide Scan for Common Alleles Affecting Risk for Autism,” Hum. Mol. Gen. Vol. 19, No. 20, p. 4072-4082 (2010).

[xiii] Cha, “The Children of Donor H898.”

[xiv] The genetic mutations found in her sons were MBD1 and SHANK1, Cha, “The Children of Donor H898,” Washington Post, Sept. 14, 2019.

[xv] 21 C.F.R. Sec. 1271.75.

[xvi] 21 C.F.R. Sec. 1271.90.

[xvii] 21 C.F.R. Sec. 1271.50 (2006).  See also, https://www.fda.gov/vaccines-blood-biologics/safety-availability-biologics/what-you-should-know-reproductive-tissue-donationDonor screening consists of reviewing the donor’s relevant medical records for risk factors for, and clinical evidence of, relevant communicable disease agents and diseases.  These records include a current donor medical history interview to determine medical history and relevant social behavior, a current physical examination, and treatments related to medical conditions that may suggest the donor is at increased risk for a relevant communicable disease.

[xviii] 21 C.F.R. Sec. 1271.85 (d).

[xix] Newsweek Staff, “Genetic Lessons from a Prolific Sperm Donor,” Newsweek, Dec. 15, 2009, also available at https://www.newsweek.com/genetic-lessons-prolific-sperm-donor-75467See also, Hayes, Daniel, “9 Sperm Donors Whose Kids could Populate a Small Town,” Thought Catalog, Jan. 13, 2016, available at https://thoughtcatalog.com/daniel-hayes/2016/01/9-sperm-donors-whose-kids-could-populate-a-small-town/.

[xx] Meraz, Jacqueline, “One Sperm Donor; 150 Offspring,” New York Times, Sept. 5, 2011, also available at https://www.nytimes.com/2011/09/06/health/06donor.html.

[xxi] Cha, “The Children of Donor H898.”

[xxii] “Recommendations for Gamete and Embryo Donation,” 99 Fertility and Sterility 1, p.47-62,  Jan. 2013,  available at, https://www.fertstert.org/article/S0015-0282(12)02256-X/fulltext#sec1See also, https://www.reproductivefacts.org/news-and-publications/patient-fact-sheets-and-booklets/documents/fact-sheets-and-info-booklets/third-party-reproduction-sperm-egg-and-embryo-donation-and-surrogacy/

[xxiii] ACOG Committee Opinion: Genetic Screening of Gamete Donors, Int’l Jour. Gyn & Obst. 60 (1998) 190-192, available at https://obgyn.onlinelibrary.wiley.com/doi/abs/10.1016/S0020-7292%2897%2990229-0

[xxiv] Id.

[xxv] See, e.g. California Cryobank, one the of the largest sperm banks in the United States: https://www.cryobank.com/services/genetic-counseling/donor-screening/

[xxvi] Doe v. Idant Labs, complaint filed N.Y. State Supreme Ct., June 2016, available at https://www.donorsiblingregistry.com/sites/default/files/Rizzo%20complaint.pdf.

[xxvii] Cha, Ariana Eunjung, “Danielle Rizzo’s Donor-conceived Sons Both Have Autism.  Should Someone be Held Responsible?” Wash. Post, Oct. 3, 2019, available at https://www.washingtonpost.com/health/2019/10/03/danielle-rizzos-sons-donor-conceived-sons-both-have-autism-should-someone-be-held-responsible/

[xxviii] Johnson, Joe, “UGA Employee at Center of Sperm Bank Fraud,” Athens Banner-Herald, Sept. 3, 2016.

[xxix] IdSee also, Van Dusen, Christine, “A Georgia Sperm Bank, a Troubled Donor, and the Secretive Business of Babymaking,” Atlanta Magazine (March 2018), also available at https://www.atlantamagazine.com/great-reads/georgia-sperm-bank-troubled-donor-secretive-business-babymaking/ (Feb. 13, 2018).

[xxx] Djoulakian, Hasmik, “The “Outing” of Sperm Donor 9623,” Biopolitical Times, June 30, 2016, available at https://www.geneticsandsociety.org/biopolitical-times/outing-sperm-donor-9623See also, Johnson, Joe, “UGA Employee at Center of Sperm Bank Fraud,” Athens Banner-Herald, Sept. 3, 2016.

[xxxi] Hersh & Hersh law firm, “Major Settlement of Sperm Bank/Deceptive Business Practice Case,” available at https://hershlaw.com/success-2/See also, Khandaker, Tamara, “Lawsuit Alleges Sperm Bank’s Genius Donor Was Actually a Schizophrenic Ex-Con,” Vice News, Apr. 15 2016, available at https://www.vice.com/en_us/article/neykmx/lawsuit-alleges-sperm-banks-genius-donor-was-actually-a-schizophrenic-ex-con

[xxxii] D.D. v. Idant Labs, (3rd Cir. 2010).

[xxxiii] Doe v. Idant Labs, Complaint; Cha, “The Children of Donor H898.”  See also, Cha, Danielle Rizzo’s Donor-conceived Sons Both Have Autism.”

[xxxiv] Human Fertilitisation and Embryology Authority, “Rules Around Releasing Donor Information,” available at https://www.hfea.gov.uk/donation/donors/rules-around-releasing-donor-information/.

Can the Law Eradicate Deep Fakes?

By Andrew White

As a wave of new technology surges forward, law tries to keep up with the surge’s negative ripple effects.  But is the law up to the task of regulating deep fakes? Recent advances in artificial intelligence have made it possible to create from whole-cloth videos and audio which make it appear that subjects in the video have done or said things they really have not.  These puppet-like videos are called deep fakes.

Deep fakes are most commonly created with GAN artificial intelligence algorithms, which function by bouncing existing images of the intended target back and forth until a life-like video puppet is created, or they succeed in overlaying an individual’s face onto an existing video.   These videos may be used to further political agendas.

For example, this video, created by a French AIDS charity, falsely depicts President Trump declaring an end to the AIDS crisis.  While not technically deep fakes, other types of political altered media have been met with viral success on social media. This manipulated video, which seemingly represents the Speaker of the House as drunk and incoherent on the job, quickly circulated Facebook and Twitter, even caught a retweet from Rudy Giuliani.  Finally, deep fake videos have also been used to create revenge-porn by scorned ex-partners.

Danielle Citron, a Professor of Law at Boston University, suggested in her testimony before the House Permanent Select Committee on Intelligence that a combination of legal, technological, and societal efforts is the best solution to the misuse of deep fakes:

“[w]e need the law, tech companies, and a heavy dose of societal resilience to make our way through these challenges.”

Google is working to improve their technology to detect deep fakes.  Facebook, Microsoft, the Partnership on AI, and Amazon have teamed up to create the Deep fake Detection Challenge. Twitter is actively collecting survey responses to gauge how users of its platform would like to see deep fakes handled, whether through outright removal of deep fake videos, labelling deep fake videos, or alerting when users are about to share a deep fake video.  There also have been efforts in the technology world to curb the influence of altered media and deep fake videos on the user-side. Users may inquire into the media which they see on their own.

Three mechanisms of technological block chain regulation. By Andrew White 2019.

For example, this algorithm tracks subtle head movements to detect whether a video is real or fake. The Department of Defense has created another algorithm which tracks eye blinking of subjects in videos to compare with bona fide videos.  Deep fakes are becoming so well-crafted, though, that there may come a time where they cannot be reliably detected.  Other methods have been developing alongside advances in artificial intelligence, such as the use of blockchain verification to establish the provenance of videos and audio before they are posted.

From a legal perspective, legislatures have begun to realize the impact which deep fakes have on American’s political and sexual autonomy. The federal government is working on legislation to require the Department of Homeland Security to research the status and effects of deep fakes.  Legislation restricting the distribution of deep fakes has already been passed in various states, but as the statutes demonstrate, it may be more difficult than anticipated to truly impact the influx of deep fakes.

Texas, in enacting S.B. no. 751, targets deep fakes whose creators’ intent is to influence the outcome of an election.  This broad statute criminalizes the creation or distribution of a deep fake video with the intent to influence an election or injure a candidate within 30 days of the election. Interestingly, the Texas legislature specified that a “deep fake video [is a] video created with artificial intelligence [depicting] a real person performing an action that did not occur in reality.” This area of law is rapidly evolving, and where the contours of this law lie have not been clearly established. For example, it is not clear whether the altered video of Nancy Pelosi would be included in this bill.  In the Pelosi video, the video was slowed down, and the pitch of the speech was raised to make it appear that the slowed voice was actually Nancy Pelosi. These material alterations weren’t created with artificial intelligence. In addition, Pelosi did actually speak the words and in the same order as the altered video. Would this fall under the statute’s proscription of videos where the subject is “performing an action that did not occur in reality”?

A recent Virginia statute targets a different category of deep fakes: revenge porn. S.B. no. 1736 adds the phrase “including a falsely created videographic or still image” to the existing revenge porn statute. This broader language seems to include those pornographic likenesses that are created by GAN (generative adversarial networks) or other algorithms.  Would this bill protect a video which contains a likeness created to look like a victim, but due to a minor difference (such as a missing or added tattoo) makes the likeness different enough to fall outside the protection of the statute?

A similar cause of action was added to California law by A.B. no. 602, which was signed into law by Governor Newsom in October, 2019. This statute adds a private right of action to the existing revenge porn statute for victims who have been face- or body-swapped into a recording of a sexual act which is published without their consent.

California also passed AB 730 alongside the revenge porn amendment.  This law disallows the distribution of any “deceptive audio or visual media … with the intent to injure the candidate’s reputation or to deceive a voter” within 60 days of an election.  The law defines “materially deceptive audio or visual media” as that which “would falsely appear to a reasonable person to be authentic and would cause a reasonable person to have a fundamentally different understanding . . . than that person would have if the person were hearing or seeing the unaltered, original version of the image or audio or video recording.”

This law also has a notable exception, which is that it does not apply to newspapers or other news media, nor does the law apply to paid campaign ads. These exceptions may serve to undermine the entire purpose of the bill, as Facebook has publicly asserted that it will not verify the truth or falsehood of political ads purchased on their platform.

Finally, traditional tort law may allow for recovery in certain situations where state statutes fail.  The torts of intentional infliction of emotional distress, defamation, and false light all could apply, depending on the fact situations.  These redresses, though, may only provide monetary damages and not the removal of the video itself. The problem with applying tort law in the deep fake context is similar to the limitations of AB 730.  Finding the creator of a deep fake, and then proving the creator’s intent may be a Herculean task.  After finding the creator, it is difficult to mount a full civil case against them.  Even if you do manage to bring a cause of action against a deep fake creator, the damage may already have been done.

The area of AI and deep fakes is a rapidly evolving one, both from a technological and a legal perspective.  The coming together of technology and law to combat the dark side of advances in artificial intelligence is encouraging, even as technology rushes forward to realize the more positive effects of artificial intelligence.  It seems, then, that the only solution to the problem of deep fakes is a combination of legal and technological remedies, and, in the words of Danielle Citron, “a heavy dose of societal resilience.”


Andrew White is a 1L Research Fellow at the Institute for Science, Law & Technology at IIT Chicago-Kent College of Law.  Andrew received his Master of Science in Law from Northwestern Pritzker School of Law and his Bachelor of Science from the University of Michigan, where he studied Cellular and Molecular Biology and French and Francophone Studies.

Inheriting the Facebook Graveyard

By Michael Goodyear

Last year, I wrote about a German court case that struggled with the question of whether anyone could have access to a deceased individual’s social media accounts. The case centered on a 15-year-old girl who had been killed by a subway train, and her parents wanted to access her Facebook account to see if they could determine from her posts and messages if she committed suicide. In May 2017, the German court of appeals reversed a lower court ruling in favor of the parents, holding that allowing the parents access to their daughter’s account would compromise the constitutional expectation of telecommunications privacy of the third parties with whom she had interacted online. On July 12, 2018, the highest German court, the Federal Court of Justice (BGH), overruled the court of appeals, agreeing with the initial lower court decision and holding that online data can be inherited just like physical writings such as personal diaries or letters.

While there is a strong policy interest in probate, and social media does appear to fit into a broad interpretation of written communications traditionally included in probate, social media accounts include a much greater breadth of information than those traditional sources. While probate law stretches back centuries, social media does not. Today, instead of a simple spoken conversation, which could not be inherited, we engage in lengthy conversations on social media and via texting. In many cases, our social media accounts and private messages are reflections of our personal thoughts. Although diaries also contained sensitive thoughts, they cannot compare to the magnitude of personal information present on Facebook. This is a fundamental change from prior physical document inheritance under probate law.

The German case was also particularly tricky due to the girl’s age. Since she was a minor, her parents had an expanded range of rights which they would not have had upon her reaching legal adulthood. The BGH ruled broadly that digital content can be inherited, but it is unclear if this could be limited to only minors.

Such a limitation could be one way to achieve the court’s goal while still preserving data privacy for third parties. If such a policy were implemented, third parties would know when communicating over Facebook with underage individuals that their communications are not necessarily limited to the recipient’s eyes alone.

Facebook’s own policies do not allow access to a deceased individual’s account, even if the requesters are family members or he or she was a child. The only options are to leave the Facebook account as is, memorialize it, or remove it. The BGH ruling will likely force Facebook to reevaluate its current deceased users policy, which provides the perfect opportunity to adapt its policies to better protect user privacy.

While the BGH’s decision does not directly affect those outside Germany, Facebook’s reaction to the decision, including any policy changes, could apply to the rest of Europe and the United States as well. However, Facebook has previously resisted broadly applying EU privacy protections to its users who do not reside in the EU. It could very well maintain separate positions on accessing deceased users’ accounts as well.

The prevailing standard in the United States is that third-party communications are protected under the Stored Communications Act, 18 U.S.C. §§ 2701-2712. This broad privacy protection is not only important for third parties, but also for online services themselves. Platforms such as Facebook can simply refuse to disclose, except under limited circumstances, and cite the shield of the Stored Communications Act.

A possible alternative, in addition to drawing a distinction for minors, that would still comply with the Stored Communications Act and ameliorate the issue of the Facebook graveyard would be allowing the inclusion of social media accounts in your will. Since over 10,000 Facebook users die every day, there is a pressing question of what to do with this every-increasing digital graveyard of accounts filled with personal information. Delaware adopted a law for fiduciary access to digital assets and digital accounts in 2014. Under this law, an individual can list social media access in their will, despite sites like Facebook not allowing such a transfer. There are already services to hand over social media account access after the user’s death. Furthermore, courts have held that users can consent to the disclosure of their online communications in cases such as In re Facebook, 923 F. Supp. 2d 1204 (N.D. Cal. 2012), and Ajemian v. Yahoo!, Inc., 84 N.E.3d 766 (Mass. 2017).

The seemingly impenetrable wall between Facebook accounts and the outside world has already been penetrated. Facebook divulges account information and private messages to government officials with a warrant. Facebook private data is subject to discovery requests in litigation. Providing for access in a user’s will would be another step in compliance with the law that would allow the user to use his own discretion and also forewarn third parties that their communications might be shared. While the exact privacy rights of children are trickier, following the BGH’s ruling, Facebook should craft a new policy to best meet the interests of the dead, the living, and privacy.

Michael Goodyear is a former ISLAT member and is currently a rising 2L at the University of Michigan Law School, where he is the President of Michigan’s Privacy and Technology Law Association.

I Can Do All Things Through Technology, Which Enables Me: Churches, Facial Recognition and Spiritual Dynamics

Alex FrancoBy Alexandra Franco, JD

In my work as a privacy lawyer, I’ve become slightly desensitized to the pervasive privacy invasions that we have learned to live with—the fact that Facebook is well-aware of my love of makeup and will constantly remind me of “cool new eyeshadows to try” is something I don’t even think about anymore. However, there is a new technology threatening privacy that struck me as particularly appalling.

A company called Churchix provides churches with facial recognition software “designed for Church administrators and event managers who want to save the pain of manually tracking their members attendance to their events.” The software allows users to “receive demographic data of people attending [their] event (Gender, Age),” and “receive identification reports for a specific event, group of events and attendance of a specific member.” To get the facial recognition software going, churches must first take photos of their faithful to “register and enroll into the data base of Churchix.” After this, the churches will have access to streamlined, automatic attendance data—and won’t have to go through what Churchix calls the “pain” of personal interaction with their attendees.

The number of churches currently using this technology is as high as 40. Speaking at a conference at Loyola University Chicago School of Law, privacy attorney and partner at Edelson PC, Ari Scharg, mentioned that this technology is being used to track people’s church attendance patterns, such as how often they attend and how early they arrive, and that the churches can use this information to understand how much money church goers can be asked to donate.

Churchix claims that despite “honest concerns over privacy” and people’s “‘Big BrotChurch 4her’ mentality” about what the technology entails, it “think[s] that [such beliefs] are mostly a bad feeling derived from a possible abuse of the technology rather than actual threats.” The company website explains that “on the contrary, face recognition software helps catching the bad guys… .” But even the company’s own PR efforts on its website include articles that criticize Churchix for the serious privacy concerns that its technology raises.

As Michael Casey from CBS News says, “the growth of this [facial recognition] technology has far outpaced any efforts to regulate it… .” and if it keeps going the way it is going, it will be very difficult for regulatory bodies to take a stand fast enough to make a difference. The technology is already being used by advertisers in shopping malls to analyze what you are looking at on a store shelf, analyze your demographic information based on your facial characteristics and later show you a targeted advertisement with another item that you may be interested in based on all of this information. Churchix is a branch of Face-Six, the facial recognition business that offers the technology to shopping malls. In addition to offering its services to churches (through Churchix) and shopping malls, Face-Six offers its services to airports, border control, law enforcement, casinos and also for home security purposes.

When a single company is behind all of the different applications of the technology—from shopping malls and targeted advertisements to church attendance—how do we know that  people’s images uploaded to the Churchix database will not end up being used to sell them religious books later when they visit a mall that uses the same technology? What if you have been missing church for a few weeks, would you like to see an advertisement for a book about “regaining your faith?”

A few states—such as Illinois—have enacted laws protecting people’s biometric information. The Illinois statute protects people’s biometric identifiers, such as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry,” among other things, by requiring that entities planning to collect such data inform the person in writing before collecting it, tell the person for how long and for what purpose they are collecting the data and have the person sign a written release. It also prohibits entities from selling or profiting from someone’s biometric data and requires that entities in possession of such data develop policies and procedures for its destruction.  However, Illinois is one of a few states currently taking steps to protect people’s biometric information and we are still far away from a comprehensive national regulatory regime.

Let’s instead think about this for a moment from the perspective of individual church members and the church community as a whole. Faith is a deeply personal thing which should be between the person and that which he or she believes in, something out of the human realm and out of the reach of human hands. It is a sacred communication between the person and something that transcends the physically human. Is it okay for a third eye in the sky to observe that person’s movements in and out of his or her place of worship? What are the deeper connotations of a pervasive intervention between a person and his or her faith? If church goers become aware that their movements in and out of the church are constantly being tracked, this may alter their church-going habits (as they may dislike being observed and tracked without having control over it) and may decide to stop attending church altogether. On the other hand, those who refuse to give up going to church will always have to think about that third eye who knows whether he or she went to church last week or not.

And what happens if we were to replace the word “church” in the last paragraph with the word “mosque”? It is not hard to imagine the potential for profiling and even more invasive targeting this technology—which works across different settings through the photo database—can bring.

For the most part, places of worship are still the heart and soul of their respective communities. They are groups of families and individuals who look out for each other and have each other’s back. When a congregation member is absent for a long time, other members will express their concern and reach out. If such interactions are interrupted by an automated attendance tracker, will it interfere with the community’s spiritual dynamics? To what extent will we allow technologies to alter human dynamics in their most essential manifestations? Only time will tell.

This isn’t about makeup. This is one of the most personal and private aspects of a person’s life, and we should not become desensitized to technologies which invade it.

Alexandra Franco is a Research Associate at the Institute for Science, Law and Technology at IIT Chicago-Kent College of Law.  The title of this essay is based on Philippians 4:13 “I can do all things through Christ who strengthens me.”

Digital Sexual Assault: A Disturbing Trend

IMG_20141106_142756

 

 

By Colleen Canniff

“Hopefully the Class of 2018 is paying attention, because otherwise the UEA is going to have to rape harder…”

In the fall of 2014, the incoming University of Chicago freshman class and the wider University of Chicago (UC) community were targeted and threatened as an anonymous hacker group, UChicago Electronic Army (UEA), posted the name of a sexual assault survivor and activist, purportedly in retaliation of the posting of The Hyde Park list.  The Hyde Park List, posted to Tumblr, was compiled by and for UC students and contained a list of UC students who, according to the list, are “individuals we would warn our friends about, because of their troubling behavior towards romantic or sexual partners.”  The original purpose of the list was to “[keep] the community safe—since the University won’t.”  One could argue that the UEA’s actions were out of a concern of denying due process to the students named.  But their method—threatening rape, and naming and identifying a victim of sexual assault—is a prime example of a troubling trend on the internet: using threats of sexual violence to silence individuals with whom a group of people doesn’t agree with.  As threats go online, the law is racing to keep up.

The UC incident is just the tip of the digital-assault iceberg.  Other reports of online sexual assault such as the iCloud hack, theft, and online release of dozens of celebrities’ personal nude photos, YouTuber Sam Peppers’ videos of sexually harassing women on the street, and the continued threats against Anita Sarkeesian, founder of Feminist Frequency (a website where she discusses and critiques female representations in videogames), exemplify the pervasiveness of online sexual violence against women. Continue reading

DRONE SEASON: Can You Shoot Down a Drone That Flies Over Your Property?

Michael Holloway Liberty Image 12.12.13 CC_smallBy Michael Holloway

As unmanned aerial vehicles (UAVs) – drones – become an increasingly common sight, more and more people wonder whether they may legally shoot down a drone flying over their property.  The question is not confined to a radical fringe: at a 2012 Congressional hearing on drones, U.S. Representative Louis Gohmert asked, “Can you shoot down a drone over your property?”  Separately, conservative pundit Charles Krauthammer offered: “I would predict—I’m not encouraging—but I predict the first guy who uses a Second Amendment weapon to bring a drone down that’s been hovering over his house is going to be a folk hero in this country.”

Traditionally, under the ad coeium doctrine, a property owner had control over his property “from the depths to the heavens.”  According to Black’s Law Dictionary, “Cjust est solum, ejus est usque ad coelom et ad inferos – to whomever the soil belongs, he owns also to the sky and the depths.”  But that changed with the advent of the airplane.  In 1926, Congress passed the Air Commerce Act, 49 U.S.C. § 40103(a)(1), which gave the federal government “exclusive sovereignty of airspace of the United States.”  In United States v. Causby, 328 U.S. 256, 261 (1946), Justice William Douglas wrote that the ad coeium doctrine “has no place in the modern world.”  Rather, with the advent of air travel, the national airspace is akin to a “public highway.”  But despite this, a property owner retains exclusive control over the space he or she can reasonably use in connection with the land, and may be entitled to compensation if the government encroaches on this airspace.  Similarly, as the Ninth Circuit pointed out in Hinman v. Pacific Air Transport, a person may become liable to a property owner for trespassing on this space.

Nor are these merely idle threats: a group of animal rights activists in Pennsylvania has repeatedly had its drones shot down while aerially videotaping “pigeon shoots” at a private club.  In April 2014, the town of Deer Trail, Colorado, voted on a proposed ordinance to issue drone hunting licenses; the ordinance offered a $100 bounty for shooting down drones and bringing in “identifiable parts of an unmanned aerial vehicle whose markings and configuration are consistent with those used on any similar craft known to be owned or operated by the United States federal government.”  The initiative ultimately lost badly, with 73% of voters opposed.

Law professor Greg McNeal writes that a person shooting down a government or commercial drone would violate constitute a violation of 18 U.S.C. § 32, which states that anyone who damages or destroys any aircraft in flight in the United States has committed a crime punishable by up to twenty years in prison or a fine of up to $250,000.  McNeal’s analysis assumes that drones constitute “aircraft” within the meaning of the statute, but that has recently come into question.  In March 2014, a National Transportation Safety Board (NTSB) administrative law judge set aside the Federal Aviation Administration (FAA)’s first-ever fine against a commercial drone operator, finding that the small drone at issue was only a “model aircraft,” and not an “aircraft” within the FAA’s regulatory authority.  The drone’s operator, Raphael Pirker, had been hired by a promotional company to shoot aerial video over the University of Virginia campus.  According to the FAA’s complaint, Pirker operated the drone recklessly, including causing one pedestrian to take “immediate evasive action” to avoid being hit.  The FAA fined Pirker $10,000 for operating the drone “in a careless or reckless manner so as to endanger the life or property of another” in violation of 41 C.F.R. § 91.13.

The ALJ tossed the fine, pointing to a 1981 “advisory circular” on model aircraft issued by the FAA, which provided model aircraft operators with voluntary advice such as to maintain distance from populated and noise-sensitive areas, fly below 400 feet, and cooperate with nearby airports.  In the ALJ’s view, the advisory circular represented a binding statement of policy by the FAA that model airplanes were exempt from its general regulatory authority over “aircraft,” a position it could not change later without going through a notice-and-comment period and implementing formal regulations under the Administrative Procedure Act (5 U.S.C. §§ 500).

There are problems with the ALJ’s decision.  It ignores that Congress, by the statute’s clear terms, in 5 U.S.C. §§ 500, gave the FAA the express authority to regulate all “aircraft,” defined expansively in 49 U.S.C. § 40102(a)(6) as “any contrivance invented, used, or designed to navigate, or fly in, the air.”  Ordinarily, when a statute’s terms are clear, it is considered improper for a judge to engage in more subtle acts of interpretation, and the statute here could not be clearer.  While the ALJ considered it a “risible argument” that someone could face FAA enforcement for flying a balsa wood glider or paper airplane without the FAA’s permission, such is the power Congress gave to the FAA in 1926.  The case is currently on appeal before the full NTSB.

In any case, whether or not shooting down a drone could result in a 20-year prison term or a quarter-million dollar fine, it is certainly a bad idea.  As the FAA has stated, shooting down a drone “could result in criminal or civil liability, just as would firing at a manned airplane.”   Expressing your concerns directly to your friendly neighborhood drone pilot is surely a better remedy.

California’s Revenge Porn Statute: A Start but not a Solution

Blog Photo_Lori

By Lori Andrews

Susan, a professional woman in her 30s, met a man she thought she’d ultimately marry.  Their relationship was sufficiently intimate that she sent him a naked photo of herself.  When she caught him cheating, she broke up with him.  He took revenge by posting that selfie on a revenge porn website, along with her name, the name of her town, and her social media contact information.  She received messages from complete strangers asking for more naked photos.  As she went about her daily life, she was afraid that one of those men would stalk her.  She worried that her co-workers might have come across the photo.  She knew that if she applied for a new job, that nude photo would come up in a Google search of her name.  She’d been branded with a modern Scarlet Letter.

Across the Web, thousands of people attack their exes by posting disgusting comments about them, warnings not to date them, or nude photos of them.  On October 1, California Governor Jerry Brown signed into law a bill criminalizing what has become known as revenge porn.  The law assesses a thousand dollar fine in a narrow situation.  It is a misdemeanor for a person to photograph “the intimate body part or parts of another identifiable person, under circumstances where the parties agree or understand that the image shall remain private, and the person subsequently distributes the image taken, with the intent to cause serious emotional distress, and the depicted person suffers serious emotional distress.” Continue reading