By Madison Edenfield

 

 

Since the beginning of Covid in 2020, sex toy sales have skyrocketed. [1] Teledildonics, a category of sex toys that can be used remotely, became particularly popular during lockdown. [2] These remote sex toys are controlled by an app and transmit data through Bluetooth.[3] This digital upgrade has brought sex toys into the 21st century, and with it a host of new problems. Because of its digital design and weak security, teledildonics are susceptible to hacking which could lead to malicious attacks on users’ intimate data and consent violations. [4]

This article will focus on two issues presented in teledildonics security: protecting data privacy and preventing consent violations. Data privacy will be examined through the Wiretap Act, a federal law that prohibits intercepting electronic communications. [5]  The Wiretap Act was amended in 1986 to “extend data and electronic transmissions the same protection already afforded to oral and wire communications.” [6]  This expansion of the law will be applied to user data collected by remote sex toys.

The Computer Fraud and Abuse Act (CFAA) will examine consent violations via hacked devices. The CFAA prohibits knowingly accessing a computer without authorization or consent and appropriating its contents. [7] There are currently no laws that directly deal with teledildonics, however, the CFAA provides a viable framework to examine security and electronic consent violations.

  1. Protecting Data Privacy

The data collected by sex toys is similar to information collected from any other electronic device. This information can include account names, emails, and location. [8] However, teledildonic devices can collect intimidate data like chat logs, who is controlling the device, vibration patterns, and the duration of use. [9] While this might not seem like highly volatile information, when this data is combined, it could easily build a profile on that user and put their privacy at risk. [10] Additionally, teledildonics seem to be riddled with security issues. [11] Security issues raise concerns about a user’s identity being leaked, which could ultimately lead to harassment, loss of professional opportunities, and negative emotional impact. [12] Teledildonics is an exciting advancement in sex technology, but how does it change the meaning of consent, privacy, and security?

In 2019, a class action lawsuit was brought against Hytto Ltd., or Lovense, a company that sells Bluetooth-enabled vibrators that are controlled through an app.[13] The plaintiff, S.D., alleged that Lovense illegally harvested data from its users, thus violating the Wiretap Act. [14] The Wiretap Act prohibits “interceptions of electronic communications.” [15] In this case, S.D.’s data, which included their vibration settings, date and time of use, duration of use, and email address, was stored in the Lovense app and reported back to the company. [16]  The Court ruled that intercepting and storing vibration intensity data falls under the Wiretap Act because vibrations are an extended form of communication between the people operating the app. [17] In sum, electronic communication is broadly defined, and just because vibrations are used to communicate does not change the fact that it is still a communication. [18]

Additionally, in 2018, the SEC Consult found that Vibratissimo sex toys could also be hacked through Bluetooth connection. [19] In this instance, however, Vibratissimo had a social network system where users could communicate and stream their videos. [20] This allowed hackers to not only connect to devices, but also access around 50,000 users’ data, which included images, chat logs, sexual orientation, passwords, and more. [21] Additionally, the Vibratissimo devices had weak Bluetooth security, making it easy for an attacker to take control of a device as long as they were in range. [22] This leads to a disturbing question about consent violations and sexual assault regarding remote sex toys.

  1. Preventing Consent Violations

Tech expert Alex Lomas tested whether it was possible to hack and control a Bluetooth-enabled sex toy. [23] In a few minutes, Lomas had located a remote sex toy, hacked into the user’s account, and accessed control over their device.[24] While Lomas didn’t do anything with this access, it is alarming to think that with a few simple clicks, anyone within range could take control of someone’s device without their consent. [25]

According to Shanlon Wu, a former federal sex crimes prosecutor, hacking and controlling someone’s sex toy without their consent signals sexual assault. [26] This aligns with the  Department of Justice’s description of sexual assault, which requires sexual contact or behavior that occurs without the explicit consent of the recipient. [27] Some lawyers, like Stewart Baker, reject the idea that hacking into someone’s sex toy is a sex crime because of the virtual component. [28] Instead, Baker contends that a hacker could potentially be held responsible for a cybercrime under the 1986 Computer Fraud and Abuse Act. [29]  The CFAA prohibits all purposeful, unauthorized access of a computer and appropriating its contents. [30] As mentioned earlier, the data collected by teledildonic devices is similar to information collected from any other electronic device, like a computer. [31] Remote sex toys could likely be viewed as computers, so taking unauthorized control of a device might fall under the CFAA. [32] So, even though the CFAA does not directly address teledildonics, it could potentially establish a framework for prosecuting consent violations via a remote device. [33]

While there is a lack of precedent for teledildonics, the Wiretap Act and the CFAA provide frameworks that could help protect users’ privacy and prevent consent violations. [34] Luckily, as technology evolves and expands, so will our laws. As Congress stated, “the law must advance with the technology to ensure the continued vitality of the Fourth Amendment. If we do not, we will promote the gradual erosion of this precious right.” [35] It is time to contemplate and question what the future of privacy will look like in the age of teledildonics.

 

 

 

[1] Brit Dawson, Guybrators, Joysticks, and Teledildonics: Inside the Sex Tech Revolution, Dazed (Aug. 16, 2022) https://www.dazeddigital.com/life-culture/article/56765/1/guybrators-joysticks-and-teledildonics-inside-the-sex-tech-revolution-toys

[2] Bobby Box, Breaking Into Your Personal Buzzer Isn’t That Hard to Do, Playboy (Nov. 9, 2017) https://www.playboy.com/read/sex-toys-hacked

[3] Id.

[4] Id.

[5] See 18 U.S.C.S. § 2511(1).

[6] Smart v. Home Depot, Inc., No. 21-CV-00153-JSM-PRL, 2021 U.S. Dist. Ct. LEXIS 15653, at *5 (M.D. Fla. May 20, 2021).

[7] See 18 U.S.C.S. § 1030.

[8] Matt Burgess, Smart Dildos and Vibrators Keep Getting Hacked – But Tor Could Be the Answer to Safer Connected Sex, Wired (Mar. 3, 2018, 8:00 AM) https://www.wired.co.uk/article/sex-toy-bluetooth-hacks-security-fix.

[9] Id.

[10] Id.

[11] Shayna Posses, Lovers May Not Be Alone In Using Sex Toy’s Camera, FTC Told, Law360 (Apr. 26, 2017, 6:14 PM) https://www.law360.com/privacy/articles/917596/lovers-may-not-be-alone-in-using-sex-toy-s-camera-ftc-told.

[12] Id.

[13] S.D. v. Hytto Ltd., No. 18-cv-00688-JSW, 2019 U.S. Dist. LEXIS 229909, at *3 (N.D. Cal. May 14, 2019).

[14] Id. at *4.

[15] Id. at *14.

[16] Id. at *4.

[17] Id. at *18-19.

[18] Id. at *18.

[19] Thomas Brewster, ‘Panty Buster’ Toy Left Private Sex Lives of 50,000 Exposed, Forbes (Feb. 1, 2018, 5:50 AM) https://www.forbes.com/sites/thomasbrewster/2018/02/01/vibratissimo-panty-buster-sex-toy-multiple-vulnerabilities/?sh=7baf97aa5a94.

[20] Id.

[21] Id.

[22] Id.

[23] Alex Lomas, Screwdriving: Locating and Exploiting Smart Adult Toys, Pen Test Partners (Sep. 29, 2017) https://www.pentestpartners.com/security-blog/screwdriving-locating-and-exploiting-smart-adult-toys/.

[24] Id.

[25] Id.

[26] See Claire Lampen, If Your Vibrator is Hacked, Is It a Sex Crime?, Gizmodo (Oct. 31, 2017, 2:22 PM) https://gizmodo.com/if-your-vibrator-is-hacked-is-it-a-sex-crime-1820007951.

[27] See Office on Violence Against Women, Sexual Assault, Department of Justice (last visited Sep. 30, 2022) https://www.justice.gov/ovw/sexual-assault.

[28] Lampen, supra note 26.

[29] Id.

[30] 18 U.S.C.S. § 1030.

[31] Burgess supra note 8.

[32] See Lampen, supra note 26.

[33] Id.

[34] Id.

[35] Smart v. Home Depot, Inc., No. 21-CV-00153-JSM-PRL, 2021 U.S. Dist. Ct. LEXIS 15653, at *6 (M.D. Fla. May 20, 2021).

 

Image Source: https://www.them.us/story/sex-toy-technology-future