By Chris Jones

 

I. Introduction

COVID-19 sparked a “tsunami of growth” in the United States’ telehealth industry.[1] The Office for Civil Rights (“OCR”) Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Notification”) allowed medical providers to utilize telehealth platforms that fell short of The Health Insurance Portability and Accountability Act of 1996’s (“HIPAA”) privacy requirements.[2]

Technology companies and governments have “long shown themselves to be wolves in sheep’s clothing when it comes to privacy: promising privacy while conducting widespread and illicit surveillance.”[3] A recent study determined that over 70% of medical applications shared users’ sensitive information with third-party data aggregators, without the user’s knowledge or consent.[4]

Data aggregators can use this information to potentially damage the individual financially, physically, or psychologically.[5] This data is often marketed and sold to a variety of commercial third parties including employers, advertisers, and insurers.[6] In one case, a data aggregator sold the digital health-related data of approximately 3 million individuals to an insurance company.[7]

By allowing medical providers to utilize inferior privacy measures, the risk of individual privacy harm continues to increase. Privacy injuries associated with the unauthorized use of an individual’s data may include reputational, discrimination, physical, psychological, economic, and relationship harms.[8] Thus, telehealth platforms should be required to obtain a Telehealth Privacy Certification (“Certification”) of compliance prior to public market release. This Certification would strengthen security and ensure a patient’s privacy rights are protected moving forward—regardless of what the future holds.

II. Telehealth During COVID-19

During the COVID-19 pandemic, private telehealth companies and health care systems reported an increase of telehealth use ranging from 100% to 4300%.[9] According to the Center for Disease Control and Prevention (“CDC”), 43% of medical providers had telehealth capabilities before the pandemic.[10] After the pandemic began, 95% offered telehealth.[11]

Telehealth is defined as the use of electronic information and communications technologies to deliver clinical and nonclinical health care services.[12] Telehealth communications generally consist of three types: (1) Synchronous, which involves direct communication between the provider and the patient using phone, video, or data transmission such as texting; (2) Asynchronous, which involves the storage of information for the provider or patient with the expectation the other party will review it and respond back at some point in the future; and (3) Remote patient monitoring, which involves a mix of both synchronous and asynchronous telehealth that allows the provider to monitor the patient over time.[13] Prior to the pandemic, there were many barriers to utilizing telehealth such as provider licensing, insurance approval, lack of equipment, and the overall costs of complying with HIPAA.[14] For example, extremely expensive devices were required for both the patient and physician with costs ranging from $799 on up.[15]

As telehealth appointments have become common events, patients confide in their providers as they would if meeting in person. Patients can be particularly susceptible to privacy harm when being videotaped. Typical telehealth sessions often contain a patient’s personal disclosures of “objective and highly sensitive statements of fact” that “may be inherently more revelatory” than the provider’s ordinary notes based on subjective impressions.[16] Even when complying with HIPAA, providers are free to retain archived, stored, or transmitted data from telehealth sessions.[17]

Mental health therapist Tiffany Chhuom worries about the impact of temporarily lifting privacy protections for patient data included in video or text discussions with their doctors.[18] “The ways in which these clients who are so vulnerable on video could be exploited — I don’t have the words to explain how much that concerns me,” said Chhuom.[19]

III. Legal Background

While it is generally understood that medical providers should use the highest level of standards to assure peace of mind for their patients,[20] HIPAA regulates the use of technology to transmit certain medical data at the federal level.[21] HIPAA requires covered entities to follow data privacy, data security, and data breach notification requirements when handling applicable medical information.[22]

The Health Information Technology for Economic and Clinical Health Act (“HITECH Act”) amended HIPAA in 2009 to further define the responsibilities and roles of healthcare providers and business associates.[23] The HITECH Act requires that covered entities utilize a Business Associate Agreement (“BAA”)[24] and demands that associates comply with the appropriate sections of HIPAA’s Privacy and Security Rules.[25] Absent exception, HIPAA’s Privacy Rule requires patient consent in order for a covered entity to share Protected Health Information (“PHI”) with third parties.[26] HIPAA’s Security Rule requires that covered entities utilize “administrative, physical, and technical safeguards to prevent threats or hazards to the security of electronic PHI.”[27]

Herein lies the broader issue—under the current regulation, the use of specific telehealth equipment or technology cannot ensure an entity is HIPAA-compliant.[28] Thus, the burden to utilize HIPAA-compliant telehealth platforms falls on the covered entity.[29] If a covered entity utilizes telehealth involving PHI, the entity must comply with the same HIPAA requirements that it would if the patient visited the office.[30] This requires the entity to have technical knowledge in order to conduct a thorough assessment of any potential risk or vulnerability that may affect the confidentiality or integrity of the patient’s PHI.[31] Pandemic or not, this level of technical compliance can be difficult for medical specialists to ascertain.

IV. OCR’s Notification of Enforcement Discretion

During the COVID-19 pandemic, patients across the country were asked to accept a trade-off between access to remote health care and protection of their sensitive health data.[32]  In March 2020, the United States government further relaxed its already anemic privacy standards by enacting the Notification that allowed medical providers to utilize telehealth platforms, which fell short of HIPAA privacy requirements.[33] This Notification declared the OCR would not impose penalties for noncompliance with HIPAA regulatory requirements regarding telehealth during the pandemic, as long as the activities were carried out in good faith—even if the appointment was not related to COVID-19.[34] Without stringent privacy and security features employed, a telehealth appointment can have devastating effects on a patient’s employment status, insurance ratings, and personal reputation.[35]

Any non-public facing remote communication products were allowed to be utilized for medical appointments, regardless of the privacy and security features.[36] For example, this Notification allowed a provider to examine a patient utilizing a videoconferencing application on the patient’s phone.[37] Additionally, it only suggested the provider notify their patients of potential third-party privacy risks and only recommended they should utilize all encryption and privacy modes available.[38] This waiver applied to HIPAA’s Privacy, Security, and Breach Notification Rules.[39]

The OCR provided a list of potential video communication platforms that claimed to be HIPAA-compliant and were willing to enter into a BAA;[40] yet did not specifically endorse them.[41] This Notification recommended that providers concerned about additional privacy protections for their patients continue to utilize services through HIPAA-compliant vendors.[42]

For example, this Notification allowed medical providers to utilize the consumer version of Zoom for confidential telehealth visits.[43] Zoom experienced a 10-fold increase in usage since the COVID-19 pandemic began, including increased use in healthcare.[44] According to a study by Sermo, Zoom was the most common telehealth platform in use during the COVID-19 pandemic.[45]

Zoom has come under fire as a myriad of articles and lawsuits exposed its privacy flaws.[46] Zoom users encountered Zoom Bombing, which occurs when someone joins a meeting they weren’t invited to and “drops gross or disturbing images.”[47] Confidential secrets are easily revealed when random people join private videoconferences.[48] For example, online classes at UCLA were disrupted by a Zoom Bomber shouting slurs and insulting individuals.[49] Zoom Bombers have even posted pornographic content during video chats like AA meetings.[50]

As this Notification allowed for any non-public teleconferencing platform to be used,[51] the privacy issues exposed here are not unique to Zoom alone—Zoom likely only scratches the surface.[52]

This Notification of Enforcement Discretion was inadequate as it essentially stripped consumers of their right to privacy by allowing providers to utilize random videoconferencing applications with no guarantees of confidentiality or security. The importance of privacy and security concerns surrounding telehealth cannot be overlooked as medical data necessitates a higher standard of security due to its personal and sensitive nature.[53] The effects of this Notification may be felt for years or decades to come if the medical data makes its way into the hands of data brokers,[54] unscrupulous actors, or onto the Dark Web.

V. Two Years In – Where Do We Go From Here?

For the past two years, medical providers and patients have become accustomed to utilizing telehealth without the safety of regulatory oversight. As the state of emergency declarations are lifted, this compliance waiver will likely end. Covered entities will no longer be allowed to utilize whatever nonpublic telehealth modality patients have chosen, and will be required to resume utilizing only telehealth platforms that comply with HIPAA.

In October 2021, the American Medical Association (“AMA”) called on the OCR to extend this Notification for yet another year, in order to provide its members with more time to adapt to HIPAA-compliant technologies.[55] The AMA has requested that the OCR assist providers by establishing “guidance documents that specifically speak to telemedicine platforms and what HIPAA requires for use of such technology.”[56] As the AMA explained, “many clinicians are using telemedicine for the first time and may not be well-versed in the unique risks and vulnerabilities associated with the new tools they are using.”[57]

This chain of events is taking Americans’ privacy concerns even further off track.  As the AMA confirmed, medical providers are not technologists and do not specialize in decrypting the intricate privacy concerns involved with third-party applications.

In order to protect both health and privacy, Congress should enact a comprehensive federal regulation to require Telehealth Privacy Certification (“Certification”), administered by the OCR, for all platforms prior to public market release. The OCR already has a trained staff of technologists currently tasked with HIPAA auditing and enforcement. Thus, the OCR should implement a new system to standardize and simplify the necessary HIPAA-compliant technological requirements for telehealth platforms and control how personal telehealth data is maintained.[58] This Certification should also implement one standardized BAA required for use with all approved telehealth platforms.

By requiring telehealth platforms to meet or exceed HIPAA regulations upfront, entities that specialize in medicine would no longer be tasked with attempting to analyze whether or not technology platforms comply with the applicable laws. Instead, medical providers can confidently focus their resources on treating patients’ health concerns—the true purpose of telehealth.

With Certification, it is possible to leverage the public health benefits of telehealth without subjecting unsuspecting patients to abusive or illicit surveillance. This long-term solution would safeguard the privacy rights of telehealth users and ensure that patients’ medical data is protected—both during a pandemic and beyond.

 

[1] See Marie Fishpaw & Stephanie Zawada, Telehealth in the Pandemic and Beyond: The Policies That Made It Possible, and the Policies That Can Expand Its Potential, Heritage Found. (July 20, 2020), https://www.heritage.org/health-care-reform/report/telehealth-the-pandemic-and-beyond-the-policies-made-it-possible-and-the.

[2] See Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency, U.S. Dep’t Health & Hum. Servs., https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html (last updated Mar. 30, 2020) [hereinafter Notification of Enforcement Discretion]; Telehealth and Telemedicine: Frequently Asked Questions, Cong. Research Serv. (Mar. 12, 2020), https://crsreports.congress.gov/product/pdf/R/R46239.

[3] Jake Goldenfein, Ben Green, & Salome Viljoen, Privacy Versus Health Is a False Trade-Off, Jacobin, https://jacobinmag.com/2020/4/privacy-health-surveillance-coronavirus-pandemic-technology (last visited Sept. 19, 2020).

[4] Lori Andrews, A New Privacy Paradigm in the Age of Apps, 53 Wake Forest L. Rev. 421, 421 (2018).

[5] Id. at 424.

[6] Id. at 421.

[7] Id. at 461.

[8] See Daniel J. Solove & Danielle Keats Citron, Privacy Harms, GW L. Fac. Publ’n & Other Works, 1534, (2021), https://scholarship.law.gwu.edu/faculty_publications/1534/.

[9] Fishpaw, supra note 1.

[10] Hanna B. Demeke, Sharifa Merali, Suzanne Marks, et al., Trends in Use of Telehealth Among Health Centers During the COVID-19 Pandemic — United States, June 26–November 6, 2020 (Morbidity and Mortality Weekly Report), CDC (Feb. 19, 2021), https://www.cdc.gov/mmwr/volumes/70/wr/mm7007a3.htm.

[11] Id.

[12] Telehealth and Telemedicine: Frequently Asked Questions, Cong. Research Serv. (Mar. 12, 2020), https://crsreports.congress.gov/product/pdf/R/R46239. While the World Health Organization limits the term “telemedicine to services provided by doctors,” whereas “telehealth is broader, including services from other health providers such as nurses, psychologists and pharmacists;” the terms telehealth and telemedicine are often used interchangeably. Dana Shilling, Telemedicine in the age of COVID-19, 35 Elder L. Advisory NL 1, 1 (2020).

[13] See David A. Hoffman, Increasing Access to Care: Telehealth During COVID-19, 7 J. L. & Biosciences 1, 3 (2020).

[14] See Miranda A. Moore & Dominique D. Monroe, COVID-19 Brings About Rapid Changes in the Telehealth Landscape, Mary Ann Liebert, Inc., Publishers (Aug. 14, 2020), https://www.liebertpub.com/doi/10.1089/TMJ.2020.0228.

[15] Id.

[16] Josh Sherman, Double Secret Protection:  Bridging Federal and State Law to Protect Privacy Rights for Telemental and Mobile Health Users, 67 Duke L. J. 1115, 1143 (2018).

[17] See id. at 1141–43.

[18] Kate Kaye, HHS Notice on Telehealth Penalties Raises Privacy Concerns, Int’l Ass’n of Privacy Prof’ls (Mar. 20, 2020), https://iapp.org/news/a/hhs-notice-on-telehealth-penalties-raises-privacy-concerns/. Chhuom worked with the Washington State Health Care Authority to utilize digital technology in its response to the COVID-19 pandemic. Chhuom has first-hand experience with patient technology as she owns Eth Tech, a digital training firm. See id.

[19] Id.

[20] See Geoffrey Lottenberg, COVID-19 Telehealth Boom Demands Better Privacy Practices, Lexis Law 360 (July 2, 2020), https://www.law360.com/articles/1287404/covid-19-telehealth-boom-demands-better-privacy-practices-.

[21] HIPAA, Telehealth, and COVID-19, Cong. Res. Serv. (June 5, 2020), https://crsreports.congress.gov/product/pdf/LSB/LSB10490.

[22] See id. (A Covered Entity is one that is (1) A health plan, (2) A health care clearinghouse, or (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by 45 CFR § 160.103). HIPAA imposes obligations on covered entities, those that have entered into a Business Associate Agreement (“BAA”) with a covered entity, and subcontractors of covered entities or business associates. See Business Associate Contracts, U.S. Dep’t of Health & Hum. Servs., https://www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html (last reviewed June 16, 2017).

[23] See Business Associate Contracts, supra note 22. (A Business Associate is a person or entity, including subcontractors, who “perform[s] functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information.”).

[24] A covered entity may share PHI with another entity only after a BAA has been entered into that provides “satisfactory assurances” the business will appropriately safeguard the information. Therefore, the business associates themselves are directly liable for breaches of HIPAA. See HIPAA, Telehealth, and COVID-19, supra note 21.

[25] See Leslie Lenert & Brooke Yeager McSwain, Balancing Health Privacy, Health Information Exchange, and Research in the Context of the COVID-19 Pandemic, J. Am. Med. Infomatics Ass’n (Apr. 26, 2020), https://academic.oup.com/jamia/article/27/6/963/5814212.

[26] See HIPAA, Telehealth, and COVID-19, supra note 21.

[27] See HIPAA, Telehealth, and COVID-19, supra note 21.

[28] HIPAA and Telehealth, Ctr. for Connected Health Policy, https://www.cchpca.org/sites/default/files/2018-09/HIPAA%20and%20Telehealth.pdf (last visited Dec. 18, 2020).

[29] Id.

[30] Id.

[31] Id.

[32] Goldenfein, Green, & Viljoen, supra note 3.

[33] See Notification of Enforcement Discretion, supra note 2.

[34] Notification of Enforcement Discretion, supra note 2.

[35] See Lothar Determann, Healthy Data Protection, 26 Mich. Tech. L. Rev. 229, 256 (2020).

[36] Notification of Enforcement Discretion, supra note 2.

[37] Notification of Enforcement Discretion, supra note 2.

[38] Notification of Enforcement Discretion, supra note 2. 

[39] FAQs on Telehealth and HIPAA During the COVID-19 Nationwide Public Health Emergency, U.S. Dep’t of Health & Hum. Servs., https://www.hhs.gov/sites/default/files/telehealth-faqs-508.pdf (last viewed Dec. 17, 2020).

[40] Notification of Enforcement Discretion, supra note 2.

[41] Notification of Enforcement Discretion, supra note 2.

[42] Notification of Enforcement Discretion, supra note 2.

[43] See Notification of Enforcement Discretion, supra note 2.

[44] Mohammad S. Jalali, Adam Landman, & William Gordon, Telemedicine, Privacy, and Information Security in the Age of COVID-19, SSRN 1, 2 (July 8, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3646320.

[45] Deborah R. Farringer, A Telehealth Explosion: Using Lessons from the Pandemic to Shape the Future of Telehealth Regulation, SSRN 1, 28 (Aug. 5, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3681070.

[46] See Ajay Chawla, Coronavirus – Covid 19 ‘Zoom’ Application Boon or Bane, SSRN (May 20, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3606716.

[47] Id.

[48]  See Michael Goodyear, The Dark Side of Videoconferencing: The Privacy Tribulations of Zoom and the Fragmented State of U.S. Data Privacy Law, 10 Hous. L. Rev. 76, 80-81 (2020).

[49] Emily MacInnis, Students, Professors Report Multiple Incidents of Zoombombing in One Day, Daily Bruin (Oct. 11, 2020, 6:00 PM), https://dailybruin.com/2020/10/06/students-professors-report-multiple-incidents-of-zoombombing-in-one-day.

[50] Chawla, supra note 46.

[51] Notification of Enforcement Discretion, supra note 2.

[52] See Goldenfein, Green, & Viljoen, supra note 3.

[53] Mohammad S. Jalali, Adam Landman, & William Gordon, Telemedicine, Privacy, and Information Security in the Age of COVID-19, SSRN (July 8, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3646320.

[54] See WebFX Team, What are Data Brokers — and What is Your Data Worth?, WebFX (Mar. 16, 2020), https://www.webfx.com/blog/internet/what-are-data-brokers-and-what-is-your-data-worth-infographic/ (Data brokers belong to a “multi-billion dollar industry made up of companies who collect consumer data and sell it to other companies, usually for marketing purposes.” Because data brokers do not deal directly with consumers, many individuals are unaware these companies exist.).

[55] Letter from James L. Madara, MD, CEO Executive Vice President, Am. Med. Ass’n, to Lisa J. Pino, Dir., Off. Civ. Rts. (Oct. 25, 2021), https://searchlf.ama-assn.org/letter/documentDownload?uri=/unstructured/binary/letter/LETTERS/2021-10-25-Letter-to-Pino-on-HIPAA-Flexibility.pdf.

[56] Id.

[57] Id.

[58] Goldenfein, Green, & Viljoen, supra note 3.

Image source: https://labblog.uofmhealth.org/rounds/telehealth-visits-skyrocket-for-older-adults-but-concerns-and-barriers-remain

By Eleni Poulos

 

The documentary, Tinder Swindler, looks at the story of Simon Hayut, who posed as the son of a diamond mogul and used the popular dating app Tinder to meet women and manipulate them into providing him money.[1] Ultimately, Hayut scammed approximately $10 million from these women.[2] Unfortunately, this isn’t an isolated incident.[3] It is reported that Americans alone lost nearly $1 billion in 2021 to online dating scams like the Tinder Swindler.[4] The law protects those who are financially harmed by online dating scams and in the aftermath of Hayut’s con, the victims sued in hopes of recovering the money they lost during their “relationship” with Hayut.  Though, recourse is not always successful.[5] For example, one of Hayut’s victims, Pernilla Sjöholm recently lost a battle in court against the banks she believes in partially responsible for the scam.[6] Another victim of Hayut’s—Ayleen Charlotte—lost her case against the bank, ING.[7] But what about those victims that do not necessarily lose their money, but instead lose their time and emotional stability?

Laws in the United States do not adequately protect against falsehoods and manipulation on dating applications, even though studies show that individuals using online dating apps, like Tinder, Hinge, and Bumble, often lie about their name, relationship status, and appearance.[8] More than half the respondents in a study by B2B International and Kaspersky Lab, admitted to lying in their profiles.[9] As a result, a law professor at Hofstra University, Irina Manta, focused extensively in this area and uses the term “sexual fraud” to define this type of behavior.[10] She makes three main arguments for addressing it.[11] First, she argues that because of the ineffectiveness of criminal law in these circumstances, the courts should use a rendition of trademark law to “reduce search costs and deception in the dating marketplace, just as we do in the economic marketplace.”[12] Manta also argues that legal recourse would be more effective, if the process could take advantage of slam claims courts as a way of “discourage[ing]” behaviors that may bring significant dignitary, emotional, and other harms” to the individuals using these dating apps.[13] Finally, she argues that statutory damages should be available to victims of sexual fraud.[14] She makes the point that proving this fraudulent behavior and thus allowing an individual to recover damages is easier now than ever—since the evidence is saved on these dating apps.[15] Overall, the theory requires that a profile be truthful and that what is advertised on an individual’s profile does not mislead another, or pay the consequences of fraudulent behavior.[16] Manta believes this is an integral first step in making online dating, and the Internet more generally, a safe place to be. [17]

Nevertheless, though legal recourse for this kind of sexual fraud is limited, states have formed legislation to help protect their citizens. Though this is a positive step, the legislation still has a way to go. As more and more stories of scams like the Tinder Swindler come to light, it’s fair to assume that the law may also evolve to protect individuals using these apps. If it doesn’t, will the responsibility begin to fall on the app developers themselves?

 

[1] The Tinder Swindler, Wikipedia (Mar. 13, 2022), https://en.wikipedia.org/wiki/The_Tinder_Swindler.

[2] Id.

[3] Maya Yang, American Lost $1bn to Tinder-Swindler style romance cons last year, FBI says, The Guardian, (Feb. 15, 2022), https://www.theguardian.com/us-news/2022/feb/15/tinder-swindler-americans-romance-scam-con-fbi.

[4] Id.

[5] See Emily Smith, ‘Tinder Swindler’ victim suffers legal setback, Page Six, (Mar. 14, 2022), https://pagesix.com/2022/03/14/tinder-swindler-victim-pernilla-sjoholm-suffers-legal-setback/.

[6] Id.

[7] Id.

[8] Amy Polacko, Netflix’s ‘Tinder Swindler’ isn’t alone. Beware Match monsters and Bumble betrayers, too, NBC News, (Feb. 11, 2022), https://www.nbcnews.com/think/opinion/netflix-tinder-swindler-simon-leviev-isn-t-only-dating-app-ncna1288981.

[9] Id.

[10] Irina D. Manta, Tinder Lies, 54 Wake Forest L. Rev. 207, 207 (2019).

[11] Id. at 207.

[12] Id.

[13] Id. at 207-08.

[14] Id. at 208.

[15] Manta, supra note 10, at 236.

[16] Polacko, supra note 8.

[17] Manta, supra note 10, at 249.

Image source: https://www.flickr.com/photos/51035749109@N01/8637598848

By Grayson Walloga

 

Can a robot write a symphony? Can a robot turn a canvas into a beautiful masterpiece? Can a robot produce a beautiful and impactful movie script?

In 2016, there was an attempt. Sunspring is a short science fiction film written entirely by an AI that named itself Benjamin.[1] The director, Oscar Sharp, fed hundreds of sci-fi screenplays to the AI and then instructed it to create its own. Was it any good? Well, it did place in the top ten out of hundreds of entries in the Sci-Fi London contest.[2] The film was enjoyed by many, though mostly for the wrong reasons. Sunspring is entirely incoherent. Most of the dialogue is littered with grammatical errors, the plot is non-existent, and the characters have whole conversations on what seems like an alternative plane of reality. That being said, the film is quite fun. Most of the praise should go to the actors who did their best to interpret the mess conjured up by Benjamin.[3] They turned a script composed of utter nonsense into a gripping tale of romance and murder by their own tone and body language which allowed for Benjamin’s story to be realized in some way.

Solicitors, released in 2020, was another short film written by an AI.[4] Two senior student filmmakers from Chapman University used GPT-3 (specifically, the tool “Shortly Read”) to create most of the film, but started off the script with just the following lines: “Barb’s reading a book. A knock on the door. She stands and opens it. Rudy, goofy-looking, stands on the other side.”[5] GPT-3 is a 175 billion parameters Transformer deep learning model from OpenAI that has been used for translation work, writing scripts for films, and even the creation of fake blog posts (not this one).[6]

Solicitors, unlike Sunspring before it, actually manages to make a bit of sense and adhere to a basic three-act structure. It even throws in an M. Night Shyamalan plot twist for good measure! There are times when the dialogue becomes odd or characters contradict themselves after a while, but for a machine-written work it is very impressive. The GPT-3 tends to be more effective on shorter content as it usually has problems retaining a story’s tone.[7] While that means an author might run into issues trying to get a whole novel created with GPT-3, he can still find great success using the technology to overcome writer’s block when working on a particular scene. [8] Authors should still make sure the machine-written scene makes sense before adopting it into their work. Just because a machine can write a story doesn’t mean it will be any good.

Of course, there is also the problem with interpreting the machine-written story too. Both Sunspring and Solicitors explore the necessary inclusion of human beings in AI writing. For Sunspring, the actors were the ones who turned the poorly written jumble of words into an overly dramatic, so-bad-its-good experience like The Room.[9] The more tightly written Solicitors was half the run time as Sunspring, and had parameters set with the initial scenario being pre-written. [10] As it stands right now, machine-written works can only truly work through the combined efforts of humans and artificial intelligence.[11]

Eager to find out how entertaining a machine-written story might be, I set out to find one that I could use free of charge. DeepStory is an AI-driven script & story generator that is freely available online.[12] You can write something entirely from scratch or choose from some preloaded prompts. Wishing to be inspired by a new take on a personal favorite tale, I had the AI generate a modified scene from The Lord of the Rings. This scene is set during the Council of Elrond, where the fate of the One Ring is being discussed. DeepStory can generate actions, characters, and dialogue at the touch of a button. The results were…intriguing.

I generated a few actions right after Frodo places the Ring for all to see. Instead of the lengthy discussion of what should be done, the stone floor cracked open and revealed the eye of Sauron! And then another eye of Sauron appears at the front gate. And then the eyes started shooting fireballs at everyone. The scene ended with “glimpses of violence and destruction.” Not exactly in line with the established canon, but divorced from the lore it was certainly entertaining.

I reset the scene and tried again to see if the AI could do something drastically different. This time, DeepStory decided to have Gimli stand tall and march straight towards the Ring, not unlike the film version. A few other characters go with him, one of whom is not even supposed to show up until the next book, but then Pippin “holds the ring like a grenade…” as he nervously inspects his comrades. Frodo then stands up and exclaims, “It is time.  The battle of Endor began many years ago.  It is time we are all on the same side.” DeepStory seems to have mixed up its nerd franchises. While both AI-generated scenes have their problems, they still have their uses. AI-generated content like this is useful in helping a writer figure out his own style, voice, or themes for his own work.[13] At the very least, you can see an example of how not to write your story, though maybe you’ll find a diamond in the artificially generated rough.

 

[1] Annalee Newitz, Movie written by algorithm turns out to be hilarious and intense, Ars Technica (May 30, 2021), https://arstechnica.com/gaming/2021/05/an-ai-wrote-this-movie-and-its-strangely-moving/.

[2] Id.

[3] Id.

[4] Sejuti Das, OpenAI’s GPT-3 Now Writing Screenplay For A Short Film With A Plot Twist, Analytics India Magazine (Oct. 26, 2020), https://analyticsindiamag.com/openais-gpt-3-now-writing-screenplay-for-a-short-film-with-a-plot-twist/.

[5] Id.

[6] Przemek Chojecki, Why GPT-3 Heralds a Democratic Revolution in Tech, Built In (Nov. 3, 2020), https://builtin.com/machine-learning/why-gpt-3-heralds-democratic-revolution-tech (last updated July 13, 2021); see Kim Lyons, A college student used GPT-3 to write fake blog posts and ended up at the top of Hacker News, The Verge (Aug. 16, 2020), https://www.theverge.com/2020/8/16/21371049/gpt3-hacker-news-ai-blog.

[7] See Jacob Vaus & Eli Weiss, How We Made a Movie by an AI Script Writer, Built In, https://builtin.com/media-gaming/ai-movie-script (last updated July 13,2021).

[8] See ShortlyAI, https://www.shortlyai.com/ (last visited Mar. 10, 2022).

[9] Newitz, supra note 1.

[10] Das, supra note 4.

[11] Vaus & Wiess, supra note 7.

[12] DeepStory, https://www.deepstory.ai/#!/ (last visited Mar. 10, 2022).

[13] See Jason Boog, How To Write Movie Reviews with AI, Toward Data Sci. (Feb. 3, 2020), https://towardsdatascience.com/how-to-write-movie-reviews-with-ai-d17f758f2ed5.

Image source: https://blockgeni.com/an-ai-that-can-write-books/