Richmond Journal of Law and Technology

By Brianna Hughes

 

 

 

The internet and social media platforms have become a modern staple in many people’s everyday lives.[1] Most people with internet access can share information, ideas, and other content easier than ever before and interact with those who are like-minded.[2] While this dissemination of information can be positive, social media platforms may face the problem of users sharing content that can be considered objectionable or illegal.[3] Platforms attempt to combat this phenomenon by imposing guidelines prohibiting sharing certain types of content.[4] This can include limitations on users posting hate speech, harassment, and revenge pornography.[5] Congress has highlighted the importance of shielding online providers from the potential liability of what their users could post by enacting the Communications Decency Act (“CDA”).[6] The CDA, 47 U.S.C § 230(c)(1), states that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”[7] While this provides media platforms with significant immunity from being held liable for most of their users’ posts, if the moderators violate a criminal statute, they may be subject to liability.[8]

The parents of victims of child pornography attempted to impose civil liability on one of the most widely used social discussion online platforms, Reddit, but were unable to do so.[9] Reddit is a social media platform that allows its users to post content publicly as well as participate in forums devoted to specific topics called subreddits.[10] Reddit holds the power to remove moderators and content if it does not conform to Reddit’s policies.[11] The parents of the victims found sexually explicit photos of their children on the website. The parents reported the images and images took the photos down. However, the parents then found themselves in a cycle where the images would get reposted.[12] The plaintiffs argued that Reddit earned substantial revenue from these explicit subreddits and did little to place protections for those who were being exploited.[13]

The parents sued pursuant to 18 U.S.C. § 1595, which states that “an individual who is a victim… may bring a civil action against the perpetrator (or whoever knowingly benefits, financially or by receiving anything of value from participation in a venture which that person knew or should have known has engaged in an act…) in an appropriate district court.”[14] Reddit claimed they were shielded from liability based on section 230 of the CDA.[15] This section has been amended to include the Fight Online Sex Trafficking Act to allow victims of trafficking to bring civil lawsuits against platforms that helped traffickers.[16] The district court dismissed the parents’ claim, and the Ninth Circuit affirmed the district court’s decision.[17]

While the CDA shields Reddit from potential liability based on their user’s posts, it does not provide immunity if the information violates 18 U.S.C. § 1595.[18] However, the defendant must have actual knowledge of the trafficking and must “assist, support, or facilitate” the trafficking venture.[19] This knowledge standard creates a higher bar for imposing liability on social media platforms.[20] In this “actual knowledge” analysis, the court will look at the defendant’s website’s “participation in the venture” and that they knowingly benefited from participating in child sex trafficking.[21] “Mere association with sex traffickers is insufficient absent some knowing ‘participation’ in the form of assistance.”[22] The Plaintiffs, in this case, failed to show that Reddit knowingly participated or benefited from a sex trafficking venture but rather “turned a blind eye,” which is not enough for the court to impose liability on the media platform.[23] Therefore, the court held that Reddit had not knowingly benefited from knowingly facilitating sex trafficking.[24]

The high bar set by the “knowing” standard proves difficult for victims of child pornography and revenge pornography to receive the remedy they demand.[25] Future litigators in cases like these may have to frame their cases around elements common to civil torts, such as a claim for intentional infliction of emotional distress, defamation, or breach of privacy. [26] For claims that do not involve intentional torts to be successful, plaintiffs must demonstrate that the platform “materially contributed to the illicit nature of the content by showing that they did more than passively transmit information from third parties.”[27] The CDA presents obstacles for parties seeking redress, but it is not impossible to overcome.[28]

 

 

 

[1] Matthew P. Hooker, Censorship, Free Speech & Facebook: Applying the First Amendment to Social Media Platforms Via the Public Function Exception, 15 Wash. J.L. Tech & Arts 36, 39 (2019).

[2] See id. at 39-40.

[3] Id. at 42.

[4] Id.

[5] Id.

[6] Id. at 55.

[7] 47 U.S.C § 230(c)(1).

[8] Reddit Child Porn Suit Escape Under Section 230 Affirmed (1), Bloomberg law (Oct. 24, 2022, 3:35 PM), https://news.bloomberglaw.com/tech-and-telecom-law/reddits-section-230-escape-from-sex-trafficking-claims-affirmed.

[9] See Does v. Reddit, Inc., 2022 U.S. App. Lexis 29510, 3 (9^th Cir. 2022).

[10] Id. at 4.

[11] Id.

[12] Id. at 4-5.

[13] Id. at 5-6.

[14] 18 U.S.C. §1595.

[15] Reddit, Inc., 2022 U.S. App. Lexis at 6.

[16] Bloomberg Law, supra note 8.

[17] Id.

[18] Reddit, Inc., 2022 U.S. App. Lexis at 7.

[19] Id. at 9.

[20] Bloomberg Law, supra note 8.

[21] Reddit, Inc., 2022 U.S. App. Lexis at 12.

[22] Id. at 20

[23] Id.

[24] Id. at 21

[25] Jessy R. Nations, Revenge Porn and Narrowing the CDA: Litigating a Web-Based Tort in Washington, 12 Wash. J.L. Tech. & Arts. 189, 200 (2017).

[26]See Id. at 192-195.

[27] Id. at 200.

[28] Id. at 209.

Image source: https://www.politico.com/magazine/story/2015/06/the-truth-about-the-effort-to-end-sex-trafficking-118600/

 

 

 

 

 

 

 

 

 

 

By Sophie Deignan

 

 

The quick growth of social media in our society has opened the door to various different platforms for people to broadcast their personal lives on for the general public. The benefits or drawbacks of communicating on social media for many takes on an individualistic approach. There is no one size fits all. In contrast, within the legal community, lawyers’ use of social media in their work has become a point of contention, raising various ethical concerns.[1]

Recently in the Matter of Robertelli,[2] the New Jersey Supreme Court held that disciplinary charges brought against John Robertelli failed to show, by clear and convincing evidence, that Robertelli had violated the Rules of Professional Conduct (“RPC”) when his paralegal “friended” the opposing counsel’s client on Facebook.[3] The cause of action against Robertelli began in 2007 when he was working on a personal injury lawsuit, defending the Borough of Oakland and the Oakland Police Department.[4] As part of his investigation into the alleged injury brought by the plaintiff, Dennis Hernandez, Robertelli asked his paralegal, Valentina Cordoba, to research Hernandez online for routine, background information.[5] While researching Hernandez, Cordoba became friends with him on his private Facebook page and messaged him that he looked like one of her favorite hockey players.[6] There was no further communication between the two, but Cordoba did download a video of Hernandez wrestling with friends after his alleged injury.[7] She presented the video to Robertelli who in turn, deposed Hernandez and shared the video with Hernandez’s attorney.[8] Opposing counsel then accused Robertelli of violating RPC 4.2 by communicating with his client via Facebook without his consent.[9]

In response, Robertelli argued that the video downloaded from Hernandez’s Facebook page was public but that admittedly, he did not know what it meant to be “friends” on Facebook or the distinction between private and public pages.[10] Over the next decade, the ethical charges brought against Robertelli were reviewed by the Office of Attorney Ethics (“OAE”), and a Special Master was appointed by the Court to investigate the charges.[11] In 2021, the court was unconvinced that the OAE had established clear and convincing evidence that Robertelli had violated RPC 4.2.[12] The crux of the issue was that in 2008, Facebook, and most forms of social media, were still in their infancy, and overall familiarity with such platforms was not as mainstream as it is now perceived.[13] The court’s holding in Robertelli’s case carves a very narrow loophole in that while it acknowledges that ignorance is not a defense, it was quite conceivable that the nuances of Facebook, at that time, would not have been understood by most individuals.[14]

It is highly unlikely that with the advent of Instagram, Twitter, TickTock, Snapchat, or any one of the other various social media platforms, a court would now find that ignorance concerning social media is still a plausible defense. In its closing words, the Robertelli court stated, “Lawyers must educate themselves about commonly used forms of social media to avoid the scenario that arose in this case. The defense of ignorance will not be a safe haven.”[15] Social media may exist for many to use in their individual capacity, but for lawyers, general rules on ethics are adapting and will continue to adapt to try and keep up with the times. Clear rules surrounding the use of social media will be something to look for in the future, in addition to an emphasis on lawyers proactively educating themselves on social media use.

 

 

 

 

[1] Marina Wilson, Social Media, Media Interactions, and Legal Ethics, Justia (July 6, 2022), https://onward.justia.com/social-media-media-interactions-and-legal-ethics/.

[2] Matter of Robertelli, No. 084373, 258 A.3d 1059 (N.J. Sept. 21, 2021).

[3] N.J. Ct. R. Pro. Conduct r. 4.2 (2022) (“…a lawyer shall not communicate about the subject of the representation with a person the lawyer knows, or by the exercise of reasonable diligence should know, to be represented by another lawyer…”); see Robertelli, 258 A.3d 1059, at 1075.

[4] Robertelli, 258 A.3d 1059, at 1063.

[5] Id.

[6] Id. at 1066.

[7] Id. at 1062

[8] Id.

[9] Robertelli, 258 A.3d 1059, at 1063

[10] Id. at 1066 (arguing that he, Robertelli, never authorized or knew that his paralegal messaged Hernandez on Facebook).

[11] Id. at 1074.

[12] Id. at 1075.

[13] Id.

[14] Robertelli, 258 A.3d 1059, at 1075.

[15] Id. at 1074.

 

Image Source: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQQWsdrxjiwbpcYXoWaVeFKoSFOkX8Hgrh0gA&usqp=CAU

By Samuel Rosen

 

 

Since launching in 2008, Spotify has become a game-changer for music fans around the globe. To this day, Spotify has amassed upwards of 188 million subscribers across 183 markets, making it the most popular music streaming platform in the world.^[1] But how exactly does Spotify have permission to do all of this? Spotify gains access to catalogs of millions of songs using two types of licenses, (1) sound recording license agreements and (2) musical composition license agreements.^[2] Sound recording license agreements cover the rights to the recording of the song itself.[3] When getting these licenses, Spotify deals with the following three juggernauts of the recording industry: (1) Universal Music Group, (2) Sony Music Entertainment Group, and (3) Warner Music Group.[4] There are also smaller groups to cover digital recordings from independent labels.^[5]

However, it gets a bit more complicated regarding composition licenses. There are two components to composition licenses that Spotify needs to secure and pay out to stream music on its platform.^[6] These are mechanical royalties and performance rights.^[7] Mechanical royalties are paid to the owner of the composition copyright. In a relatively new development, mechanical royalties are mainly distributed through The Mechanical Licensing Collective. This was established pursuant to the passage of the Music Modernization Act of 2018.^[8] Since its formation, the Mechanical Licensing Collective has been heralded as a success, distributing almost $700 million in royalties to various rights holders.^[9] Performance royalties are paid to songwriters and publishers when music is performed or played publicly, such as in a bar, restaurant, baseball stadium, or on Spotify.^[10] These royalties are usually paid out through organizations such as the American Society of Composers, Authors, and Publishers (ASCAP). These groups license songs to be played publicly and then distribute the royalties to their members.^[11]

If you are confused, you are not alone, and unsurprisingly, the various complex processes involved in licensing have yielded litigation over the years. A prime example of this comes from a 2018 lawsuit for copyright infringement filed by Wixen Music Publishing.^[12] While not one of the big three music publishing companies listed above, the complaint notes that “Wixen administers more than 50,000 songs written and/or owned by its more than 2,000 clients, including songs by some of the most popular and acclaimed musical artists of the last 100 years.”^[13] The complaint further states, “Spotify has repeatedly failed to obtain necessary statutory, or “mechanical,” licenses to reproduce and/or distribute musical compositions on its service. Consequently, while Spotify has become a multibillion dollar company, songwriters and their publishers, such as Wixen, have not been able to fairly and rightfully share in Spotify’s success, as Spotify has in many cases used their music without a license and without compensation.”^[14] Specifically to Wixen, it alleged that Spotify failed to gain the appropriate licenses to certain songs it owns and that the licensing agency that Spotify had used to attempt to gain the proper licenses was “ill-equipped” to do so.^[15] The lawsuit ended up settling for an undisclosed sum.^[16] While the Music Modernization Act helped streamline royalty payouts and mitigate some of the issues in the Wixen suit, the complexities of licensing schemes still leave room for future litigation over rights and payout schemes.^[17]

 

 

 

^[1] About Spotify, Spotify, https://newsroom.spotify.com/company-info/ (last visited Oct 26, 2022).

^[2] Michelle Castillo, Spotify IPO filing reveals how insanely complicated it is to license music rights, CNBC, https://www.cnbc.com/2018/02/28/how-spotify-licenses-and-pays-for-music-rights.html.

[3] Id.

[4] Id.

^[5] Id.

^[6] Id.

^[7] Id.

^[8] Dale Kawashima, Kris Ahrend Interview – CEO of The Mechanical Licensing Collective, Songwriter Universe (Mar. 24, 2022), http://www.songwriteruniverse.com/kris-ahrend-the-mlc-interview-2022.htm.

^[9] Ashley King, MLC Says Nearly $700MM In Royalties Distributed to Members, Digital Music News (Oct. 24, 2022), https://www.digitalmusicnews.com/2022/10/24/mlc-royalties-distributed-to-date-2022.

^[10] Mechanical Royalties vs. Performance Royalties: What’s the Difference?, Royalty Exchange (Jan. 31, 2019), https://www.royaltyexchange.com/blog/mechanical-and-performance-royalties-whats-the-difference

^[11] About ASCAP, ASCAP, http://www.ascap.com/about-us (last visited Oct 25, 2022).

^[12] Complaint at *1, Wixen Music Publishing Inc., v. Spotify USA Inc, No. 2:17-cv-09288, 2017 WL 6663826 (C.D.Cal. Dec. 29, 2017).

^[13] Id. at *4.

^[14] Id. at *1.

^[15] Id. at *7.

^[16] Amy X. Wang, Spotify Settles Its $1.6 Billion Publishing Lawsuit, Rolling Stone (Dec. 20, 2018), https://www.rollingstone.com/pro/news/spotify-settles-its-1-6-billion-publishing-lawsuit-771557.

^[17] See Andrew Flanagan, New Music Law Expedites A $1.6 Billion Lawsuit Against Spotify, NPR (Jan. 3, 2018), https://www.npr.org/sections/therecord/2018/01/03/575368674/sweeping-new-music-law-expedites-a-1-6-billion-lawsuit-against-spotify (describing how the music modernization act, which at the time was not yet in effect, will create a central database that identifies which songwriter and/or publishers are entitled to royalties.)

 

 

Image Source: https://images.complex.com/complex/images/c_crop,h_1063,w_1890,x_13,y_284/c_fill,f_auto,g_center,w_1200/fl_lossy,pg_1/fdrkedcwuz1hbrlzoa7y/spotify-getty-nurphoto

By Payton Miles

 

 

Picture this. It’s mid-December, and you’re atop a snowy mountain in Vail, Colorado awaiting your next downhill battle. The lifts are closing soon, which means it is time for a hot chocolate back at the lodge to warm you up. But you are in no rush today, all thanks to your new Columbia Sportswear jacket, equipped with its patented Omni-Heat thermal reflective material.

Columbia Sportswear Company, founded in 1938, is one of the largest outdoor and active lifestyle apparel and footwear companies in the world.[1] With competitors like Patagonia and North Face, Columbia prides itself on having the most affordable and innovative technology, such as their Omni-Heat material.[2] Its success in the marketplace has opened the door to potential infringers. One such infringer is Seirus Innovative Accessories, Inc. In 2015, Columbia brought suit against Seirus, claiming that Seirus’s HeatWave products infringed its design patent drawn to the ornamental design of its Omni-Heat reflective material.[3]

The district court granted summary judgment for Columbia Sportswear, deciding that Seirus’s HeatWave products infringed Columbia’s design patent.[4] The standard for determining whether a design patent has been infringed is the “ordinary observer” test.[5] Essentially, if one design copies a particular feature of another in a way that would deceive an ordinary observer into thinking they were the same, then the first patented design is infringed by the other.[6] The district court used the ordinary observer test and also relied on a previous case, L.A. Gear, Inc. v. Thom McAn Shoe Co., in which it was decided that logos should be “wholly disregarded” in a design infringement analysis.[7] L.A. Gear created the long-standing precedent that infringers should not be able to escape liability for design patent infringement by simply adding a logo to a copied design.[8] Contrary to this precedent, Seirus argued that there were “substantial and significant differences between the two designs,” namely that Seirus’s waves were interrupted by the use of their logo and were of different orientation, spacing, and size as compared to Columbia’s waves.[9] The district court ultimately agreed with Columbia’s argument that the two designs would be essentially the same without Seirus’s logo.[10]

In 2019, Seirus appealed, and the Federal Circuit reversed and remanded the district court’s grant of summary judgment.[11] Unlike in L.A. Gear, the Federal Circuit, in this case, gave more weight to logo placement and determined that all factors can be used to determine the overall visual impression to the ordinary observer.[12]

The Federal Circuit’s decision shredded the precedent that L.A. Gear established, muddying the waters between design patent and trademark law. Design patent law is meant to protect “the non-functional aspects of an ornamental design displayed in a patent.”[13] A trademark is “any word, phrase, symbol, design, or a combination of these things” that is used in conjunction with a product to establish that the product is associated with a certain brand/company.[14] But if a logo can be protected as a non-functional part of a design that an ordinary observer is evaluating, why would trademark protection also be needed? This decision has the possibility of closing the door on a large area of trademark law. And it also has the possibility of limiting which design patents actually get protection from infringers. The addition of a logo to a design patent defeats the purpose of the ordinary observer test that has been characteristic of design patent law. If logos are a contributing factor in distinguishing between two design patents, then an ordinary observer will attribute the dissimilarities to the logo each and every time, regardless of what the underlying products actually are.

On remand in August 2021, a jury determined that Seirus’s design did not infringe Columbia’s design patent.[15] The fear now is that the Federal Circuit’s decision will allow for endless infringement if a logo is given weight in such cases. If the ordinary observer cannot differentiate the two underlying designs, to begin with, then the logo should not be the way around infringement. Further clarity from courts on logo placement within design patents will be necessary in future cases to protect these two separate areas of intellectual property.

 

 

 

 

[1] A Diversified Revenue Base, Columbia Sportswear Co. (2022), https://investor.columbia.com/company-information.

[2] Columbia Sportswear Competitors, Comparably (2022), https://www.comparably.com/companies/columbia-sportswear/competitors.

[3] See Columbia Sportswear N. Am., Inc. v. Seirus Innovative Accessories, Inc., 942 F.3d 1119, 1122–23 (Fed. Cir. 2019).

[4] Id. at 1122.

[5] Id. at 1129.

[6] Id.

[7] Id. at 1131.

[8] See Columbia Sportswear, 942 F.3d at 1131.

[9] Id. at 1130.

[10] Id.

[11] Id. at 1128–29, 1133.

[12] Id. at 1131.

[13] Design Patent, Legal Info. Inst. (July 2020), https://www.law.cornell.edu/wex/design_patent.

[14] What is a Trademark?, USPTO (June 13, 2022), https://www.uspto.gov/trademarks/basics/what-trademark.

[15] Gregory A. Castanias et al., When Trademarks and Design Patents Intersect: Making Waves in Columbia v. Seirus, Jones Day (August 2021), https://www.jonesday.com/en/insights/2021/08/when-trademarks-and-design-patents-intersect-making-waves-in-columbia-v-seirus.

 

Image Source: https://www.columbia.com/how-to-choose-a-ski-jacket.html

By W. Kyle Resurreccion

 

 

I. Introduction

In response to the COVID-19 pandemic, governments and healthcare systems worldwide sough the widespread adoption of digital health technologies.[1] This phenomenon has led to the development of various apps for contract tracing, social distancing, and quarantine enforcement, as well as the creation of artificial intelligence (AI) and machine learning algorithms to analyze the large datasets used and produced by these apps.[2] While arguably beneficial, these new tools come with potential harms that must be understood in order to facilitate their effective use and implementation in both public and private health systems.[3]

II. Risks of Digital Health Technologies

Data breaches in the healthcare industry are prolific. Of the 5,212 confirmed breaches included in Verizon’s report on global data breaches, 571 occurred in healthcare, making it the third highest industry for total number of breaches, just behind finance (690) and professional services (681).[4] Furthermore, according to IBM’s report, healthcare is also the costliest industry for data breaches.[5] The average total cost of a breach in healthcare in 2022 is USD 10.10 million, which is more than twice as costly as a breach in any industry (USD 4.35 million) or a breach in any critical infrastructure (USD 4.82 million).[6] Data breaches in healthcare also harm the individual right to privacy.[7] In 2018, Anthem, one of the largest health insurance companies in the United States, agreed to pay USD 16 million to the U.S. Department of Health and Human Services to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) after the largest health data breach in the nation’s history.[8] The breach exposed the protected health information of 79 million people to hackers who stole names, social security numbers, addresses, dates of birth, and employment information, among other private electronic data.[9]

Digital health technologies also carry the risk of bias due to the AI and machine learning algorithms used in automated processes.[10] Since machine learning models are powered by data, biases can be encoded via the datasets from which the algorithm is derived or through the modeling choices made by the programmer.[11] This can compound the bias problem in healthcare where, for instance, the gender and race of participants in randomized clinical trials for new medical treatments are often not representative of the population that ultimately receives the treatment.[12] For example, in one study, an AI was built using hospital notes of ICU patients.[13] The AI was later used to predict the mortality of patients in the intensive care unit (ICU) based on their gender, race, and type of insurance (insurance was used as a proxy for socioeconomic status).[14] The results of the study showed differences in the AI’s prediction accuracy for mortality based on gender and type of insurance, which is a sign of bias.[15] A difference based on race was also observed, but this finding may have been confounded since the original dataset was racially imbalanced to begin with.[16]

Discrimination in the accessibility of digital health technologies is also an immediate concern. This is especially relevant considering many nations are transitioning to a “digital by default” or “digital by choice” model for providing welfare, which in reality are “digital only” in practice.[17] The United Nations report on extreme poverty and human rights emphasized how the lack of digital literacy and access to reliable internet connection can contribute to the inequality in accessing digital technologies.[18] This issue occurs in both the global North and global South.[19] For example, in the wealthy nation of the United Kingdom, 4.1 million adults (8% of the population) are offline, with almost half of them coming from low-income households and almost half being under the age of 60.[20] Failure to address these gaps can result in exacerbated inequalities where underserved and vulnerable populations cannot receive healthcare due to the inability to access and use digital health technologies.[21]

III. International Rights Framework to Mitigate Risks

Guidance for governments to mitigate the concerns brought by digital health technologies can be found in the ethics-based approach derived from a framework of international human rights most relevant in the context of this issue.[22] These are the rights to health, nondiscrimination, benefit from scientific progress, and privacy.[23] The international right to health is particularly critical, being enshrined in both international and domestic laws, with over 100 national constitutions guaranteeing this right to individuals.[24]

In pursuing this ethics-based approach, the United Nations Educational, Scientific and Cultural Organization (UNESCO) published its recommendation on the ethics of artificial intelligence, which aims to guide stakeholders in making AIs work for the good of humanity and to prevent harm.[25] The recommendation lists values and principles for the proper creation and implementation of AIs and specifically includes the principles of non-discrimination, safety and security, privacy, transparency, and accountability among its other provisions.[26]

Additionally, frameworks such as those established by the African Union (AU), Asia-Pacific Economic Cooperation (APEC), European Union (EU), and other regional organizations are also helpful in providing guidance for how to best regulate personal data ethically.[27] These regional frameworks enshrine a common set of positive rights: (1) the right to be informed about what data are and are not collected, (2) right to access stored data, (3) right to rectification, (4) right to erasure (or the “right to be forgotten”), (5) right to restriction of procession, (6) right to be notified, (7) right to data portability, (8) right to object, and (9) other rights related to automated decision-making and profiling.[28]

This approach based on ethics and international human rights also envisions a pathway for holding private companies accountable for how they use, implement, and offer digital health technologies. Through a resolution, the Human Rights Council of the United Nations endorsed non-binding guidelines which would place upon private companies the obligation to respect international human rights independently of nations and governments.[29] This responsibility would require businesses to avoid causing or contributing to adverse human rights impacts through their own activities and to address such impacts when they occur.[30]

IV. Conclusion

The risks of digital technologies are real and immediate. However, to halt this progress out of fear would rob us of the extensive benefits these tools can offer, especially to our health and wellbeing. The intersection of digital technologies and the right to health is an inevitable development in the growth and progress of humanity. As with any tool, the onus is on the user to ensure that these advances continue to benefit our goal of being healthy. We must also ensure that these tools enable others to pursue the same goal and are regulated in their license to intrude into the most private and intimate parts of our lives. In this fast-evolving field, laws based on core human rights are needed to ensure our progress does not turn these tools into weapons that can be used to divide and harm us.

 

 

 

[1] Nina Sun et al., Human Rights and Digital Health Technologies, 22 Health & Hum. Rts. J., no. 2, Dec. 2020, at 21, 22.

[2] Id.

[3] Id. at 23.

[4] Gabriel Basset et al., Verizon, Data Breach Investigations Report 50 (2022).

[5] IBM, Cost of a Data Breach Report 11 (2022).

[6] Id. at 5, 11 (“critical infrastructure” means financial services, technology, energy, transportation, communication, healthcare, education and the public sector industries).

[7] Sun et al., supra note 1, at 23.

[8] Off. for Civ. Rts., Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History (2020).

[9] Id.

[10] Sun et al., supra note 1, at 23.

[11] Irene Y. Chen et al., Can AI Help Reduce Disparities in General Medical and Mental Health, 21 AMA J. Ethics, no. 2, Feb. 2019, at E167, 168; James Zou & Londa Schiebinger, Comment, AI Can Be Sexist and Racist – It’s Time to Make It Fair, 559 Nature 324, 325 (2018).

[12] Chen et al., supra note 11, at 167.

[13] Id. at 169.

[14] Id. at 167, 171, 175.

[15] Id.

[16] Id. at 169, 173, 175.

[17] Philip Alston (Special Rapporteur on Extreme Poverty and Human Rights), Extreme Poverty and Human Rights, U.N. Doc. A/74/493, at 15 (Oct. 11, 2019).

[18] Id.

[19] Id.

[20] Id. at 16

[21] Sun et al, supra note 1, at 25.

[22] Chen et al., supra note 11, at 24.

[23] Id. at 24-26.

[24] G.A. Res. 217 (III) A, Universal Declaration of Human Rights, art. 25(1) (Dec. 10, 1948) (“Everyone has the right to a standard of living adequate for the health and well-being of himself and of his family . . . .”); Rebecca Dittrich et al., The International Right to Health: What Does It Mean in Legal Practice and How Can It Affect Priority Setting for Universal Health Coverage?, 2 Health and Sys. Reform, no. 1, Jan. 2016, at 23, 24.

[25] U.N. Educ., Sci. & Cultural Org. (UNESCO), Recommendation on the Ethics of Artificial Intelligence, U.N. Doc. SHS/BIO/PI/2021/1 (Nov. 23, 2021).

[26] Id. at 7-10.

[27] Sun et al, supra note 1, at 27.

[28] Id.

[29] John Ruggie (Special Representative of the Secretary-General on Human Rights and Transnational Corporations and Other Business Enterprises), annex, Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework, U.N. Doc. A/HRC/17/31, at 13 (Mar. 21, 2011); G.A. Res. 17/4, ¶ 1 (July 6, 2011) (endorsing the guiding principles).

[30] Ruggie, supra 28, at 14.

 

Image Source: https://www.thelancet.com/cms/attachment/e936ef82-9641-4796-9760-81d386e465a9/fx1.jpg

 

By Peter Leasure, J.D., Ph.D.*

 

 

Several have proposed blockchain-based criminal record databases or discussed their potential benefits, including the National Center for State Courts.[1][2] These authors generally point to several benefits of utilizing blockchain-based criminal record databases including decentralization and immutability.[3] Generally speaking, decentralization means that data is stored on multiple interconnected nodes and that a failure or breach of a single node (or even perhaps multiple nodes) will not compromise the data. Immutability (often referred to as the append-only feature) means that once data is on a specific block of a blockchain, it cannot be reversed, changed, or deleted. The focus of this piece is on immutability.

While true immutability may seem like an attractive feature of a blockchain-based criminal record database, many jurisdictions within the U.S. have laws that allow for the sealing or expungement of one’s criminal history.[4] Sealing generally means that the record is ordered to be hidden from public view and expungement generally means that the record is ordered to be destroyed. With true immutability, records on a blockchain could not be removed from public view or destroyed. A new block could certainly be added to the blockchain noting that the previous record is no longer valid; however, this approach defeats the overall purpose of record sealing and expungement. Therefore, because of sealing and expungement laws, a truly immutable blockchain-based criminal record database may not be the best approach.

Relatedly, while some have stated that issues of manual data entry and quality control could be alleviated using blockchain technology (largely because there would be a single immutable database for all criminal justice partners to amend),[5] it is difficult to imagine how blockchain technology could meaningfully reduce data entry errors or reduce the need for quality control in practice. Each occurrence of arrest, court processing, and potential post-sentence processing would still need to be manually entered by criminal justice personnel (it is difficult to imagine an error-proof artificial intelligence mechanism), and manual entry is always subject to error and in need of quality control and additional alterations. Here again, the need for a mutable blockchain-based criminal record database is reinforced.

Interestingly, some have recognized the issues of immutability noted above and have presented or discussed methods to erase or delete information contained in blockchains.[6] Nonetheless, any alterations to previous blocks would still need consensus from participants in the network,[7] and consensus could be more difficult on a public blockchain.[8] Given these points, a hybrid, private, or consortium blockchain may be best suited for a blockchain-based criminal record database. In summary, while blockchain technology does present some interesting features, jurisdictions should thoroughly examine the potential costs, benefits, and practical impacts of implementing a blockchain-based criminal record database and weigh those factors against the features of other types of databases.

 

 

 

 

* Peter Leasure is a Senior Research Associate at the Drug Enforcement and Policy Center, Moritz College of Law, The Ohio State University.

[1] Maisha Afrida Tasnim et al., CRAB: Blockchain Based Criminal Record Management System, in Security, Privacy, and Anonymity in Computation, Communication, and Storage 294, 294-303 (Guojun Wang, Jinjun Chen, & Laurence T. Yang eds., 2018); Aditya Vijaykumar Singh et al., A Criminal Record Keeper System using Blockchain, in 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI) 840 (2022); Aastha Jain et al., Blockchain-Based Criminal Record Database Management, 2021 Asian Conference on Innovation in Technology, 1-5 (ASIANCON) (2021); Alejandro Tomás Dini et al., Analysis of implementing blockchain technology to the argentinian criminal records information system, in 2018 Congreso Argentino de Ciencias de la Informática y Desarrollos de Investigación, 1-3 (CACIDI) (2018); Merritt Francis, Blockchain as Best Practice: The Benefits of the Criminal Justice System Implementing Blockchain Technology, Richmond Journal of Law and Technology (2022), https://jolt.richmond.edu/2022/01/06/blockchain-as-best-practice-the-benefits-of-the-criminal-justice-system-implementing-blockchain-technology (last visited Oct 13, 2022); Paul Embley, When Might Blockchain Appear in Your Court?, Trends in State Court, 28-34, (2018).

[2] It is important to point out that some mistakenly identify Satoshi Nakamoto (the name used by the person or group of people that published the Bitcoin whitepaper) and Bitcoin as the origin of blockchain technology (see Francis, 2022 noted above). However, papers discussing what would later be termed blockchain technology were published much earlier; See Stuart Haber & W. Scott Stornetta, How to Time-Stamp a Digital Document, in Advances in Cryptology, 437-455 (Alfred J. Menezes & Scott A. Vanstone eds., 1991); Dave Bayer, Stuart Haber & W. Scott Stornetta, Improving the Efficiency and Reliability of Digital Time-Stamping, in Sequences II 329 (Renato Capocelli, Alfredo De Santis, & Ugo Vaccaro eds., 1993), http://link.springer.com/10.1007/978-1-4613-9323-8_24 (last visited Oct 13, 2022).

[3] Praveen Jayachandran, The difference between public and private blockchain, IBM Supply Chain and Blockchain Blog (2017), https://www.ibm.com/blogs/blockchain/2017/05/the-difference-between-public-and-private-blockchain/ (last visited Oct 13, 2022) (It is important to note that immutability is a feature of both public and private blockchain a public blockchain. With a public blockchain, anyone is allowed to participate in the network. With a private blockchain, only invited entities are allowed to participate in the network. Participation can mean many things, but generally means validating the authenticity of blocks to be added to the blockchain. There can also be hybrid blockchains (a mix of public and private) and consortium blockchains (private but multiple organizations participate)); See Omar Dib et al., Consortium Blockchains: Overview, Applications and Challenges, International Journal On Advances in Telecommunications, 51-64, (2018); Henry M. Kim et al., Permissionless and Permissioned, Technology-Focused and Business Needs-Driven: Understanding the Hybrid Opportunity in Blockchain Through a Case Study of Insolar, 69 IEEE Transactions on Engineering Management 776 (2022).

[4] Eviction Record Expungement Can Remove Barriers to Stable Housing, Center for American Progress, https://www.americanprogress.org/article/eviction-record-expungement-can-remove-barriers-stable-housing (last visited Oct 13, 2022) (Noting that some jurisdictions allow or may allow for sealing or expungements of civil actions such as evictions).

[5] Merritt Francis, Blockchain as Best Practice: The Benefits of the Criminal Justice System Implementing Blockchain Technology, Richmond Journal of Law and Technology (2022), https://jolt.richmond.edu/2022/01/06/blockchain-as-best-practice-the-benefits-of-the-criminal-justice-system-implementing-blockchain-technology (last visited Oct 13, 2022).

[6] Martin Florian et al., Erasing Data from Blockchain Nodes, in 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) 367 (2019); Peter Hillmann et al., Selective Deletion in a Blockchain, arXiv e-prints (2021), https://ui.adsabs.harvard.edu/abs/2021arXiv210105495H (last visited Oct 13, 2022); Eugenia Politou et al., Blockchain Mutability: Challenges and Proposed Solutions, 9 IEEE Transactions on Emerging Topics in Computing 1972 (2021); Arthur Carvalho et al., When good blocks go bad: Managing unwanted blockchain data, 57 International Journal of Information Management 102263 (2021); See Jing Chen & Silvio Micali, Algorand: A secure and efficient distributed ledger, 777 Theoretical Computer Science 155 (2019) (noting that blockchains with a lower probability of forking may have advantages over those with higher probabilities of forking).

[7] Bahareh Lashkari & Petr Musilek, A Comprehensive Review of Blockchain Consensus Mechanisms, 9 IEEE Access 43620 (2021) (discussing various consensus mechanisms).

[8] Martin Florian et al., Erasing Data from Blockchain Nodes367 (2019), https://www.computer.org/csdl/proceedings-article/euros&pw/2019/302600a367/1cJ7azLFB0A (last visited Oct 13, 2022).

 

Image Source: https://www.purdueglobal.edu/blog/criminal-justice/growing-role-technology-criminal-justice/

By: Haley Magel

 

 

We have smartphones, smart TVs, smartwatches, and now even smart contracts. For those who don’t already know, a smart contract is a self-executing contract with the terms of the contract between buyer and seller being directly written into lines of code.[1]  The code and the contract contained in the code exist across a distributed, decentralized blockchain network.[2]  Blockchain is the technology underlying the cryptocurrency Bitcoin.[3]  Blockchain is open and transparent for all to see, and the record is intended to be permanent and immutable.[4]  Smart contracts permit transactions to be carried out without the need for a central authority, legal system, or external enforcement mechanism.[5]  Because smart contracts are envisioned as potentially limiting the need for external enforcement of legal agreements, they are seen as making business transactions cheaper, quicker, and more efficient.[6]

This all sounds abstract, so let’s turn to an example to help structure the sequence of events.  An insurance company promises farmer Bob, in return for a monthly payment, a lump sum in the event the temperature exceeds 100 degrees for more than five days straight during the term of the agreement.[7]  The insurance company and Bob translate the provisions into software code, making sufficient funds available to fulfill their side of the agreement and digitally sign it.[8]  Bob’s payments would automatically be deducted each month and credited to the insurance company’s account, while the smart contract would also be checking the high temperature on Weather.com each day.[9]  If the temperature exceeded 100 degrees for six days, the lump sum payment from the insurance company would be transferred to Bob’s account, and the smart contract would terminate.[10]

Smart contracts sound like they could be extremely useful in that they are self-enforcing and circumvent the need for judicial enforcement, but there are of course shortfalls to be analyzed.[11]  When there is contractual litigation, courts give great deference to longstanding principles such as good faith efforts, estoppel, or partial performance.[12]  However, those principles will be impossible to apply to an executed smart contract since the content is irreversible.[13]  The content is considered irreversible because the central idea of the smart contract is for parties to receive the predetermined outcome without altering the terms.[14]  Further, business people will rarely want performance and enforcement of contracts to be automatic because circumstances change in unpredictable ways.[15]  In practice, counterparties tend to only resort to the literal language in their contracts after the relationship between the parties has broken down.[16]

While the efficiency possible with smart contracts is attractive, there is still much to be fleshed out with how contract law would apply to smart contracts and whether the two can be reconciled as is or whether new law would be needed to regulate smart contracts.

 

 

 

 

 

[1] Jake Frankenfield, What are Smart Contracts on the Blockchain and How They Work, Investopedia (Mar. 24, 2022), https://www.investopedia.com/terms/s/smart-contracts.asp.

[2] Id.

[3] Id.

[4] Reggie O’Shields, Smart Contracts: Legal Agreements for the Blockchain, 21 N.C. Banking Inst. 177, 180 (2017).

[5] Frankenfield, supra note 1.

[6] O’Shields, supra note 4, at 178.

[7] Kevin Werbach & Nicolas Cornell, Contracts Ex Machina, 67 Duke L.J. 313, 331 (2017).

[8] Id.

[9] Id.

[10] Id.

[11] See generally O’Shields, supra note 4, at 185-93.

[12] Rakhil Kalantarova, The Ongoing Speculation About Smart Contracts: Smart Enough to Replace Third Party Arbitrators, or Is “Smart” Just A Misnomer?, 21 Cardozo J. Conflict Resol. 551, 567 (2020).

[13] Id.

[14] Id.

[15] Francesco Mazzotta, Sense, Sensibility and Smart Contracts: A View from a Contract Lawyer, 49 UCC L.J. 2 (2020).

[16] Id.

 

Image Source: https://blockgeeks.com/wp-content/uploads/2016/10/What-are-Smart-Contracts_.png.webp

By Paige Hastings

 

 

With the rise of awareness in data privacy there has been increased trepidation surrounding what personal information companies access and how they use it.[1] While it may seem as though the public disfavors cell phone apps and technology companies tracking locations and capitalizing off user data, the issue may not be so clear cut.[2]

Sensors in phones correlate with data from GPS satellites to create detailed user location information.[3] This information enables the use of maps and other features, but companies can also access the data.[4] Companies engage with consumers based on information received from this data, such as by streamlining relevant advertisements.[5] The government can also request the user data for geofence warrants.[6]

A geofence is a virtual perimeter around a specific physical location.[7] Created with the mapping software in phones, a geofence can detect movement inside its boundary.[8] When the government serves a geofence warrant on a company like Google, it requests information on “all users who were within” the specified area at the specified time.[9] This allows the government if granted the warrant, to focus on a given location and find an unknown suspect, so long as that person had a phone.[10] Initially, the data received is anonymous, but after narrowing down which users the government believes are relevant to the investigation, it can compel identifying information, including the name and email address associated with the accounts.[11]

An example of a geofence used in practice occurred right here in Richmond, Virginia. In United States v. Chatrie, data received from a geofence warrant allowed the Government to find the defendant and ultimately hold him accountable.[12] Call Federal Credit Union was the site of a bank robbery in May of 2019, and law enforcement was having trouble locating the suspect.[13] Since security footage showed the suspect on his cell phone when he first entered the bank, law enforcement requested a geofence warrant.[14] The warrant granted by the Chesterfield Magistrate drew a geofence with a 150-meter radius surrounding the bank at the time of the robbery.[15] The data received included the information of nineteen users, the suspect, and eighteen bystanders.[16] Law enforcement then de-anonymized the device identifications of three users believed to be relevant to the investigation by requesting the information from Google.[17]  The specific information allowed the Government to track the locations of the three individuals and ultimately implicated Chatrie.[18] Chatrie was later indicted and found guilty.[19]

Geofence warrants and similar consumer data use raises serious concerns for privacy rights. As the Court in Chatrie noted, geofence data endangers the rights granted by the Fourth Amendment’s protection against unreasonable searches and seizures.[20] In Chatrie, the Court determined that the geofence warrant was invalid because it was overly broad and lacked probable cause to search all nineteen individuals found within the geofence.[21] However, the evidence the warrant discovered was allowed because of a good faith exception that protects warrants reasonably believed lawful by law enforcement.[22] Demonstrating that even wrongly employed account and location data can be accessed and utilized.

Notably, the Court did not rule out geofence warrants entirely, it just required them to be more particularized with respect to the users it “searches.”[23] Although this could make it more difficult for geofence warrants to be used in the future, they remain a legal tool. Even though the Court found the geofence warrant to be a violation of the defendant’s Fourth Amendment rights, they permitted the evidence and law enforcement’s overall intrusive activity.[24] Future implications of how the government may take advantage of user data remain unclear, but cases such as Chatrie should put consumers on notice that location and account information is available and can be accessed by the government.[25]

 

 

 

[1] See Nina Burleigh, Americans Demanded Freedom From Tracking during Covid, and Then Grabbed Their Phones, nbc news (July 2, 2021, 11:35am), https://www.nbcnews.com/think/opinion/americans-demanded-freedom-tracking-during-covid-then-grabbed-their-phones-ncna1273007.

[2]See also Nathan Wessler, The U.S. Government is Secretly Using Cell Phone Location Data to Track Us. We’re Suing., aclu: news & commentary (Dec. 2, 2020), https://www.aclu.org/news/immigrants-rights/the-u-s-government-is-secretly-using-cell-phone-location-data-to-track-us-were-suing.

[3] David Nield, All the Sensors in Your Smartphone, and How They Work, gizmodo

(June 29, 2020, 10:38 AM), https://gizmodo.com/all-the-sensors-in-your-smartphone-and

-how-they-work-1797121002.

[4] Privacy & Terms: How Google Uses Location Information, https://policies

.google.com/technologies/location-data?hl=en-US (last visited Oct. 3, 2022).

[5] Id.

[6] A. Reed McLeod, Geofence Warrants: Geolocating the Fourth Amendment, 30 William & Mary Bill of Rights J. 531, 532 (2021).

[7] Verizon connect: what is a geofence?, https://www.verizonconnect.com/glossary/what-is-a-geofence/ (last visited Oct. 3, 2022).

[8] Id.

[9] United States v. Chatrie, No. 3:18cr130, 2022 U.S. Dist. LEXIS 38227, at *22 (E.D. Va. Mar. 3, 2022).

[10] Id. at *60.

[11] Id. at *25-30.

[12] Id. at *22, *82-84.

[13] Id. at *31.

[14] Chatrie, 2022 U.S. Dist LEXIS 38227, at *30.

[15] Id. at *33.

[16] Id. at *37-41.

[17] Id.

[18] Id.

[19] Chatrie, 2022 U.S. Dist LEXIS 38227, at *82-84.

[20] U.S. Const. amend. IV.

[21] Chatrie, 2022 U.S. Dist LEXIS 38227, at *54.

[22] Id. at *72-83.

[23] Id. at *83.

[24] Id.

[25] See A. Reed McLeod supra note 6 at 564-65.

Image Source:https://www.filecloud.com/blog/2020/11/geo-fencing-in-data-governance-and-its-possible-uses/#.Yz8Aa3bMK38

By Madison Edenfield

 

 

Since the beginning of Covid in 2020, sex toy sales have skyrocketed. [1] Teledildonics, a category of sex toys that can be used remotely, became particularly popular during lockdown. ^[2] These remote sex toys are controlled by an app and transmit data through Bluetooth.[3] This digital upgrade has brought sex toys into the 21st century, and with it a host of new problems. Because of its digital design and weak security, teledildonics are susceptible to hacking which could lead to malicious attacks on users’ intimate data and consent violations. [4]

This article will focus on two issues presented in teledildonics security: protecting data privacy and preventing consent violations. Data privacy will be examined through the Wiretap Act, a federal law that prohibits intercepting electronic communications. [5]  The Wiretap Act was amended in 1986 to “extend data and electronic transmissions the same protection already afforded to oral and wire communications.” [6]  This expansion of the law will be applied to user data collected by remote sex toys.

The Computer Fraud and Abuse Act (CFAA) will examine consent violations via hacked devices. The CFAA prohibits knowingly accessing a computer without authorization or consent and appropriating its contents. [7] There are currently no laws that directly deal with teledildonics, however, the CFAA provides a viable framework to examine security and electronic consent violations.

1. Protecting Data Privacy

The data collected by sex toys is similar to information collected from any other electronic device. This information can include account names, emails, and location. [8] However, teledildonic devices can collect intimidate data like chat logs, who is controlling the device, vibration patterns, and the duration of use. [9] While this might not seem like highly volatile information, when this data is combined, it could easily build a profile on that user and put their privacy at risk. [10] Additionally, teledildonics seem to be riddled with security issues. [11] Security issues raise concerns about a user’s identity being leaked, which could ultimately lead to harassment, loss of professional opportunities, and negative emotional impact. [12] Teledildonics is an exciting advancement in sex technology, but how does it change the meaning of consent, privacy, and security?

In 2019, a class action lawsuit was brought against Hytto Ltd., or Lovense, a company that sells Bluetooth-enabled vibrators that are controlled through an app.[13] The plaintiff, S.D., alleged that Lovense illegally harvested data from its users, thus violating the Wiretap Act. [14] The Wiretap Act prohibits “interceptions of electronic communications.” [15] In this case, S.D.’s data, which included their vibration settings, date and time of use, duration of use, and email address, was stored in the Lovense app and reported back to the company. [16]  The Court ruled that intercepting and storing vibration intensity data falls under the Wiretap Act because vibrations are an extended form of communication between the people operating the app. [17] In sum, electronic communication is broadly defined, and just because vibrations are used to communicate does not change the fact that it is still a communication. [18]

Additionally, in 2018, the SEC Consult found that Vibratissimo sex toys could also be hacked through Bluetooth connection. [19] In this instance, however, Vibratissimo had a social network system where users could communicate and stream their videos. [20] This allowed hackers to not only connect to devices, but also access around 50,000 users’ data, which included images, chat logs, sexual orientation, passwords, and more. [21] Additionally, the Vibratissimo devices had weak Bluetooth security, making it easy for an attacker to take control of a device as long as they were in range. [22] This leads to a disturbing question about consent violations and sexual assault regarding remote sex toys.

2. Preventing Consent Violations

Tech expert Alex Lomas tested whether it was possible to hack and control a Bluetooth-enabled sex toy. [23] In a few minutes, Lomas had located a remote sex toy, hacked into the user’s account, and accessed control over their device.[24] While Lomas didn’t do anything with this access, it is alarming to think that with a few simple clicks, anyone within range could take control of someone’s device without their consent. [25]

According to Shanlon Wu, a former federal sex crimes prosecutor, hacking and controlling someone’s sex toy without their consent signals sexual assault. [26] This aligns with the  Department of Justice’s description of sexual assault, which requires sexual contact or behavior that occurs without the explicit consent of the recipient. [27] Some lawyers, like Stewart Baker, reject the idea that hacking into someone’s sex toy is a sex crime because of the virtual component. [28] Instead, Baker contends that a hacker could potentially be held responsible for a cybercrime under the 1986 Computer Fraud and Abuse Act. [29]  The CFAA prohibits all purposeful, unauthorized access of a computer and appropriating its contents. [30] As mentioned earlier, the data collected by teledildonic devices is similar to information collected from any other electronic device, like a computer. [31] Remote sex toys could likely be viewed as computers, so taking unauthorized control of a device might fall under the CFAA. [32] So, even though the CFAA does not directly address teledildonics, it could potentially establish a framework for prosecuting consent violations via a remote device. [33]

While there is a lack of precedent for teledildonics, the Wiretap Act and the CFAA provide frameworks that could help protect users’ privacy and prevent consent violations. [34] Luckily, as technology evolves and expands, so will our laws. As Congress stated, “the law must advance with the technology to ensure the continued vitality of the Fourth Amendment. If we do not, we will promote the gradual erosion of this precious right.” [35] It is time to contemplate and question what the future of privacy will look like in the age of teledildonics.

 

 

 

[1] Brit Dawson, Guybrators, Joysticks, and Teledildonics: Inside the Sex Tech Revolution, Dazed (Aug. 16, 2022) https://www.dazeddigital.com/life-culture/article/56765/1/guybrators-joysticks-and-teledildonics-inside-the-sex-tech-revolution-toys

[2] Bobby Box, Breaking Into Your Personal Buzzer Isn’t That Hard to Do, Playboy (Nov. 9, 2017) https://www.playboy.com/read/sex-toys-hacked

[3] Id.

[4] Id.

[5] See 18 U.S.C.S. § 2511(1).

[6] Smart v. Home Depot, Inc., No. 21-CV-00153-JSM-PRL, 2021 U.S. Dist. Ct. LEXIS 15653, at *5 (M.D. Fla. May 20, 2021).

[7] See 18 U.S.C.S. § 1030.

[8] Matt Burgess, Smart Dildos and Vibrators Keep Getting Hacked – But Tor Could Be the Answer to Safer Connected Sex, Wired (Mar. 3, 2018, 8:00 AM) https://www.wired.co.uk/article/sex-toy-bluetooth-hacks-security-fix.

[9] Id.

[10] Id.

[11] Shayna Posses, Lovers May Not Be Alone In Using Sex Toy’s Camera, FTC Told, Law360 (Apr. 26, 2017, 6:14 PM) https://www.law360.com/privacy/articles/917596/lovers-may-not-be-alone-in-using-sex-toy-s-camera-ftc-told.

[12] Id.

[13] S.D. v. Hytto Ltd., No. 18-cv-00688-JSW, 2019 U.S. Dist. LEXIS 229909, at *3 (N.D. Cal. May 14, 2019).

[14] Id. at *4.

[15] Id. at *14.

[16] Id. at *4.

[17] Id. at *18-19.

[18] Id. at *18.

[19] Thomas Brewster, ‘Panty Buster’ Toy Left Private Sex Lives of 50,000 Exposed, Forbes (Feb. 1, 2018, 5:50 AM) https://www.forbes.com/sites/thomasbrewster/2018/02/01/vibratissimo-panty-buster-sex-toy-multiple-vulnerabilities/?sh=7baf97aa5a94.

[20] Id.

[21] Id.

[22] Id.

[23] Alex Lomas, Screwdriving: Locating and Exploiting Smart Adult Toys, Pen Test Partners (Sep. 29, 2017) https://www.pentestpartners.com/security-blog/screwdriving-locating-and-exploiting-smart-adult-toys/.

[24] Id.

[25] Id.

[26] See Claire Lampen, If Your Vibrator is Hacked, Is It a Sex Crime?, Gizmodo (Oct. 31, 2017, 2:22 PM) https://gizmodo.com/if-your-vibrator-is-hacked-is-it-a-sex-crime-1820007951.

[27] See Office on Violence Against Women, Sexual Assault, Department of Justice (last visited Sep. 30, 2022) https://www.justice.gov/ovw/sexual-assault.

[28] Lampen, supra note 26.

[29] Id.

[30] 18 U.S.C.S. § 1030.

[31] Burgess supra note 8.

[32] See Lampen, supra note 26.

[33] Id.

[34] Id.

[35] Smart v. Home Depot, Inc., No. 21-CV-00153-JSM-PRL, 2021 U.S. Dist. Ct. LEXIS 15653, at *6 (M.D. Fla. May 20, 2021).

 

Image Source: https://www.them.us/story/sex-toy-technology-future