Richmond Journal of Law and Technology

By: John Danyluk, Associate Notes & Comments Editor

It is uncertain exactly how much information Facebook has about its users.  The social media giant not only has all of the content uploaded by its 1.35 billion users, it has the information that could be obtained from the staggering 100 billion friendships among those users.  So just how secure is this massive amount of private data, and what would the legal consequences be if a breach occurred?

Facebook suffered one such breach in June 2013.[1]  Although the impact of this particular breach turned out to be relatively minor, it signaled a larger problem for protecting personal data on the internet.  The glitch that occurred in 2013 exposed email addresses and personal phone numbers for contacts even if that data was not visible on Facebook itself.[2]  Although Facebook corrected the problem within twenty-four hours, over six million users had their sensitive personal data exposed.[3]  For these six million individuals, their reasonable expectation of privacy was infringed upon when sensitive details that were not shared on their public profile were not protected.[4]

A data breach not only puts Facebook at significant risk of a public relations nightmare, but it also may result in regulatory investigations from the FTC and civil liability to its users for negligence.[5]  But Facebook would not be left without recourse, as it could institute civil actions under the Computer Fraud and Abuse Act and the Stored Communications Act (among other laws) against the perpetrators.[6]  Additionally, the federal government would likely step in to enforce the criminal provisions of these acts as well.[7]

How can companies like Facebook, who are trusted with sensitive data, prevent data exposure in the future?  In sum, these companies must have “strong security configuration management all the way from the servers through the applications and the user permissions assigned to the data.”[8]  Users of these websites can help themselves as well, by minimizing the number of companies and apps that have access to their personal data.[9]  By taking the time to understand privacy controls and removing apps that the user no longer uses, the threat of one’s privacy being invaded through a data breach can be curtailed.

[1] Tony Bradley, Facebook Breach Highlights Data Security’s “Weakest Link” Syndrome, PCWorld, available at http://www.pcworld.com/article/2043042/facebook-breach-highlights-data-securitys-weakest-link-syndrome.html.

[2] Id.

[3] Id.

[4] Id.

[5] Evan Brown, Six Interesting Technology Issues Raised in the Facebook IPO, Internetcases, available at http://blog.internetcases.com/2012/02/01/6-interesting-technology-law-issues-raised-in-the-facebook-ipo/.

[6] Id.

[7] Id.

[8] Id.

[9] Id.

By: Bradford Schulz, Associate Staff

Drugs.  Guns.  Trafficking.  Human trafficking is the third-largest criminal enterprise in the world.[1]  Specifically, sex trafficking is the fastest-growing enterprise in the world.[2]  It is estimated that 60% of all human trafficking victims were trafficked for sexual purposes, and the FBI has reported that cases of sex trafficking involving children are increasing.[3]  In fact, it is estimated by the State Department that a third of teens, 150,000 annually, who run away from home are trafficked within 48 hours.[4]  “Lisa” (fictional name for J.S. in State v. Hopson) was one of these children who ran away from home and got caught up in sex trafficking.[5]

In March 2010, a 15-year old Lisa left home so that she could “find herself.”  In an effort to make enough money to drive to California, Lisa prostituted herself out for Mr. Hopson.[6]  Hopson taught Lisa how to handle payments, how to check if a customer was a police officer, and how to avoid identification.[7]  In addition, Hopson posted daily advertisements on “backpage.com” which often showed Lisa posing on pool tables.[8]  Backpage.com has developed a nationwide online reputation as a sex prostitution marketplace.[9]

In September 2010, a 13-year old “Briana” (fictional name for S.L.) ran away from home and was picked up by traffickers.[10]  The sex traffickers dressed Briana in lingerie, took photos of her, and posted her advertisements on backpage.com.  It is a similar story for “Tasha” (fictional name for L.C.) who also had photographs of her taken while wearing skimpy clothing, and was featured in online advertisements.[11]  All girls were prostituted and raped via online advertisement brokering.

Backpage.com is an online marketplace (i.e. Craigslist), that also includes “escort” sections that solicit advertising of escort services.  The website is organized by geographic locations to help filter searchers to nearby services.  It is argued that backpage.com uses the term “escort” in order to provide listings of prostitution and sex trafficking sale advertisements with some deniability.[12]  Backpage.com provides posting rules and lists content requirements that prohibit the use of profanity, graphic images, or the collaboration of illegal services and trafficking.  However, a trial court noted that almost every advertisement post in the “escort” section violates backpage.com’s posting and content rules.[13]  In an effort to minimize child sex trafficking, the three victims are attempting to shut down backpage.com because it hosted their pimps’ escort solicitation.

Backpage.com argues that its website is protected by free speech and § 230 of the Communications Decency Act.[14]  The CDA was written to protect internet sites, such as Google, Wikipedia, Twitter, Youtube, and Craigslist, from liability of content posted by third parties.  The statute states that “[n]o provider or user of an interactive computer service shall be treated as the publisher of any information provided by another information content provider.”[15]  So the question is, does CDA § 230 immunize websites from liability for third-party content even though “the unlawful nature of information provided is not enough to make it the [website’s] own speech.”[16]  Backpage.com is more than allowing third-party flagrant free speech on its website; it is arguably facilitating the pimping of under age children.  The real question is not whether Backpage.com is protected by free speech but whether their actions go beyond speech.  This issue is up for consideration by the Supreme Court of Washington State.[17]

In addition to litigation, groups focused on stopping child sex trafficking have established the Human Exploitation Rescue Operative (HERO) Child-Rescue Corps.  HERO is a program developed by the U.S. Immigration and Customs Enforcement (ICE) to provide wounded special operations forces training in computer forensics and law enforcement.[18]  The goal of HERO is to incorporate special op wounded soldiers into the law enforcement effort to stop online child sex trafficking by supplementing their skill set with computer forensic training (“image and process digital media,… assisting investigators in identifying “high-value targets and locate child victims”).[19]  By utilizing their military training, coupled with advanced computer forensics, ICE hopes that the HERO operatives will be able to help track down victims and help prosecute child sex traffickers.

Technology in various forms is at the forefront of the child sex trafficking issue.
Just as technology and online websites streamline “escort” business, so too will technology help facilitate the prosecution of child sex traffickers.

[1] The UN Refuge Agency, Conference puts focus on Human Trafficking, fastest Growing Criminal Industry, (Oct. 11, 2010), http://www.unhcr.org/4cb315c96.html.

[2] FBI Law Enforcement Bulletin: Human Sex Trafficking, Mar. 2011, http://www.fbi.gov/statsservices/publications/law-enforcementbulletin/march_2011/human sex trafficking.

[3] United Nations Office on Drugs and Crime, Global Report on Trafficking in Persons at 35 (2012); Traff1ckinR in Persons Report, 2013 U.S. Dep’t of State Ann. Rep. 382-83.

[4] Online and Anonyrnous: New Challenges to Prosecuting Sex Trafficking (NPR radio broadcast Aug. 3, 2013), (available at http://npr.org/templates/transcript/transcript.php?storyld=208664066 (“Online and Anonymous”)).

[5] State v. Hopson, 170 Wash. App. 1012 (2012).

[6] Id.

[7] Id

[8] Id.

[9] Id.

[10] Brief of Respondents, Village Voice Media Holdings, L.L.C. and Backpage.com v. J.S., S.L., and L.C., No. 90510-0, Supreme Court of the State of Washington.

[11] Id.

[12] Id.

[13] Verbatim Report of Proceedings, 49: 14- 50: 12.

[14] 47 U.S.C. § 230.

[15] 47 U.S.C. § 230(c)(1).

[16] Universal Commc ‘n Sys., Inc. v. Lycos, Inc., 478 F.3d 413, 420 (1st Cir. 2007).

[17] Brief of Petitioners, Village Voice Media Holdings, L.L.C. and Backpage.com v. J.S., S.L., and L.C., No. 90510-0, Supreme Court of the State of Washington.

[18] U.S. Immigration and Customs Enforcement, HERO Child-Rescue Corps Program, http://www.ice.gov/hero.

[19] Id.