Persona Parameters in the Age of Reality Stars and YouTube Celebrities

The privacy tort of “persona rights” often manifests as an appropriation issue. Someone has value in their personhood that is wrongfully exploited by another and is the tortfeasor is liable for a violation of privacy. As technology evolves and categories, like “fame”, that were more clearly demarcated in previous decades become muddled, it remains to be answered whether laws be able to adequately morph in order to accommodate society’s changing sensibilities. This post will examine the current law, societal changes, and recent examples of this phenomenon in an effort to paint this landscape in broad strokes. 

Over the last ten years or so, technology has democratized public speaking platforms. In the past, significant resources were needed to gain access to wide audiences. Today, however, the internet and television have made these audiences much more accessible to common people. While many use this opportunity to advocate for social justice or to educate, some have sought to capitalize on their celebrity aspirations. With the increased numbers of reality television stars and YouTube celebrities, it has become harder and harder to ascertain where celebrity ends and popularity begins. It is therefore equally hard to assess whether an internet sensation has the kind of value/property right that persona rights originally aimed to protect. 

This particular privacy action is designed to safeguard the right of the individual to exclusively use his identity for benefit. While the case law on this matter is jurisdiction specific, courts have held that just because you are not a “celebrity” does not mean that your identity has no commercial value. Courts have held that commercial value can lie within a specific group of people even if not within the public at large. Similarly, a defense to a charge of (mis)appropriation of someone’s identity, is a claim that the plaintiff is not a celebrity and therefore has no verifiable worth in their identity. 

The tensions discussed above get to the heart of this post. If you do not need to be a “celebrity”, can a quasi-celebrity count? How large of  a group is necessary in order for there to be commercial value? Is a YouTube following significant? What about those members of reality television casts who enjoy a brief stint on a popular season of survivor? What counts as proof for commercial value? 

Recently, reality television “star” turned business mogul, Kim Kardashian, settled a law suit against Old Navy for allegedly using a lookalike in their ad campaign which violated Kardashian’s publicity rights. While Kim may demand big bank for her stamp of approval on a clothing retailer’s threads, other reality tv stars may not be so highly thought of. Perhaps the best approach to this is to examine whether the misappropriated use either would have earned the plaintiff money if they had used their identity in that way or whether they generally engaged in that kind of commercial use of their identity.    

One Step Forward and Two Steps Back: Possible Changes to CISPA and ECPA on the Horizon

So I am not sure if anyone is still checking out the blog at this point, but since I finally have a minute, I thought that I would post the last couple of articles I found before the semester officially ends. The first one is interesting because it covers how portions of CISPA would create corporate immunity for certain acts of information gathering that would, as of now, mean that they could be held responsible for various torts and statutory violations. What is interesting about this, perhaps more so than the unsurprising notion that corporations would want to immunize themselves from liability as much as possible, is the fact that CISPA would use such loosely defined language in order to define “cyber security threats.”

I find it interesting that, with all the debate over ECPA and its antiquated definitions/application, a bill being proposed in 2013 still suffers from many of the same problems. The exemption seems to leave it up to the company to determine what is, or is not, a cyber security threat. Obviously, this version of the bill did not pass, but this seems to be a troubling pattern in recent arguments over bills like CISPA and SOPA, which use broad terms that would sweep in far too much information, which is troubling for propoenents of internet privacy, and would make obtaining any sort of damages against corporations for information based harms even more difficult than they are now. The article can be found here: http://motherboard.vice.com/blog/cispas-immunity-provision-would-allow-corporate-hacking

The second article I am including is one about some of the proposed changes to ECPA. ECPA has been consistently criticized as being antequated and out of date in terms of its application to modern technology and understanding of advances in notions of privacy and communication as far as things like internet and email go. In particular, the Stored Communications Act portion seems particularly out of date insofar as it fails to protect information and methods of communication that are arguably as important today as landlines were twenty years ago (after all, how many of you guys still have landlines?).

This amendment to ECPA would require disclosure by law enforcement when an individuals email has been accessed as a result of a warrant. Though there are two exceptions (national security “gag order,” and when it would tip off a subject) it seems like a step in the right direction for privacy. After all, unlike when the police come to your door to search your house, many people are unaware of not only what data they consistently send out to the world, but also of whether a search has even taken place. This would at least serve to make such searches more visible. The article can be found here: http://www.zdnet.com/plans-to-end-warrantless-email-searches-pass-senate-committee-7000014527/

Anyways, for those of you still reading (hey Professor!) I hope you have a good summer! I hope you find these articles as interesting as I did, and congratulations to the 3L’s among us. 

Undeleted Snapchat Photos – Privacy Scandal, or Ho-Hum?

If you were intrigued by this blog's previous post about Snapchat, you may recall that it described the preferred teenage sexting application (150 Million photos uploaded per day, a few of which may not be sexually explicit or potentially incriminating) as a system that “allows the user to send photos to friends that automatically delete after a specified period of time.” While the post went on to speculate about how the application might leave a “digital trail,” and how this evidence might be discovered for litigation, the presumption seemed to be that the images were, in fact, deleted from both user devices and Snapchat's servers after they had been viewed.

Well, earlier this week, digital forensics firm Decipher Forensics announced its discovery that the photographs are not permanently deleted from users' phones, and that they can be retrieved, at least from Android devices, by anyone who has 'root' access to the phones. Although most users do not intentionally root or jailbreak their phones, this discovery presents a substantial concern for those who do, or whose devices are compromised by malware or other surveillance or forensic tools. The allure of Snapchat is that images sent via the service are supposed to be ephemeral, and the company promotes this as the key advantage of the application, stating: “[t]hey'll have that long to view your message and then it disappears forever.” But that sentence is immediately followed by the disclaimer “We'll let you know if they take a screenshot!” Does this constitute an enforceable promise that the messages will be permanently deleted, or does it plainly disclaim perfect confidentiality by warning users that Snapchat does not guarantee that the images will not be retained by their recipients?

The question is complicated by several factors. First, it is not clear from media reports whether the images are “deleted” by the operating system, as the company suggests they are, or merely renamed with a “.NOMEDIA” file extension that prevents users from accessing the images via the Android user interface. What is clear is that the images are not encrypted, and that they are not securely deleted, or “wiped,” from user devices after they expire. These technical differences reflect a spectrum of meanings of “deleted,” ranging from the least secure, in which a hypothetical application might retain all messages but exclude them from the user interface of the application so that they “disappear” from the user's perspective but remain accessible to digital experts, to the most secure, in which messages are encrypted at the endpoint devices using a nonce or one-time pad, and both the encrypted image data and the keys are securely deleted after a single use.


While there is no perfectly secure solution, surely, enforcement of privacy promises must reflect the common interpretation of those promises, not merely the porous, technical interpretations that service providers might prefer. Snapchat makes it clear that message recipients can “capture” images by taking screenshots while the images are being viewed, but this seems to suggest that it is the only way that the images can be retained, and that Snapchat will notify users if their images are retained in this manner. In fact, the images are easily accessible to anyone with either an advanced understanding of file storage or money to spend on file-retrieval applications and services. While this might not surprise many people in our privacy class, do you think that the company has misled ordinary consumers about the security and confidentiality of messages that they send via the service, or do Snapchat users have ample notice and knowledge of the risks of sending images to third parties? Can a carefully-crafted privacy policy cure any potentially misleading statements made in other, more user-accessible contexts? Do the following screenshots from the Google Play store affect your opinion?

Snapchat application description.

Snapchat users also viewed and installed...

Privacy in 2031

In case anyone hasn't seen it yet, I thought I would point out this xckd comic:

mouseover: "2031: Google defends the swiveling roof-mounted scanning electron microscopes on its Street View cars, saying they 'don't reveal anything that couldn't be seen by any pedestrian scanning your house with an electron microscope.'" 

I thought this comic was particularly interesting, since in many ways it seems like privacy is a diminishing concern in the United States. This article by CNN questions whether 20 years from now, anyone will care about online privacy at all. Because many of the most popular websites are offered for free and paid through by advertising, the author suggests that within our lifetimes privacy is likely to become a thing of the past. Indeed, a few years ago, Mark Zuckerberg even publicly announced that he believes privacy is no longer a social norm. From that point of view, the proposition that people would object to xkcd's imagined Google Earth of 2031 is questionable.

Still, I'm not convinced that society will let privacy go without a fight. Recently, Senator Jay Rockefeller of West Virginia stated that he will be introducing legislation this year to force advertisers to honor "Do Not Track" requests. Similarly, the White House released a Consumer Privacy Bill of Rights in February of this year. While this document does not have any legal effect at the moment, it is notable because it gives an official voice to privacy advocates, and opens the door for future legislation to prevent abuses of personal information. If nothing else, this document reinforces the importance of the FTC's role in ensuring consumers know how their information will be treated, whether or not privacy remains a social norm.