I was disgusted to read about the Jason Fortuny sex baiting saga on Dare’s blog.
In short, as reported, “RFJason” posted a personal ad (in which he reportedly misrepresented himself as a promiscuous female), and then posted verbatim every response that was sent in response, including all sorts of personally identifiable information, including photos, phone numbers, email addresses and so on.
Requests to remove the privately-supplied information and pictures were ignored and/or ridiculed, and posted as well. The fear and humiliation caused by this sequence of events is disturbing to say the least.
That is what strikes me as at best, sorely empathically lacking and at worst a sociopathic act. This is someone’s anonymous online identity playing with the formerly-private identity of others. Obviously the individuals that provided their details did so with the expectation that they would be kept private by the recipient. The Lawyers have been engaged.
Dare’s question was how Craigslist was going to respond, but it got me thinking about what sanctions are possible against an online sociopath like Fortuny. From Craigslist’s perspective, what can actually be done?
This highlights one of the key problems with social software. When you build software that enables people to interact with strangers, you run the risk of people interacting with strangers who aren’t so nice.
It’s a seemingly-tough problem to solve: Does a click-through “I Agree” privacy policy page provide a legally enforceable contract for scammers? If they sign up with an identity other than their real-world identity, how is that then enforceable? Must we require non-anonymity for all, to provide protection for other users’ anonymity?
Hopefully Craigslist have some legal recourse, but let’s go one step further: what could any individual do in the event that another individual – either known to them or not – chose to expose personally identifiable information that had been obtained in a private interaction?
I’m not a lawyer. It strikes me that control and exposure of personally identifiable information by one entity to another could or should be protected by law. Communications that aren’t explicitly tagged as “forwardable without restriction” might be assumed to be private and confidential.
Business and government entities in Australia are covered by Privacy legislation (summary of Australian privacy legislation history), so why not individuals? (or are they?)
In the meantime, a) keep it in your pants, and b) if you’re going to post it somewhere, at least post it with a fake gmail account.
Update: Wired picked it up, and it looks like it might actually be illegal. Good.