Santa Clara University

Bookmark and Share

Ethical Issues in the Online World

Welcome to the blog of the Internet Ethics program at the Markkula Center for Applied Ethics, Santa Clara University. Program Director Irina Raicu will be joined by various guests in discussing the ethical issues that arise continuously on the Internet; we hope to host a robust conversation about them, and we look forward to your comments.

The following postings have been filtered by tag identity theft. clear filter
  •  Coverage of the Privacy Crimes Symposium

    Thursday, Oct. 29, 2015

    Note: The author of this blog post, Brent Tuttle, CIPP/US E, is a third-year law student at Santa Clara University’s School of Law; he is pursuing a Privacy Law certificate. This piece first appeared in The Advocate--the law school's student-run newspaper.

    On October 6th, SCU Law’s High Tech Law Institute, the Markkula Center for Applied Ethics, and the Santa Clara District Attorney’s Office hosted the first ever “Privacy Crimes: Definition and Enforcement” half-day conference. The Electronic Frontier Foundation (EFF), the International Association of Privacy Professionals (IAPP), and the Identity Theft Council (ITC) also sponsored the free event. It brought together practitioners, academics, and students to discuss several important questions that both civil and criminal legal professionals face in the digital age.  For example, what is a privacy crime? What is being done to enforce the laws addressing these privacy crimes? Furthermore, how can we balance privacy interests in the criminal justice system? 

    After opening remarks from Santa Clara District Attorney Jeffrey Rosen, Daniel Suvor gave the keynote address. Mr. Suvor is the Chief of Policy to the Attorney General of California, Kamala Harris, and former Senior Director of the Office of Cabinet Affairs at the White House. Mr. Suvor discussed his work with the California Attorney General’s Office and elaborated on the AG’s stance regarding the current state of privacy crimes. 

    Mr. Suvor spoke of the California AG’s efforts to combat cyber-crimes.  He noted that California was the first state to have a data breach notification law, implemented in 2003. Mr. Suvor also discussed a recent settlement between the CA Attorney General and Houzz, Inc. that is the first of its kind in the United States. Among other things, the terms of the settlement require Houzz, Inc. to appoint a Chief Privacy Officer who will oversee the company’s compliance with privacy laws and report privacy concerns to the CEO and/or other senior executives. 

    The California Attorney General has also increased privacy enforcement through the creation of an E-Crime Unit in 2011 to prosecute identity theft, data intrusion, and crimes involving the use of technology. To date, the E-Crime Unit has conducted several investigations involving piracy, shutting down illegal streaming websites, and online counterfeit operations. Mr. Suvor noted a recent area of priority to the Unit: the prosecution of cyber exploitation, commonly known as “revenge porn.” 

    Mr. Suvor clarified that the AG’s Office adamantly believes the term “revenge porn” is a misnomer. The Office takes the position that the term “cyber exploitation” is more appropriate for two reasons.  First, porn is generally created for public consumption, whereas “revenge porn” was not created with a public audience in mind. In addition, the Office does not give any credence to the notion that the publisher of non-consensual porn has any legitimate interest in vengeance or revenge in carrying out such heinous acts. He noted that cyber exploitation is a serious nationwide epidemic and that California law expressly prohibits this conduct under California Penal Code, section 647. To tackle this problem, the Office is collaborating with the private sector. Mr. Suvor reported that Google, Facebook, Twitter, Reddit, and others have since adopted policies that will help victims combat cyber exploitation.

    Following Mr. Suvor’s keynote, Irina Raicu, Director of Internet Ethics at the Markkula Center for Applied Ethics, moderated a panel titled “What Is a Privacy Crime?” The well-rounded group of panelists consisted of Hanni Fakhoury, Senior Staff Attorney from the Electronic Frontier Foundation; Tom Flattery, Santa Clara County’s Deputy District Attorney; and Susan Freiwald, a Professor at the University of San Francisco School of Law. 

    Ms. Freiwald opened the panel by acknowledging how hard it is to define a privacy crime. Privacy interests are amorphous. To some, privacy is the right to be left alone. Others seek privacy in their communications, privacy in their autonomy, but depending on the individual, privacy expectations and concerns will vary. However, she drew a sharp distinction in differentiating privacy crimes from torts, because in this respect, the State has an interest in punishing an individual for privacy crimes. 

    Ms. Freiwald also urged the audience that it is important to proceed with caution when defining privacy crimes. For example, Freiwald stressed the consideration of due process. We must ensure that legislation specifies conduct so that people have notice of what exactly is illegal, what the relevant level of culpability is, whether a privacy crime must be subjectively or objectively harmful, and what defenses may be available to those accused. Furthermore, she noted that protecting some from privacy crimes could also conflict with the First Amendment. In this respect, she urged that we find a proper balance between protecting an individual’s privacy while leaving room for freedom of speech and freedom of the press. 

    The co-panelists echoed Ms. Freiwald’s concerns and statements. Deputy District Attorney Tom Flattery shed light on how the Penal Code helps protect privacy, but also recognized that there are gaps that it does not address. While the Penal Code combats matters where one individual does something to harm another individual, it does not address matters Mr. Flattery referred to as “commercial surveillance,” where private companies use deceptive terms of service to invasively collect data on their users. 

    Mr. Flattery went into detail about the common use of the California Penal Code to deal with privacy crimes.  Specifically, section 502 contains anti-hacking provisions that differentiate criminal activity by what an individual does with the data after gaining unauthorized access. For example, if someone merely gained unauthorized access to a social media or email account and did nothing with this data, that person would be subject to Penal Code § 502(c)(7), though first offense is only considered an infraction, in the same vein as a speeding or parking ticket. However, if the individual used the information, then Penal Code § 502(c)(2) elevates the charge to a misdemeanor or felony. Mr. Flattery encouraged the audience to think about what the term “use” means in the context of the Code. Does this code section only apply when an individual uses the information to obtain financial gain, or does sharing this data with a group of friends also constitute a “use”? Mr. Flattery stated that these questions don’t really have “good clean answers,” which leaves citizens without a bright-line rule in a context that will become increasingly more important over time. 

    Another area of concern Mr. Flattery highlighted was the increasing theft of medical IDs and electronic medical records. In these instances, people will go in to a hospital or medical treatment facility and assume the identity of someone else to obtain free healthcare services under a stolen alias. However, as medical records increasingly become electronic, when the victim of this crime comes into the hospital with a legitimate medical emergency, his or her electronic medical record is full of inaccurate medical information. In these cases, the identity theft can be life threatening, as a patient’s record can correctly document that someone under their name received a particular medication two weeks prior, when in fact the actual patient is fatally allergic to such treatment. 

    Mr. Fakhoury brought a unique perspective to the debate, but one that all the panelists were somewhat in agreement on. His takeaway was that when defining and addressing privacy crimes, we “need to chill out a little bit and think these things through.” Rather than adding more legislation, he stressed that we should examine whether or not the current California Penal Code sections could be used to address the problem. Mr. Fakhoury believes that the current penal code could fix at least some of the new problems society is facing with “privacy crimes.” For example, addressing Mr. Flattery’s previous remarks about medical ID theft, Mr. Fakhoury noted that the general identity theft statute is an applicable statutory remedy, so he questioned why we would need another law to handle this problem. Mr. Fakhoury also emphasized the potential issues of adding an abundance of new and unnecessary legislation. New bills could be drafted sloppily or poorly and include ambiguous language that is left for courts to interpret, thereby covering more conduct than was originally intended. 

    Not entirely against new legislation, Mr. Fakhoury urged support for CalECPA, aka SB-178 (which was signed by the Governor late last week). This new law provides citizens with privacy protections against law enforcement. Mr. Fakhoury distinguished this piece of legislation from others that might be quick to criminalize privacy crimes, as he believes it provides law enforcement with tools to get sensitive digital information, but it also protects the public by requiring law enforcement to get a search warrant beforehand. 

    Santa Clara County’s Supervising District Attorney Christine Garcia-Sen moderated the next panel, “What’s Being Done to Enforce Laws Addressing Privacy Crimes?” Attorney Ingo Brauer, Santa Clara County Deputy District Attorney Vishal Bathija, and Erica Johnstone of Ridder, Costa & Johnstone LLP all participated in an hour-long talk that discussed the obstacles and successes practitioners are facing in enforcing privacy crimes. 

    Mr. Bathija highlighted the fact that frequently victims are so embarrassed by these privacy crimes that they are hesitant to shed more light on the humiliating moments with court proceedings and enforcement. He used an example of a sexual assault case where an underage female was exchanging sexually explicit photos with another person. Prior to the case going to trial, the victim realized that the details of her sexual assault would be heard by the jury. Understandably, she vocally expressed her concerns that she didn’t want other people to know that she had been subject to this sexually deviant conduct with the offender.

    Erica Johnstone was quick to point out that a huge difficulty in litigating “revenge porn” or “cyber exploitation,” is the expense of doing so. Many firms cannot accept clients without a retainer fee of $10,000. If the case goes to court, a plaintiff can easily accrue a bill of $25,000, and if the party wants to litigate to get a judgment, the legal bill can easily exceed $100,000. This creates a barrier whereby most victims of cyber exploitation cannot afford to hire a civil litigator. Ms. Johnstone shared her experience of working for pennies on the dollar in order to help victims of these crimes, but stressed how time- and labor-intensive the work was. 

    Ms. Johnstone also pointed out the flawed rationale in using copyright law to combat revenge porn. Unless the victim is also the person who took the picture, the victim has no copyright in the photo. In addition, the non-consensual content often goes viral so quickly that it is impossible to employ copyright takedown notices to effectively tackle this problem. She described one case where a client and her mother spent 500 hours sending Digital Millennium Copyright Act takedown notices to websites. She also spoke on the issue of search results still displaying content that had been taken down, but was pleased to announce that Google and Bing! had altered their practices. These updated policies allow a victim to go straight to search engines and provide them with all URLs where the revenge porn is located, at which point the search engines will automatically de-list all of the links from their query results. Ms. Johnstone also applauded California prosecutors in their enforcement of revenge porn cases and said they were “setting a high bar” that other states have yet to match. 

    As a defense attorney, Ingo Brauer expressed his frustration with the Stored Communications Act, a law that safeguards digital content. He noted that while prosecutors are able to obtain digital content information under the SCA, the law does not provide the same access for all parties, for example defense and civil attorneys. Mr. Brauer stressed that in order for our society to ensure due process, digital content information must be available to both prosecutors and defense attorneys. Failure to provide equal access to digital content information could result in wrongful prosecutions and miscarriages of justice. 

    All three panelists were also adamant about educating others and raising awareness surrounding privacy crimes. In many instances, victims of revenge porn and other similar offenses are not aware of the remedies available to them or are simply too embarrassed to come forward. However, they noted that California offers more legal solutions than most states, both civilly and criminally. Their hope is that as the discussion surrounding privacy crimes becomes more commonplace, the protections afforded to victims will be utilized as well.

    The conference closed out with the panel “Balancing Privacy Interests in the Criminal Justice System.” Santa Clara Superior Court Judge Shelyna V. Brown, SCU Assistant Clinical Professor of Law Seth Flagsberg, and Deputy District Attorney Deborah Hernandez all participated on the panel moderated by SCU Law Professor Ellen Kreitzberg. 

    This area presents a particularly sensitive field as both victims and the accused are entitled to certain privacy rights within the legal system, yet prioritizing or balancing these interests is difficult. For example, Judge Brown stated in a hypothetical sexual assault case where the defense sought psychological records of the victim, she would want to know if the records would have any relevance to the actual defense. She stressed that the privacy rights of the victim must be fairly weighed against the defendant’s right to fully cross-examine and confront his or her accusers. And even if the information is relevant, she noted that often times you must decide whether all of it should be released and whether the information should be released under seal.

    Overall, the Privacy Crimes conference served as an excellent resource for those interested in this expanding field. EFF Senior Staff Attorney Hanni Fakhoury stated, “This was a really well put together event. You have a real diversity of speakers and diversity of perspectives. I think what’s most encouraging is to have representatives from the District Attorney’s Office and the Attorney General’s Office, not only laying out how they see these issues, but being in an audience to hear civil libertarians and defense attorneys discuss their concerns. Having...very robust pictures, I think it’s great for the University and it’s great for the public interest as a whole to hear the competing viewpoints.”  

    Videos, photos, and resources from the event

  •  Privacy Crimes Symposium: A Preview

    Monday, Oct. 5, 2015
    Daniel Suvor

    Tomorrow, Santa Clara University will host a free half-day symposium titled “Privacy Crimes: Definition and Enforcement.” The event is co-sponsored by the Santa Clara District Attorney’s Office, the High Tech Law Institute, and the Markkula Center for Applied Ethics. (Online registration is now closed, but if you’d still like to attend, you can email

    The event will open with remarks from Santa Clara DA Jeff Rosen and a keynote by Daniel Suvor, who is the California attorney general’s current policy advisor. A recent Fusion article detailing the latest efforts to criminalize and prosecute “revenge porn” quotes Suvor, who explains that the attorney general “sees this as the next front in the violence against women category of crime. … She sees it as the 21st century incarnation of domestic violence and assaults against women, now taken online.’”

    The Fusion article also points out that California was “the second state to put a revenge porn law on the books…. In the past two years, 23 other states have followed suit.”

    Of course, revenge porn is not the only crime that impacts privacy, and legislative responses are not the only way to combat such crimes.  The Privacy Crimes symposium will feature panel discussions that will address a broad variety of related questions: How are privacy interests harmed? Why (and when) should we turn to criminal law in response? What types of criminal charges are currently used in the prosecutions that involve such harms? Are current laws sufficiently enforced? Are the current laws working well? Should some laws be changed? Do we need new ones? Are there other ways that would also work (or work better) to minimize privacy harms? Are there better ways to protect competing privacy interests in the criminal justice system?

    We are looking forward to a thought-provoking discussion and many more questions from audience members! And we are grateful to the International Association of Privacy Professionals, the Electronic Frontier Foundation, and the Identity Theft Council for their help in publicizing this event.

  •  Internet Ethics: Fall 2015 Events

    Tuesday, Sep. 1, 2015

    Fall will be here soon, and with it come three MCAE events about three interesting Internet-related ethical (and legal) topics. All of the events are free and open to the public; links to more details and registration forms are included below, so you can register today!

    The first, on September 24, is a talk by Santa Clara Law professor Colleen Chien, who recently returned from her appointment as White House senior advisor for intellectual property and innovation. Chien’s talk, titled “Tech Innovation Policy at the White House: Law and Ethics,” will address several topics—including intellectual property and innovation (especially the efforts toward patent reform); open data and social change; and the call for “innovation for all” (i.e. innovation in education, the problem of connectivity deserts, the need for tech inclusion, and more). Co-sponsored by the High Tech Law Institute, this event is part of our ongoing “IT, Ethics, and Law” lecture series, which recently included presentations on memory, forgiveness, and the “right to be forgotten”; ethical hacking; and the ethics of online price discrimination. (If you would like to be added to our mailing list for future events in this series, please email

    The second, on October 6, is a half-day symposium on privacy law and ethics and the criminal justice system. Co-sponsored by the Santa Clara District Attorney’s office and the High Tech Law Institute, “Privacy Crimes: Definition and Enforcementaims to better define the concept of “privacy crimes,” assess how such crimes are currently being addressed in the criminal justice system, and explore how society might better respond to them—through new laws, different enforcement practices, education, and other strategies. The conference will bring together prosecutors, defense attorneys, judges, academics, and victims’ advocates to discuss three main questions: What is a “privacy crime”? What’s being done to enforce laws that address such crimes? And how should we balance the privacy interests of the people involved in the criminal justice system? The keynote speaker will be Daniel Suvor, chief of policy for California’s Attorney General Kamala Harris. (This event will qualify for 3.5 hours of California MCLE, as well as IAPP continuing education credit; registration is required.)

    Finally, on October 29 the Center will host Antonio Casilli, associate professor of digital humanities at Telecom Paris Tech. In his talk, titled “How Can Somebody Be A Troll?,” Casilli will ask some provocative questions about the line between actual online trolls and, as he puts it, “rightfully upset Internet users trying to defend their opinions.” In the process, he will discuss the arguments of a new generation of authors and scholars who are challenging the view that trolling is a deviant behavior or the manifestation of perverse personalities; such writers argue that trolling reproduces anthropological archetypes; highlights the intersections of different Internet subcultures; and interconnects discourses around class, race, and gender.

    Each of the talks and panels will conclude with question-and-answer periods. We hope to see you this fall and look forward to your input!

    (And please spread the word to any other folks you think might be interested.)


  •  Internet Access Is a Privilege

    Sunday, Apr. 21, 2013

    What would our lives be like if we no longer had access to the Internet?  How much good would we lose?  How much harm would we be spared?  Is Internet access a right?  These days, whether or not we think of access to it as a right, many of us take the Internet for granted.  In this brief video, Apple co-founder A. C. "Mike" Markkula Jr. looks at the big picture, argues that Internet use is a privilege, and considers ways to minimize some of the harms associated with it, while fully appreciating its benefits.

    In an op-ed published in the New York Times last year, Vint Cerf (who is often described as one of the "fathers of the Internet" and is currently a vice president and chief Internet evangelist for Google) argued along similar lines:

    "As we seek to advance the state of the art in technology and its use in society, [engineers] must be conscious of our civil responsibilities in addition to our engineering expertise.  Improving the Internet is just one means, albeit an important one, by which to improve the human condition. It must be done with an appreciation for the civil and human rights that deserve protection--without pretending that access itself is such a right."