Attorney Carrie Goldberg recently tweet-ranted (if that’s a verb) about EFF. I blogged about her tweet thread here, and asked EFF to respond, which they did, here. When I informed Ms Goldberg that I was going to blog about her thread and EFF’s response, Ms Goldberg asked for an opportunity to explain her views more thoughtfully than she had in a Sunday rant. The following is her more detailed response, in full:
I agree that EFF’s efforts to curb governmental surveillance and overreach should be supported. But their coziness with Big Tech means that they can’t honestly say that they fight for victims and the harassed, let alone leading the real revolution. They’re institutionalists, founded mainly by software millionaires, still vying for an internet that’s above the law, while dabbling here and there in stalkerware hobbies, fighting against noncontroversial overseas enemies, and tsktsking in their blog once in a while about Facebook being naughty, but taking no real action of note against tech companies. EFF’s response, highlighting its work against the government, only proves my point: that EFF is fundamentally unwilling to take on Big Tech, rendering its allyship to actual individual users on the internet fundamentally hollow.
On the internet we live in, the disparity between the individual and the all-knowing Big Tech companies is growing every single day. Our data and privacy is bartered and sold second by second. Big Tech knows more about our own self than we do and controls our reputations by controlling our search engine results. The absurd and damaging results are self-evident. We have learned (for example) that Russians spread fake news and created fake accounts to help Donald Trump get elected; Facebook okayed Cambridge Analytica to dupe and spy on us and share data with campaigns; and Facebook refuses to remove video of the Speaker of the House manipulated to make her look drunk and senile. (Get ready for the deepfakes of our 2020 presidential hopefuls to proliferate and distract the country from their policy ideas). Facebook propaganda in Myanmar encouraged genocide. EFF’s focus on governmental overreach is helpful to paint themselves as countercultural rebels fighting for the people against The Man. But EFF has no interest in taking on the
corporations that are a true threat to our democracy and social fabric.
If EFF was truly interested in empowering victims and all of us against the Big Tech crisis, they would fight for the simplest, most obvious, and most elegant solution to Big Tech overreach: for each of us to have the power to hold Big Tech liable. Instead, they ardently support a bloated and outdated law which undermines the rights of the individual against these behemoths, and disincentivizes them from having a commercial interest in keeping their users safe. Section 230, originally supposed to protect platforms from traditional publishing torts like obscenity and defamation, has been interpreted so broadly that it essentially removed the entire tech industry from tort liability. Consequently, founders, funders, or employees have no incentive to design products that won’t be mis-used and/or abused. They suffer no consequences for ignoring their own Terms of Services, or for letting users destroy other users – whether it’s allowing rapists to use their platforms to hunt for a Friday night date, or trolls to dox innocent people. Because of this law, tech is the only industry found to be immune from product liability, which is scary because Big Tech happens to be the most omniscient, omnipotent, and wealthy industry in the history of the world. It knows everything about us and can’t be sued. Tort liability serves a huge social purpose. It’s not just there for people who’ve been injured and want to sue. It’s also there to keep companies in line so they don’t do the greedy unethical shit like Big Tech does. When EFF stands up for platforms’ right to be immune from litigation by users, it sends a very very serious message.
Let’s look at one case where EFF fought to protect Big Tech. In the Herrick v Grindr case, for which I was counsel to the plaintiff, our client’s ex impersonated him on Grindr and sent over 1200 strangers to his home and job for sex. His ex would say our client was into hardcore sex, had rape fantasies. Sometimes he’d say racist things to pick fights or have drugs to sell. Our client’s life was in danger every single day when as many as 23 strangers approached him per day for sex. He’d reported the offender to the police ten times and had an order of protection against him, but nothing stopped the guy. Grindr was literally the only one left who could help our desperate client. And he asked them fifty times, we as his lawyers asked them, his family members created accounts and flagged the impersonating accounts. But Grindr did nothing. They even ignored a court order demanding they exclude this user. When we went to court, their lawyers said Grindr did not have the technical capability to exclude a user. That’s why we sued them for having a defective product. It was foreseeable that their product would be misused this way. Grindr’s competitors, Scruff and Jack’d, were able to exclude our client’s ex who was also using their product – and did. Grindr, cloaked in CDA 230 immunity, claimed it had no duty to its users. EFF filed an amicus brief in support of Grindr, claiming that our case sought to restrict free speech, and painting wild theories about how liability would freeze robust and open forums for speech.
EFF’s argument that potential liability for Grindr meant Big Tech would burden tech with an untenable burden to censor all speech online is a total red herring and continues to willfully evade the role that Big Tech plays, not as content distributors like the AOL message boards of the 1990s, but as active data collectors, advertisers, and panopticons. Arguing that only the individual perpetrator should be liable in Herrick v. Grindr, for example, ignores the fact that Grindr permitted its technology to be weaponized because it knew it had no liability and therefore saw no reason to exercise a reasonable standard of care the rest of us are subject to. Nobody is suing the New York Times for editorial content, but what if it published its paper using poisonous ink?
Real advocates are front and center in breaking up the internet, advocating for big tech to be gutted by anti-trust laws, fighting for laws that stop exploitation of our data, calling on regulators to step up to enforce whatever laws we have, supporting cases challenging Section 230 on product liability grounds, fighting against abuses like revenge porn, deepfakes, fake news. EFF should be front and center in supporting antitrust policies and politicians like Elizabeth Warren who call for reversing the Facebook mergers to spur more competition – like companies with higher privacy standards, ones that might cost but don’t have advertising, ones that don’t barter in user data, and don’t allow deepfakes, or fake news.
But what is EFF really doing to curb the domination of Big Tech? They point to a couple blog posts, an employee hobbyist who rails against uncontroversially bad overseas spyware (and who by the way, recklessly and negligently tweeted about how one of my clients should seek relief from the civil system against his extraordinarily dangerous retaliatory, judgment-proof, mentally ill, obsessive stalker. This was in criticism of our path to justice against the negligent tech company that facilitated our client’s injury). In the right direction, they point to a couple blogs supporting S. B. 561 – an amazing law that empowers individuals to sue for their privacy violations. However, though this very same year, EFF successfully fought against bills that address major ills of the internet S.B. 1001 to ban bots from social media and S.B. 1424 to mitigate the spread of fake news.
Regarding the cy pres settlements: obviously, there’s nothing inherently wrong with settlement funds being routed toward appropriate nonprofits. But when the victims get basically nothing, it’s a problem, especially where EFF has only illusory commitment to the cause at issue. Let’s take Fraley v Facebook. EFF reports receiving $846,771 in cy pres money in 2017 from this settlement. That lawsuit resulted form Facebook fraudulently permitting their advertisers to incorporate users’ likeness and images into their ads so that it looked to their friends that they were endorsing the product. Facebook didn’t get user consent and were very excited about this feature. Facebook CEO Mark Zuckerberg pitched the product saying “nothing influences people more than a recommendation from a trusted friend.” COO Sheryl Sandberg said “marketers have always known the best recommendation comes from a friend.” Facebook’s “Guide to the new Facebook Ads Manager” states that advertisements “shown with the names of people’s friends are twice as effective as those without.” A case was brought in CA where Facebook faced $750 per violation. Instead they settled on pennies on the dollars. They first tried to settle it for $10m with most of it going to lawyers and nonprofits like EFF. When that was opposed since it gave nothing to the victims, the settlement rose to $20m. $7.5m would go to attorneys, $12,500 to the named plaintiffs. The court said that if more than 5% of class members sought money, all of it would instead go to cy pres. The settlement was very controversial, with objections filed particularly on behalf of child victims whose images were used by advertisers without parental consent. One of the cardinal rules in cy pres settlements is that if funds are directed to nonprofits, they need to be well-suited. Cy pres settlements funds in this case are misdirected to EFF, which is not in the business of taking extreme action against Big Tech’s privacy violations, demanding Big Tech be held liable by users, or in dealing with corporate conspiracies like this. Even if we believe that EFF is in the business of privacy, the case – as few of Big Tech’s recent scandals have been – was not about privacy breaches, but about deliberate greedy exploitation.
We can’t deny there is a cozy relationship between Big Tech and EFF. Why else wouldn’t they be fighting like hell to protect us? EFF has gotten millions of dollars in settlement dollars. Their 2017 financial reports are the only ones that state which cases they received money in. I don’t know how much of their money gets routed from cy pres from Big Tech breaches or what stocks their millions of dollars in investments are in. EFF will always claim they’re dedicated to privacy. But we can’t leave it at that. There’s more than one type of privacy. There’s “privacy to” and “privacy from.” And we all deserve privacy from big tech. EFF could lead the fight as the rebels they purport to be, but instead watches from the sidelines.
Anyone who would like to comment on any part of this series is welcome to use the Comments section under the posts/segments. If your response is a longer analysis and commentary, feel free to email it to me at [email protected] and I’ll consider posting it as an additional post in the series.
For now, I will not provided any detailed response to the statements by Goldberg or EFF. But I will point out that even people who agree that Section 230 of CDA should be amended or repealed do not necessarily agree with Ms. Goldberg’s statements about EFF. In a paper* discussed at the Privacy Law Scholar’s Conference this past week, there is a statement by Danielle Citron and Jon Penney that is relevant here. With Ms Citron’s permission, I am reproducing it here, sans footnotes:
In January 2015, the esteemed civil liberties group, the Electronic Frontier Foundation (EFF), put its reputation behind efforts to combat cyberharassment. The EFF wrote an article highlighting online harassment as a pressing “digital rights issue.” It was a big deal for a civil liberties group to recognize that speech can silence speech. In our experience, most civil liberties groups resist that argument. The EFF said to the public that cyberharassment was not a small problem that could be ignored. Instead, the EFF made clear that cyberharassment was “profoundly damaging to the free speech and privacy rights of the people targeted.” It was crucial for the public’s understanding of online abuse for a civil liberties organization to contend that online abuse silences people, especially women and minorities, who enjoy “less political or social power.” Such progress has been slow but sure.
* When Law Frees Us to Speak
Danielle Keats Citron & Jonathon W. Penney
University of Maryland Francis King Carey School of Law
Legal Studies Research Paper