A Blaze of Glory? The legal history behind flag burning as free speech

A Blaze of Glory? The legal history behind flag burning as free speech

Happy July 4th!  Perhaps nothing else symbolises America’s Independence Day quite like the American flag, also known as “Old Glory.” So what better day to consider the fascinating legal history which surrounds burning the American flag in protest?

This is my second blog post dedicated to exploring important United States Supreme Court cases on free speech. The first post, Regulating the Raunchycovered the basics of free speech protected by the First Amendment, together with the regulation of pornography under Miller v. California (1973). This post covers the history of flag protection in the United States, and the cultural shifts that led to Texas v. Johnson (1989).

Screenshot 2019-07-03 at 09.04.55

Unrest followed by Unity: the Revolutionary War and Civil War

Adopted on 14 June 1777, the American flag represents an incredibly wide variety of concepts, sentiments, and political positions. For many in the United States and abroad, the flag symbolizes normatively “good” things in Western culture, such as democracy, freedom, liberty, and self determination.

When considering why the American flag is such a potent symbol, it might be helpful to consider that the U.S. Civil War (1861-1865) not only revived that patriotic attachment to the flag, but expanded and intensified it, fostering a spirit of reverence and devotion (National Museum of American History). By the late 1800’s, flag protection movements had swept across the country in reaction to perceived commercial misappropriation on the one hand, and politically motivated abuse of the flag on the other. 

By 1932, each State had adopted some form of flag protection legislation, which prohibited “publicly mutilating, trampling, defacing, defiling, defying or casting contempt, either by words or by act, upon the flag” (emphasis added).

The Vietnam War was a watershed moment for political protests.

Following the Second World War, American prosperity and patriotism boomed. But by the 1960’s however, the counterculture movement began, marked by widespread revolution against established norms and conventions. In particular, the increasing unpopularity of the Vietnam war led many to question the infallibility of American foreign policy. After American bombing campaigns against North Vietnam intensified in 1965, small uprisings of peace activists and intellectuals on university campuses soon gained national prominence.

Anti-Vietnam war demonstrators burn the flag in Central Park, 1967.

1984: Counterculture against Ronald Reagan.

The Youth International Party or “Yippies” were one such offshoot of the countercultural revolutionaries of the free speech and anti-war movements of the 1960s. During the 1984 Republican National Convention in Dallas, Texas, the Yippies and like-minded groups protested against President Reagan, including his administration’s involvement in Grenada and Nicaragua.

Dozens of protesters were arrested, including Gregory Lee Johnson, whose participation during the protests involved the burning of an American flag. “We wanted to do as much as possible to puncture the whole chauvinistic, Rambo-istic atmosphere around that convention,”  Johnson later recalled.

Johnson was therefore charged with violating Texas Penal Code 42.09(a)(3), which prevented the desecration of a venerated object, including the American flag, if such action were likely to incite anger or offense in others. Johnson was initially sentenced to one year in jail, and assessed a $2,000 fine. After a series of appeals, the case was brought before the Supreme Court for final adjudication in 1989.

The decision and legal reasoning behind Texas v Johnson

In a 5-4 decision, the Supreme Court held that Johnson’s conviction for flag desecration was inconsistent with the First Amendment, which states inter alia that “Congress shall make no law abridging the freedom of speech.” Of course, the act of burning something is not written or spoken speech (also known as “pure speech”). So how can burning the flag possibly be construed as speech protected by the First Amendment?

The Court held that where the medium or conduct itself is the message, it is a special form of protected speech, known as “symbolic speech.” Put differently, symbolic speech is a nonverbal communication that takes the form of an action, in order to communicate a specific belief or position. 

To be considered symbolic speech, the action in question must be a form of expressive conduct. This requires: (1) that the individual intended to communicate a message, and (2) that the audience was likely to understand the communication.

Screenshot 2019-07-03 at 15.49.22.png
Joey Johnson (left) and his lawyer, William M. Kunstler – a civil rights activist known for his politically unpopular clients

The Supreme Court agreed that Johnson burned an American flag as a political demonstration that coincided the Republican party’s renomination of Ronald Reagan for President. The expressive, overtly political nature of Johnson’s action was both intentional and overwhelmingly apparent. At his trial, Johnson explained that he burned the flag because “a more powerful statement of symbolic speech, whether you agree with it or not, couldn’t have been made at that time.”

The Court found that Texas’ focus on the precise nature of Johnson’s expression violated the principle that the government may not prohibit expression simply because it disagrees with its message. This core doctrine of American free speech is not dependent on the particular mode or method in which one chooses to express an idea.

The judgment concluded with what I consider to be a particularly powerful point made by Justice Brennan:

We are fortified in today’s conclusion by our conviction that forbidding criminal punishment for conduct such as Johnson’s will not endanger the special role played by our flag or the feelings it inspires. The flag’s deservedly cherished place in our community will be strengthened, not weakened, by our holding today. Our decision is a reaffirmation of the principles of freedom and inclusiveness that the flag best reflects, and of the conviction that our toleration of criticism such as Johnson’s is a sign and source of our strength.

The Impact of the Supreme Court’s decision. 

It is important to note that the Supreme Court however did not say that the government was prohibited from regulating symbolic speech. State legislatures can indeed constrict symbolic speech, provided that the law both: (1) reflects an important interest unrelated to suppressing the actual message (i.e., the law prohibits the non-communicative aspects of the act in question) and (2) is narrowly tailored to that substantial government interest. 

Because flag protection statutes in 48 of the 50 States did not meet this test, the decision in Texas v Johnson effectively invalidated those laws.

johnson
Gregory “Joey” Johnson holds a flag, June 1989. (AP Photo/David Canto via the Smithsonian)

Lingering controversy

Although Texas v Johnson was decided 30 years ago, public sentiment regarding the treatment of the US flag remain controversial as ever.

Shortly after his election in 2016, President Donald Trump tweeted that “Nobody should be allowed to burn the American flag – if they do, there must be consequences – perhaps loss of citizenship or year in jail!” And only two weeks ago (15 June 2019) Trump tweeted that he was “All in for Senator Steve Daines as he proposes an Amendment for a strong BAN on burning our American Flag. A no brainer!”

While it is true that burning the flag is seen by many as provocative and disrespectful, the right to do so in certain circumstances is protected by settled law. As Justice Brennan said: “We do not consecrate the flag by punishing its desecration, for in doing so we dilute the freedom that this cherished emblem represents.” On that final note, if you happen to see an American flag on this 4th of July, spare a thought for its special role in shaping and reaffirming our rights of free speech!

Regulating the Raunchy? A look at free speech and obscenity under Miller v. California

Regulating the Raunchy? A look at free speech and obscenity under Miller v. California

One of the most interesting aspects of being a technology lawyer is that it necessarily requires a strong understanding of Internet regulation and digital rights, including the right to express yourself online.  As such, free speech is one of my favourite areas of legal history and theory.  Coincidentally, two major US Supreme Court cases regarding free speech were decided on this day —  21 June!

This post takes a look at one of them: Miller v. California [1973].  In a later post, I’ll explore a second landmark free speech case decided on 21 June: Texas v. Johnson [1989].

The Constitution in Court.  

Most people know that the First Amendment of the US Constitution protects freedom of speech. However, it’s actually a bit more complicated than many would guess. In its entirety, the First Amendment says:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Putting the aspects regarding religion, assembly, and petitions to one side, what this Amendment essentially does is prohibit the government from prohibiting freedom of speech. But what does that look like in practice?

Of course, we cannot travel back in time to 1789 to ask James Madison what he meant when he drafted the Bill of Rights. Instead, American Courts have over time developed various methodologies to apply modern facts to something written 230 years ago.

Image result for free speech protest

Miller v. California – to what extent can the government regulate porn, and why should we care?

The case of Miller v. California, 413 U.S. 15 (1973) concerns pornography and whether or not the government is allowed to regulate obscene material. Marvin Miller was the owner/operator of a California mail-order business specializing in pornographic films and books. When his company’s brochures were sent to and opened by a restaurant owner in Newport Beach, California, the restaurant owner called the police. Miller was subsequently arrested and charged with violating California Penal Code § 311.2, which is paraphrased below:

Every person who knowingly sends into California for sale or distribution, or in this state possesses, prepares, publishes, with intent to distribute or to exhibit to others, any obscene matter is guilty of a misdemeanor.

The jury at Miller’s trial in State court had been instructed to consider the pornographic materials in question, and determine if they were “obscene.” The jury decided that they were, and Miller was found guilty. Because he objected with the way in which the jury had arrived at this conclusion, he appealed the decision to the Supreme Court.

Although the Supreme Court ultimately vacated the earlier jury verdict and remanded the case back to the California Superior Court, the matter became a landmark decision and the basis for what is now known as the Miller Test.

Writing the majority opinion, Chief Justice Burger reaffirmed in Miller that obscenity can be regulated by the government, because it is “unprotected speech.” Referring to Roth v United States (1957) and other similar cases, Justice Burger explained that obscenity was not within the area of constitutionally protected freedom of speech either under the First Amendment, or the Due Process Clause of the Fourteenth Amendment. “In the light of history,” Justice Brennan had said in Roth, “it is apparent that the unconditional phrasing of the First Amendment was not intended to protect every utterance.”

Venus-in-the-Cloister
Legal Fun Fact:  The first conviction for obscenity in Great Britain occurred in 1727. Edmund Curll was convicted for publishing erotic fiction titled “Venus in the Cloister or The Nun in her Smock” under the common law offence of disturbing the King’s peace. 

Now that we are clear that the First Amendment does not protect obscenity, the next question is obviously therefore: what is obscenity?  

In Miller, Justice Burger acknowledged the inherent dangers of regulating any form of expression, and said that “State statutes designed to regulate obscene materials must be carefully limited.” As a result, the Supreme Court was tasked with confining “the permissible scope of such regulation to works which depict or describe sexual conduct.”

This brings us to Burger’s three-part test for juries in obscenity cases. Obscenity is now defined as something: (1) the average person, applying contemporary community standards, would find appeals to a prurient interest; (2) which depicts or describes, in a patently offensive way, sexual conduct; and (3) whether the work lacks serious literary, artistic, political, or scientific (or “SLAPS”) value. In short, obscenity must satisfy as the prurient interest, patently offensive, and SLAPS prongs.

The Miller test changed the way courts define obscenity, and accordingly, what does – or does not – deserve protection as “free speech.”  

This Miller obscenity test overturned the Court’s earlier definition of obscenity established in Memoirs v Massachusetts (1966). In Memoirs, the Court had decided that obscenity was material which was “patently offensive and utterly without redeeming social value.” Furthermore, the Memoirs decision made clear that “all ideas having even the slightest redeeming social importance have the full protection of the guaranties [of the First Amendment]”.

By adopting the Miller decision, the Supreme Court departed from Memoirs in favour of a more conservative and narrow interpretation of the types of speech which qualify for First Amendment protection. Rather than considering obscenity as simply that which is “utterly without redeeming social value” of any kind, obscenity is now a subjective standard. This offers wider discretion to State legislatures and police agencies, as well as prosecutors and jurors, to decide whether material is “obscene” under local community standards.

Not everyone agrees!  Unsurprisingly, the Miller decision was a narrow one, and split the Court 5-4.

justices
Chief Justice Burger wrote the majority opinion, with Justice Douglas penning the dissent.

Justice William O. Douglas wrote the dissent and, at the risk of sounding like a total legal geek, I highly suggest taking a quick read of it! One of my favourite excerpts is as follows:

The idea that the First Amendment permits government to ban publications that are “offensive” to some people puts an ominous gloss on freedom […] The First Amendment was designed “to invite dispute,” to induce “a condition of unrest,” to “create dissatisfaction with conditions as they are,” and even to stir “people to anger.” The idea that the First Amendment permits punishment for ideas that are “offensive” to the particular judge or jury sitting in judgment is astounding. 

Nevertheless, despite the dissent and criticism, the Miller test remains the federal and state standard for deciding what obscene. However, the rise of the Internet has complicated matters, not least because the concept of “community standards” is difficult to define given how interconnected we are today.

What do you think? After nearly 50 years, should the Supreme Court reconsider what “obscenity” means? Is the Miller Test due for an update?

Have European laws improved American privacy protections?

Have European laws improved American privacy protections?

The European Union’s landmark data privacy law, the General Data Protection Regulation (GDPR) went into effect one year ago this week. By now, the implications for European residents and companies are fairly well known. Many of us will have received updated privacy policies in our email inboxes, or become increasingly aware of headline-grabbing stories on mass data breaches. But what about beyond the borders of Europe? Has GDPR changed the way in which data protection and privacy matters are viewed in the United States? 

The first thing to consider is whether GDPR has the power to influence how American companies handle data. The answer is yes. The GDPR is a single legal framework that applies across all 28 EU member states – including, for the time being, the United Kingdom. But in a considerable departure from the old Data Protection Directive (95/46/EC), the GDPR imposes an expanded territorial scope beyond the EU itself. No matter where they are located around the world, companies must comply with the GDPR if they either offer goods or services to European residents, or monitor their behavior (see, inter alia, Recital 22).

These new regulations are not without teeth. Whereas fines under the previous directive generally maxed out at £500,000, fines under GDPR can reach up to 20 million euros or 4% of a breaching company’s global turnover. Accordingly, from 25 May 2018, many American companies became subject to European privacy laws for the first time, and faced considerably enhanced sanctions for noncompliance.

As a result, in the lead-up to GDPR taking effect, many Europeans were geo-blocked from accessing American websites. The reason? If European customers were blocked from accessing the websites, the companies would not technically be “offering their goods or services” to Europeans, nor would they be “monitoring their behavior”.

Although the majority of companies retreating from Europe were small to medium-sized technology companies, others included global names such as the Los Angeles Times (US small businesses drop EU customers over new data rule, Financial Times).

dims.jpg

The other approach taken by US companies was to move data centres and servers from Europe to the United States. Facebook made headlines by shifting data concerning more than 1.5 billion users from Ireland to its main offices in California. Although Facebook told Reuters that it applies “the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc [California] or Facebook Ireland,” representatives from the social media giant noted that “EU law requires specific language” in mandated privacy notices, whereas American law does not.

Has the GDPR made Europe “too chilled” for American tech companies? It is important to note that users impacted by Facebook’s server relocation mentioned above were non-EU users. Furthermore, the data migration does not release Facebook from its obligation to comply with the GDPR, insofar as European users are concerned. Nevertheless, the relocation underscores the point that the United States is often seen as a more friendly home for companies seeking fewer, less stringent privacy regulations.

Several companies which initially fled the long-armed reach of the GDPR have returned to Europe, albeit with significantly changed privacy notices and data protection practices. However, many have stayed away. Some privacy advocates will hail the departure of American tech companies who are unwilling to comply with the new privacy rules. But while it is true that privacy protection is an important and fundamental human right, it cannot be ignored that an increasing body of evidence suggests the GDPR has had a chilling effect on a wide variety of overseas companies.

According to a recent study by the Illinois Institute of Technology and the National Bureau of Economic Research, there has been an 18% decrease in the number of EU venture deals and a 40% decrease in the dollar amount per deal following GDPR implementation (The Short-Run Effects of GDPR on Technology Venture Investment).

Together with increased European regulations of the digital economy on the whole, it is arguable that lawmakers in Brussels are making it more difficult for American companies to enter the European market. Even for those that decided to remain in the EU despite the enhanced regulations, their future remains uncertain.

Will the GDPR inspire privacy laws in the United States? Given that US companies – even those located in America – must now play by European privacy rules in order to reach the EU market, it is arguable that various technology and media entities will start to impose tougher privacy standards on themselves. Such self-regulation is likely to be welcomed by technology professionals and corporate insiders, who may consider themselves better positioned than regulators and lawmakers to tackle the problems of privacy in a digital age. However, as we have seen in sectors ranging from pharmaceuticals to finance, self-regulation often falls short when it comes to consumer protection.

 

zb
In April 2018, Facebook founder Mark Zuckerberg was called before the US Senate to answer questions over Facebook’s responsibility to safeguard user privacy and the Cambridge Analytica scandal.

For a variety of reasons which fall beyond the scope of this post, the privacy laws of the United States have developed in an ad hoc fashion. Apart from the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPPA), few national laws exist to protect data privacy.

Instead, in the United States, companies are caught under different laws depending on which State they are headquartered in, or where they do business. Any applicable federal laws which touch on data privacy are most often to regulate specific industry sectors, such as health insurance mentioned above. Even in the wake of the Equifax data breach of summer 2017 – which affected over 145 million US consumers – attempts to improve consumer privacy protections have failed to pass in Congress.

Despite the lack of federal legislation, some American states are using their powers to pass laws at a more local level. One such state is California, which happens to boast both the world’s fifth largest economy, as well as one of the most impressive technology industries. Last year, California Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law.

While at only 12 pages the law is a far cry from the obviously more comprehensive GDPR, it does grant California consumers specific rights over their personal information held by companies. Perhaps most interestingly, because the CCPA applies to any company which does business with California residents, the law will likely have a major impact on the privacy landscape across the country.

This begs the question: if the United States is in need of enhanced privacy protections, who should spearhead the endeavour? The US federal government via Congress, state legislators, or companies themselves? Some believe consumers will be better protected if Congress resists the temptation to intrude at federal level, to allow the states to experiment with their own legislation.

As we have seen in Europe, it is abundantly clear that any single privacy framework must be both flexible, as well as scalable, across a variety of industry sectors, geographies, and company types. To add to the political complexity, powerful industry players will likely lobby for special exceptions, and various federal agencies may clash over who will enforce any such regulation(s).

In conclusion, it is safe to say that the GDPR has indeed changed the way in which data protection and privacy matters are viewed outside of Europe. But the direction with which the Americans will choose to take it remains unclear.

On the one hand, some American companies have retreated from the EU. On the other, local governments have begun to take consumer privacy more seriously, by introducing new domestic data protection legislation. To find a balance between the two forces of economic enterprise and regulatory powers may be difficult. More likely, there may be a push and pull effect; whether privacy will prevail is yet to be seen.

On taking the “scenic route” to becoming a lawyer

On taking the “scenic route” to becoming a lawyer

According to the Junior Lawyers Division of the Law Society of England & Wales, the average age of a qualifying solicitor now is 29. However, despite the fact that more and more lawyers are joining the profession in their late 20s or even early 30s, it’s still common for many prospective lawyers to feel like outliers – or even outsiders – if they take a “scenic route” to qualification. I know I certainly did!

Inspired by the recent #TimeToTalk day, here is some advice and perspective on being one of those slightly older junior lawyers.

For readers who are not familiar with the English legal education and training system, a solicitor must complete a mixture of classroom and practical internships prior to becoming a qualified lawyer. In the most streamlined scenario, a prospective lawyer will complete three years of undergraduate study in law, followed by one year of practical postgraduate study, called the Legal Practice Course. For students who study something other than law as undergraduates (or for international students) completing the Graduate Diploma in Law will also likely be necessary.

After the Legal Practice Course, a junior lawyer must complete two years of training (known as a training contract) at a law firm, before qualifying as a licensed solicitor. Obtaining a training contract is an extremely competitive process, with only one spot being available for every four or five students. Applications are therefore usually made two years in advance, with many students applying in their final year of undergraduate study.

However, “many” certainly does not mean “all.” And I’m here to tell you that if your path doesn’t follow the fastest or most direct route, don’t despair. 

When I was in my penultimate year of undergrad, I was a 20 year-old political science student at Washington State University. I had my heart set on becoming a military lawyer, with the ultimate ambition of working in Washington DC as some sort of government counsel, intelligence expert or (insert grimace here) even a lobbyist. When I injured my knee during my final training course for the Marine Corps, I was forced to imagine a new future for myself.

I needed the courage to let go of my idealised, perfect future. To put some space between myself and the goals I had been holding so tightly for so long, I applied for a masters degree in London. I thought a year or two away from familiar surroundings would help me overcome the grief of losing my “Plan A,” and help me to create a “Plan B.” What I realised in the process was that, to quote John Lennon, life is what happens when you’re making other plans. 

Image may contain: 1 person
My Masters’ Degree Graduation Ceremony, 2012. The following month, I began what would become a five-year journey to becoming a qualified solicitor.

During my masters’ degree, I ended up focusing on −and becoming fascinated by − European Union intellectual property law. Rather than return to the USA for law school, I decided to stay in London and become a lawyer in England. The next two years were a somewhat crazy mix of writing my thesis, finishing my masters, earning my Graduate Diploma in Law, and taking several short-term jobs. I also met my now-husband in late 2012, so I was trying to balance a social life with studying and of course, “adulting” in a foreign country.

It was during this rather eventful period that I realised just how competitive landing a training contract would be. As someone who earned very high marks at university, I never thought I’d struggle to land a job as a trainee lawyer. But I did, and there’s no shame in admitting that.

To put things in perspective, it’s important to remember that in any given year, there are some 25,000 first-year undergraduate law students in the United Kingdom. However, with fewer than 6,000 training contract spots available, this means that only about one in five students will become a trainee. Many well-regarded law firms in London routinely receive several thousand applications for only 50 or 60 training slots.

Many of us who were unsuccessful on our first round of applications pursued other things in the interim. I ended up working in business development at the London office of a major US law firm, and enjoyed helping the partners develop pitches and marketing materials for their key clients. I also spent some time working as a paralegal for the firm where I would eventually train, which gave me some early exposure to life as a fee-earner. And all of these experiences have in some way influenced the lawyer I’ve become.

Of course, I don’t routinely use the life-saving or swimming skills I gained as a lifeguard when I’m drafting commercial contracts. But that summer spent by the pool taught me how to stay focused and calm in chaotic environments, amongst other things. I can guarantee that clients and colleagues alike appreciate the perspective and maturity that comes with having experience from beyond the legal world’s bubble.

Image may contain: 1 person, sitting and child
In retrospect, what difference does a year or two (or five) really make?

I don’t like telling people – especially those in their early 20s – to stop being so negative about their future, or to just try to see the good in everything. I think those sentiments minimise the intense and very raw feelings of rejection and low-self esteem found amongst those who are struggling to find their place in the legal profession. The feeling of not being good enough is very common for aspiring lawyers, but just because it’s common doesn’t mean it’s any less real.

I won’t tell you to just be positive about your job search and application process, because it’s going to take a lot more than positive thinking to get you qualified as a solicitor (or barrister, or attorney, or whatever). It’s going to take research, writing, re-writing, and re-writing, humility, tenacity, and looking at your options from a variety of angles. In short, applying and working towards becoming a lawyer looks a lot like actually being a lawyer. 

mimi
Worth the wait. Here I am at my Law Society qualification ceremony last year.

What I will tell you is that securing a training contract is difficult. But you’ve likely accomplished difficult things before. While it is normal to feel negative when you receive a setback, I challenge you to reconsider how you define a “setback.” There is much that could go wrong throughout your journey, but needing an extra year (or two, or five) to reach your goal? To my mind, that isn’t “wrong.”

For what it’s worth, I qualified when I was 29. There are times that I feel old or a bit discouraged because some of the lawyers who qualified before me are several years younger than I am. But recently, I’ve started to challenge my long-held belief that younger means faster, and that faster somehow means better. The truth is, everyone’s path – scenic or otherwise – is completely subjective: and slowly, I’m learning not to care so much about what others may think of mine…

Featured photo – Holly Mandarich

DeepFakes and False Lights: what does the law say?

DeepFakes and False Lights: what does the law say?

What do Scarlett Johansson, cyber intelligence experts and some law makers have in common? Their shared concern about AI-generated videos. Known as “DeepFakes,” these videos can have damaging impact on reputations, emotional health, and even national security. But what is the legal status of this disruptive – and oftentimes disturbing – technology?

Deepfake – which combines “deep learning” and “fake” – is commonly defined as an artificial intelligence-based human image synthesis technique. Put simply, it’s a way to superimpose one face over another.

In December 2017, an anonymous Reddit user started a viral phenomenon by combining the machine learning software and AI to swap porn performers’ faces with those of famous actresses. Scarlett Johansson, one of the most highly-paid actresses in Hollywood, has herself been the victim of such “creations”. Speaking to the Washington Postshe explained that “nothing can stop someone from cutting and pasting my image or anyone else’s onto a different body and making it look as eerily realistic as desired. There are basically no rules on the internet because it is an abyss that remains virtually lawless.”

It goes without saying that such fake porn videos can easily damage careers, emotional well-being, and a person’s sense of dignity and self-esteem. But there are other implications, too.

As a general starting point, it’s useful to have an understanding of what AI is – and isn’t. “Artificial Intelligence” is not another word for the robot overlords in Blade Runner or even Skynet’s Terminators. Rather, AI is fundamentally a machine-learning application whereby a computer is to fulfill a certain task on its own. What makes AI special is that machines are essentially “taught” to complete tasks that were previously done by humans, by doing the task over and over again.

With deepfakes, it doesn’t take long for the AI to learn the skill with eerie precision, and produce sophisticated (albeit artificial) images. The technology has many legitimate uses, especially in the film industry, where an actor’s face can be placed on their stunt double’s body. But thanks to continued advancement in the technology itself, the political and legal risks are higher than ever before.

On 29 January, US Director of National Intelligence Dan Coates spoke before the Senate Select Committee on Intelligence to deliver the Worldwide Threat Assessment, which had been compiled by the US intelligence community. The document sets out the biggest global threats in the following order: cyber, online influence operations (including election interference), weapons of mass destruction, terrorism, counterintelligence, emerging and disruptive technologies. 

Yes, cyber attacks and online influence operations are discussed before traditional weapons of mass destruction. The report even mentions deepfakes explicitly:

Adversaries and strategic competitors probably will attempt to use deep fakes or similar machine-learning technologies to create convincing—but false—image, audio, and video files to augment influence campaigns directed against the United States and our allies and partners.

Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, explained that “we already struggle to track and combat interference efforts and other malign activities on social media — and the explosion of deep fake videos is going to make that even harder.” This is particularly relevant given the severe political polarization around the world today: from Brexit to Trump and everywhere in between, deepfakes could become powerful ways to spread more disinformation and distrust.

There are some legal remedies which may combat some of the more nefarious aspects of the deepfake. As explained by the International Association of Privacy Professionals (IAPP), in common law jurisdictions like the United States and the United Kingdom, the victim of a deepfake creation may be able to sue the deepfake’s creator under one of the privacy torts. By way of example, the false light tort requires a claimant to prove that the deepfake in question incorrectly represents the claimant, in a way that would be embarrassing or offensive to the average person.

Another potentially relevant privacy tort is that of misappropriation or the right of publicity, if the deepfake is used for commercial purposes. Consider, for example, if someone made a deepfake commercial of Meghan, the Duchess of Sussex endorsing a certain makeup brand. Since individuals generally do not own the copyright interest in their own image (i.e., the photograph or video used to make a deepfake) copyright law is not a good remedy to rely upon. Instead, Meghan could argue that the deepfake misappropriated her personality and reputation for someone else’s unauthorised commercial advantage. However, it’s important to note that personality rights are frustratingly nebulous here in the United Kingdom, as I explained in Fame and Fortune: how celebrities can protect their image

Depending on the nature of the deepfake, a victim may also be able to sue for the intentional infliction of emotional distress, cyberbullying, or even sexual harassment. But in many instances, the burden of proof to establish these claims can be a notoriously difficult standard to meet.

Furthermore, the practical challenges of suing the creator of a deepfake are considerable. Firstly, such creators are often anonymous or located in another jurisdiction, which makes legal enforcement very difficult. Although a victim could request that the creator’s internet company (ISP) remove the deepfake, establishing what is known as “online intermediary liability” and forcing an ISP to get involved can be an uphill battle in and of itself (this was the topic of one of my papers in law school). As for the victim exercising their right to be forgotten under the EU’s General Data Protection Regulation (Article 17, GDPR), the same problem arises: who is responsible for taking down the deepfake?

Secondly, the creator may lodge a defense of free speech or creative expression, especially if the deepfake victim is a political figure or otherwise in the public spotlight. This may beg the question, to what extent is a deepfake depicting a member of parliament any different from a satirical cartoon or parody? Unless the deepfake is outrageously obscene or incites actual criminal behaviour, it may be nearly impossible to take legal action.

Deepfakes are but one of many instances where the law has not quite kept up with the rapid development of new technology. Although issues like these keep technology lawyers like myself employed, the potential for genuine harm caused by deepfakes in the wrong hands cannot be overstated. It should be fairly clear that outlawing or attempting to ban deepfakes is neither possible nor desirable, but perhaps increased regulation is a viable option. Deepfakes could be watermarked or labelled before being shared by licensed or regulated entities (for example, news organisations) much in the same way that airbrushed models in advertisements are labelled in France. Doing so may at least slow down the proliferation of deepfakes purporting to be genuine.

But until then, the only advice remains that you shouldn’t believe everything you read – or see, or hear – online.

Update 14 June 2019: The European Commission has released a joint Report on the implementation of the Action Plan Against Disinformation – available here.

Privacy Day 2019

Privacy Day 2019

In 2006 the Council of Europe officially recognised 28 January as a data privacy holiday, to celebrate the date The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was signed in 1981. Also known as Convention 108, this document remains the only international treaty in the field of personal data protection.

In honour of this year’s Privacy Day – also called Data Protection Day – here are a few excerpts from some of my favourite English and American legal cases about privacy.

Image result for entick v carrington

In 1762, the King George IV’s Chief Messenger Nathan Carrington and others broke into the home of the writer John Entick. Over the course of four hours, the messengers broke open locks and doors and searched all of the rooms, before taking away charts and pamphlets, and causing £2,000 of damage. The King’s messengers were acting on the orders of Lord Halifax, the newly appointed Secretary of State: Entick later sued Carrington for trespassing on his land. In his judgment in favour of Entick, Chief Justice of the Common Pleas Lord Camden wrote:

Has a Secretary of State a right to see all a man’s private letters of correspondence, family concerns, trade and business? This would be monstrous indeed; and if it were lawful, no man could endure to live in this country.

Today, Entick v Carrington is considered to have deeply influenced the establishment of individual civil liberties, and limiting the scope of executive power. It also served as an important motivation for the Fourth Amendment to the United States Constitution, which guarantees protections to Americans against certain searches and seizures. 

Image result for queen victoria sketches

Prince Albert v Strange was an 1849 court decision which began the development of confidence law, the common law tort that protects private information. By way of background, both Queen Victoria and Prince Albert sketched as a hobby. John Strange obtained some of these sketches after they had been stolen from Windsor Palace, and published a catalog showing them. Prince Albert filed suit for the return of the sketches, and a surrender of the catalog for destruction. The Lord Chancellor Lord Cottenham granted Prince Albert’s plea, and explained in his judgment that:

The Court of Chancery will protect everyone in the free and innocent use of his own property, and will prevent other parties from interfering with the use of that property, so as to injure the owner. It is certain every man has a right to keep his own sentiments if he pleases. He has certainly a right to judge whether he will make them public, or commit them only to the sight of his friends. Privacy is a part, and an essential part, of this species of property.

 

Image result for Eisenstadt v Baird

In 1967, William Baird was charged with a felony for handing a condom to an unmarried woman who had attended one of his lectures on birth control at Boston University. Under Massachusetts law on “Crimes against chastity”, contraceptives could only be distributed by registered doctors or pharmacists, and only to married persons. The Supreme Court of the United States overturned the law in the 1972 case Eisenstadt v. Baird, and the majority opinion was written by Justice Brennan, who famously wrote:

If the right of privacy means anything, it is the right of the individual, married or single, to be free from unwarranted governmental intrusion into matters so fundamentally affecting a person as the decision whether to bear or beget a child.

In 1982, the state of Pennsylvania enacted legislation that placed a number of restrictions on abortion. In the resulting 1986 case Thornburgh v. American College of Obstetricians and Gynecologists, the Supreme Court overturned the Pennsylvania law, holding (amongst other things) that the “informed consent” and printed materials provisions of the law unduly intruded upon the privacy of patients and physicians. Justice Brennan penned the opinion, noting:

Our cases long have recognized that the Constitution embodies a promise that a certain private sphere of individual liberty will be kept largely beyond the reach of government. Few decisions are more personal and intimate, more properly private, or more basic to individual dignity and autonomy, than a woman’s decision whether to end her pregnancy. A woman’s right to make that choice freely is fundamental. Any other result, in our view, would protect inadequately a central part of the sphere of liberty that our law guarantees equally to all. 

Image result for naomi campbell magazine 1994

In 2001, British supermodel Naomi Campbell was photographed leaving a drug rehabilitation clinic, despite having previously denied that she was a recovering drug addict. After the photographs were published in the tabloid The Mirror, Campbell sued for damages in Naomi Campbell v Mirror Group Newspapers. The House of Lords held the paper liable, and Law Lord Nicholls stated:

The importance of freedom of expression has been stressed often and eloquently, the importance of privacy less so. But it, too, lies at the heart of liberty in a modern state. A proper degree of privacy is essential for the well-being and development of an individual. And restraints imposed on government to pry into the lives of the citizen go to the essence of a democratic state.

In the 2011 case of Federal Aviation Administration v. Cooper, the Supreme Court considered if the United States Privacy Act of 1974 covers mental and emotional distress caused by privacy invasion. The Court held that the Privacy Act’s “actual damages” provision only allowed Cooper to recover for proven pecuniary or economic harm. Justice Sonia Sotomayor wrote the dissent, joined by Justices Ruth Bader Ginsburg and Stephen Breyer. Perhaps unsurprisingly, I personally agree with Justice Sotomayor’s dissent, which noted:

Nowhere in the Privacy Act does Congress so much as hint that it views a $5 hit to the pocketbook as more worthy of remedy than debilitating mental distress, and the contrary assumption [in this case] discounts the gravity of emotional harm caused by an invasion of the personal integrity that privacy protects.

Of course, the cases above provide only a small glimmer of insight into the weird and wonderful world of privacy law. On international Privacy Day in particular, it’s important to remember that the legislation and court cases which shape our understanding of privacy and protection from intrusion go far beyond the modern notion of cyber security.

The right to privacy is a human right!

Related image

Do Neo-Nazis have a right to privacy?

Do Neo-Nazis have a right to privacy?

Earlier this month, a leftist art collective in Germany called the Centre for Political Beauty (Zentrum für Politische Schönheit or “ZPS”) launched a website to name and shame neo-Nazis. At soko-chemnitz.de, people were invited to examine photographs taken during this summer’s violent anti-immigration protests in Chemnitz, and in exchange for identifying suspected right-wing demonstrators, would receive a crowd-funded reward of at least €30. The twist? The image recognition database was a honeypot: a sophisticated hoax to induce neo-Nazis into identifying themselves.

This recent project gives rise to serious questions regarding the exploitation of personal data for illegitimate or unlawful purposes – even if those purposes are seen by many as socially or ethically justified.

Image result for center of political beauty
“Doxing” – a portmanteau of document (“dox”) and dropping – is a term used to describe publicly exposing someone’s real identity on the internet.

The Chemnitz Context

Known as Karl-Marx Stadt when it was part of the Soviet bloc, Chemnitz is an industrial city in eastern Germany with a population of about 250,000. After German reunification in 1990, the political and economic systems changed drastically as democracy and capitalism replaced the communist regime. Similarly, as thousands of East Germans relocated to the more prosperous West, expatriates and immigrants filled shortages in the labour market and made their home in East Germany. For the first time in decades, the East was forced to deal with the challenges posed by multiculturalism, immigration and globalism.

Such problems have only intensified in light of Chancellor Merkel’s more liberal migrant policy, which has seen an influx of those seeking asylum and refugee status. Accordingly, Eastern Germany has seen a significant surge in far-right populism and xenophobic protests. In 2017, nearly 25 per cent of the city’s residents voted for the far-right German nationalist party, Alternative for Germany (Alternative für Deutschland, orAfD”).

Tensions between “native” East Germans and immigrants made headlines again this August, when a German man was stabbed to death in Chemnitz. When police revealed that his two attackers were Kurdish (one from Iraq and the other Syria) far-right groups quickly organised anti-immigration protests. Nearly 7,000 people joined the demonstrations, which were marked by hate speech and violence against non-Germans. The swastika and other Nazi symbols, including making the Nazi salute, are banned in Germany.

The Honeypot

Known for its “activist art”, the ZPS uses satirical stunts, performance pieces and interventions to draw attention to various humanitarian issues. By way of example, the group designed a monument in 2010 to “memorialise” Western co-responsibility for the Srebrenica massacre. In 2017, they built a “Holocaust Memorial” in front of nationalist politician Björn Höcke’s house.

In the weeks following the Chemnitz protests, ZPS published pictures of far-right rioters online at soko-chemnitz.de, and asked visitors to “identify and denounce your work colleagues, neighbors or acquaintances today and collect instant cash!” The rewards started at €34 (£30) with special bonuses awarded for identifying photos of people who were police, or members of Germany’s domestic security agency, the Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz or BfV). While the ZPS had indeed previously identified over 1,500 individuals who participated in the protest, the real goal of the campaign was to get far-right sympathizers to search for and thereby name themselves.

Related image
Gesucht: Wo arbeiten diese Idioten? / Wanted: where do these idiots work?

The honeypot design was simple. When visitors entered the website, they were presented with only 20 pictures at a time. Much to the delight of ZPS, Chemnitz protesters went straight to the site’s search bar to type in their own name and the names of fellow participants, to see if they’d already been named. The average visitor searched for the names of seven people.

In this way, the protesters “delivered their own entire network to ZPS without realising it. They told us more about themselves than publicly available sources ever betrayed.” ZPS founder Philipp Ruch claims that use of the website has created “the most relevant set of data on right-wing extremism that currently exists in Germany.”

The Controversy

The Special Commission Chemnitz site sparked a huge controversy in Germany for several reasons. Firstly, many questioned the legality of the website itself. Photos of demonstrators were uploaded without permission from the individuals pictured, an action which could potentially contravene German and European data protection law. Although no such private information other than photographs were revealed on soko-chemnitz.de,  users were asked to send in names, addresses, and names of employers of demonstrators. DeutscheWelle, Germany’s public international broadcaster, reported that “Germany’s data protection commissioner’s office said it was looking into whether the ZPS site was acting within legal limits.”

Image result for center for political beauty
Members of the ZPS always wear black face paint during during public appearances, to symbolize the “soot of German history”. The group’s fundamental mission statement is that “the legacy of the Holocaust is rendered void by political apathy, the rejection of refugees and cowardice. It believes that Germany should not only learn from its History but also take action.”

Beyond the textual or purely legalistic overtures of data protection law violations, the website elicits serious concerns over whether doxing private individuals is ever justified. Much has been written about the free speech rights of those who promote abhorrent ideologies. Those with a more libertarian perspective on free speech will insist that Nazi speech must be defended because it is so especially controversial. But what about the right to privacy?

In his article entitled Why it’s important to name the Nazis, journalist David Perry argued that identifying those whose pictures appear online attending a public rally is justified. Neo-Nazi protesters are people intending to do or to advocate harm, and have therefore surrendered their right to anonymity. The right to freedom of expression does not extend to a right of social impunity. One could also consider that view that as such protests occurred in a public space, any reasonable expectation of privacy was materially lacking.

But in the European —and notably, German— context, rights to privacy are especially treasured given the history of both Nazi and Communist security service tactics. These regimes demonstrated in the most heinous ways possible that collection of personal information can lead to harm. The idea of encouraging and paying private individuals to “out” their friends, neighbours and colleagues —even if for a seemingly noble cause—does not sit well with many Europeans today. Interior Minister Roland Wöller went so far as to say that the ZPS website “endangered social cohesion”.

Consider the distinction between how the United States and Germany “name and shame” sex offenders. The United States was the first country to establish a national sex offender registration and notification system in 1994. By contrast, Germany has no national sex offender registration legislation, nor a public notification system. This perhaps illustrates the extent to which Germans value the protection of individual privacy, even where those individuals have committed criminal or otherwise morally reprehensible acts.

The soko-chemnitz.de project forces upon the public an uncomfortable question: do neo-Nazis have a right to privacy? Those who say “no” would likely choose to identify and denounce the Chemnitz protesters as potentially dangerous far-right radicals. In so doing, one could take comfort in having participated in some sort of righteous, anti-Nazi resistance movement. But at what cost? Doxing campaigns have gone terribly wrong in the past, and errors in identification can led to irreparable emotional and reputation damage, or even job loss and suicide. On the other hand, refusing to participate in the campaign could arouse suspicions that one sympathizes or even identifies with the Nazi ideology.

As a piece of political performance art, soko-chemnitz.de was certainly provocative. But it is also politically significant. Coverage of the website forced people to consider their own personal prioritisation of ideals associated with a democratic society: to what extent should we protect privacy, expression, freedom from interference, security, liberty, trust…? It’s a predicament as old as political philosophy itself, and an increasingly uncomfortable balancing act to achieve in today’s world of hyper-surveillance and social media. Perhaps this was the disquieting, satirical reminder the ZPS was hoping to convey all along.

 


*Note on soko-chemnitz.de

ZPS has replaced its original soko-chemnitz website with a splash page explaining the honeypot campaign. You can visit earlier archives of the page using the Wayback Machine. This is what the website looked like on 4 December 2018, absent the images of individuals, which have since been deleted.