Max Stul Oppenheimer
In the summer of 2015 amidst the beginnings of the 2016 presidential campaign, historic Supreme Court decisions, and regular reports of protests, some might have missed the copyright angle to the Ashley Madison story. In fact, many may have missed the Ashley Madison story altogether. It is worth retelling, in brief, because it highlights the question with which this article is concerned – to what extent should copyright protect privacy.
In the summer of 2015, Ashley Madison, a website that bills itself as “The Original Extramarital Affairs Site” the tagline for which was, “Life is Short, Have An Affair,” was hacked. The e-mail addresses and credit card information of its 37 million users were accessed and downloaded. The hackers, who called themselves The Impact Group, posted a sample of the information they obtained online along with a manifesto threatening to post all of Ashley Madison’s users’ sensitive information unless the site was taken down. Predictably, the site was not taken down and The Impact Group made good on its threat.
Following the hack, the owner of Ashley Madison, Avid Life Media (“Avid”), promptly issued a statement acknowledging the breach and assuring its subscribers that Avid would make sure the leaked information would be removed from the internet. A number of websites where the hacked content had been posted acquiesced to Avid’s demands. The tool Avid used to accomplish the seemingly impossible task of having information removed from the internet was the 1998 Digital Millennium Copyright Act’s (“DMCA”) takedown provision.
Avid’s use of the DMCA takedown procedure poses a number of interesting questions. Those addressed contemporaneously by legal commentators focused primarily on the doctrinal questions of whether: (1) the content in question was copyrightable and (2) Avid should be considered the author or copyright owner of that content, for purposes of the DMCA. This piece, on the other hand, considers the normative question of whether copyright ought to protect privacy interests in scenarios like the Ashley Madison hack or, more broadly, whether the Copyright Act has a role to play in the protection of privacy.
While some courts have held that “[i]t is universally recognized . . . that the protection of privacy is not the function of our copyright law,” the remedies afforded copyright owners make pursuing copyright claims an attractive option to privacy plaintiffs. Copyright remedies include the removal of digital copies from the internet and the destruction of physical copies. The extent to which copyright ought to protect privacy interests has been considered in various jurisdictions recently but has not been treated comprehensively by contemporary legal scholars in the United States. This piece seeks to undertake that treatment.
Part II of this paper begins this consideration by discussing two cases in which plaintiffs asserted copyright claims in addition to privacy allegations, though the underlying injuries were clearly primarily privacy-based. Part III provides a brief overview of the current state of privacy law. Part IV then considers the theoretical and jurisprudential overlap between privacy and copyright, and highlights the problems presented by protecting privacy through copyright. Part IV also suggests two relatively modest legislative solutions: (1) a limited federal statute that would provide a plaintiff alleging online privacy infringement with a remedy analogous to the DMCA’s takedown provisions available to those alleging online copyright infringement; and (2) statutorily adopting the moral right of disclosure already recognized in other countries in order to codify the common law right of first publication. Finally, Part V concludes by returning to the Ashley Madison example to consider the potential of the proposed solutions to address the problems presented.