Online Privacy: The Naked and the Scanned
Don't think that sounds possible? It is. Read on, and we'll explore why this is happening and what it means for the adult industry. The bad news is that these crimes are bound to increase as time goes by. The good news, and real goal of this article, is to let you know that you can help ensure that your customers and your business are not breaking the law.
But, first, a quick story: Our company, as part of our community engagement, provides services and occasionally financial support to groups or websites that have a hard time finding "safe havens" for their non-mainstream sexual identities. For more than a decade, we've done these sorts of projects as part of the Electronic Frontier Foundation's "Blue Ribbon" campaign against Internet censorship.
Claiming to be "anti-censorship" is great, but doing something about it is even better. Recently, we were helping one community discussion site "get the word out" by showing them how to place ads with ad networks. Nothing too complex; after all, this is a text-only, non-explicit discussion forum.
Nevertheless, I found myself on the phone a few weeks ago with the founder of one of the larger ad-serving networks on the Internet. You see, they had turned down ads for this words-only discussion website. Why? Well, according to this fellow — who spoke with the confidence and certainty that comes from being firmly in the majority — that merely discussing such things was "against the law." This was news to me: I'm no lawyer, but you'd think I would have heard of such a clearly unconstitutional statute if it existed in the U.S.
Could he provide a statutory reference for me? Sure, he said, his assistant had just looked it up — in the California penal code. California? The website isn't in California. Our company isn't based in California — in fact, not even in the U.S. Why would California law be applicable to our advertising? The ad network, cleverly, had placed their servers in California and felt that California law thus applied to every customer they have, anywhere in the world.
My surprise was less than complete when I heard, just last week, that this same ad-serving network was laying off a boatload of employees because of the "business downturn." But I'm sure you see already where this article is going.
Viewing pornography — any sort of pornography: straight, gay, plant, animal — is illegal and an imprisonable offense where anyone caught can and most likely will be charged and convicted; so any of your customers who view any erotic images on your website are breaking the law — in Malaysia.
The Internet has taken the old stability of distribution controls and jurisdictional specificity and whirled them up into a tangled mess. In the past, a publisher could simply avoid distributing content in a country like Malaysia (or Saudi Arabia, or others) where any erotic content is banned by law. But today, if our customers come from countries where the content on our websites is illegal, then who has done the wrong?
Do we try to block them (via IP geo-mapping)? Do we track laws in every country in the world? What about principalities, rebel regions and city-states like Singapore — is it really a country? Do we throw our hands up and simply hope our customers don't break any laws when they visit our site? What happens if, as recently occurred in the state of Georgia, a local judge decides some sites break the law in that local jurisdiction and issues an order to seize our domain names (having already seized more than 100 online gaming domain names in just once case)?
The simple fact is this: the adult industry carries an ethical obligation not only to provide responsible, enjoyable, professional content and services to customers, but also to provide the tools and knowledge that (some) customers require in order to help avoid being caught up in modern-age witch hunts. With fundamentalist regimes of all stripes flexing their muscles around the world (and in some Southern states, as well), simply hoping things work themselves out isn't enough.
There is risk in doing nothing — and great opportunity in proactively providing the tools, resources and knowledge to help customers around the world maintain their safety and security whilst engaging with our services. Don't think you have any visitors from places like Malaysia? Pull your server logs and check. You might be surprised; do those customers matter? If you don't serve them, someone else will — perhaps a torrent tracker that doesn't bother with copyright protections but does help its members keep safe.
Things are different now than they were in the past, and they're only going to get more different, faster, as time goes on. Twenty years ago, who worried about Malaysian anti-porn legislation — or small-town judges in Georgia with an anti-gambling streak? A casino in Vegas didn't have to wonder if they'd see their assets seized because a Georgian couple visited and spent a few days playing the slots. Adult video producers weren't panicking about Interpol warrants in the event that one of their perfectly legal videos, shot and marketed in the U.S., showed up in Riyadh and got a Saudi prince up in arms. Now, as I told that ad-serving network executive, every piece of content on the Internet is illegal — somewhere.
Traffic on the Internet, today, is essentially "naked." Data being transmitted from A to B, unless specifically encrypted by somebody, is sent as plain text; anyone along the way can read it as it goes by. Think this doesn't happen? Google "great firewall of China," and guess what happens if a Chinese visitor to yahoo.com types "democracy protest" as a search term.
The Internet wasn't designed to be secure — it was designed to be robust. In fact, it was designed by the U.S. military, initially, with the primary objective of remaining functional even after a U.S. vs. U.S.S.R. nuclear war. From military command and control to online porn, it's been a wild ride.
In some countries, it's illegal for the government to "spy" on the Internet traffic of its citizens. Like, for example, the U.S. — except, of course, the U.S. government has acknowledged that it sort of "bent the rules" and spied (spies?) on terabytes of traffic within the U.S. So much for laws protecting "the right to privacy."
There is no right to privacy. There never was. Privacy, in fact, is a relatively new concept in cultural discourse; five hundred years ago, you'd have a hard time explaining to a French farmer what "private life" meant. Even the Founding Fathers saw privacy as a limited and somewhat suspicious habit — you won't find the "right to privacy" in the Constitution or in the Bill of Rights. And yet, today, we talk about our "privacy rights" as if they were sacrosanct. How about our Malaysian customers? Does their government guarantee them privacy? No.
What's happened is this: control of, and responsibility for, privacy protection has fragmented, with centripetal forces pushing it all the way out to individual Internet users. Any Internet user, anywhere in the world, can send messages today, for free, that are more secure than even the most advanced tools of the world powers of 100 years ago. The Enigma machine that Turing's team at Bletchley Park cracked during World War II is nothing compared to public-key, prime-factored cryptographic algorithms like PGP. Anyone who wants to can make every packet 100 percent secure, and no central government can stop it. In fact, it's not even illegal to encrypt Internet data in all but a few scary totalitarian backwaters, anywhere in the world.
So, do you want your customers, whether they live in a small town in rural Georgia or Kuala Lumpur's towering skyscrapers, to visit your online properties with confidence that they won't end up a poster child for unfair prosecution of morality laws gone bad? If you do, you'll want to understand a little bit about how these things work and what the benefits and drawbacks are of various approaches to online privacy management. No, you don't need to become a crypto-geek in your spare time — that's my job. You just need to open your mind to some new structural realities, see things from a broader perspective and make some decisions about the future of your business.
Good online privacy isn't a threat to the adult industry. Yes, some people see it as that: it will "ruin" affiliate marketing or (gasp) help those tube sites avoid the teams of copyright lawyers. This is like saying that gravity results in broken vases: rather than bemoaning a fact of life, it might be more productive to place the vase someplace it's not likely to be knocked to the floor. Internet users worldwide will learn, day by day, to value and manage their online privacy more and more as the threat of online surveillance increases steadily. This is a fact of life. Smart adult-industry participants will not only accept these basic facts but will find elegant, useful and customer-positive ways to benefit.
In upcoming articles, we'll track a packet as it travels from your website to your customer and back. We'll review some of the areas where privacy threats are most severe, both for customers and for those running adult content websites. Finally, we'll review various structural methodologies for minimizing the risk of unwanted privacy loss via technological tools like encryption, tunnelling, proxying and onion routing topologies.
D. Spink is chief technology officer of Baneki Privacy Computing (baneki.com) and a specialist in modeling and implementing systems-level privacy services for network-based resources. He holds an MBA from the University of Chicago and is a doctoral candidate in systems mathematics. A long-time campaigner for equal protection of minority sexualities, he has founded, administered and supported online community resources and published in numerous related fields. He lives with a mixed canine/equine/human family in the Pacific Northwest.