You rush into work one morning, coffee and briefcase in hand, barely making it into the cramped elevator as the doors close. You overhear someone in the back whisper “That’s her, she’s the one in the tank top in her profile pic.” You wonder who they’re gossiping about but are too preoccupied on your 9:30 presentation to care. After a successful presentation, your boss pulls you aside and offers a friendly reminder to be aware of how people might see a Facebook profile or Twitter post to be a reflection on the character of the company. You’re slightly puzzled, as it seems to be coming out of nowhere, but just nod and smile and thank him for the reminder. At lunch, your co-worker comes up and says how cute your son and niece look in the pictures you posted online last night. You ask her what she’s talking about since you don’t remember posting anything. Her only reply is that it was on your Facebook profile and thanks for adding her as a friend yesterday.
There’s only one problem – you don’t have a Facebook profile.
Arquiett v. DEA
This scenario is similar to what brought Sondra Arquiett to sue the Drug Enforcement Administration (“DEA”) for commandeering her identity and impersonating her for months through a fake Facebook profile. In the complaint, filed in the United States District Court for the Northern District of New York, Arquiett alleges that an agent of the DEA “appropriated [Arquiett’s] name and likeness to create a publicly available Facebook account that purported to be an account belonging to [Arquiett] . . . without [her] knowledge or permission.” The complaint further alleges that the DEA agent posted pictures belonging to Arquiett on the page including suggestive pictures of her in her underwear and others with her child and niece – both minors. The DEA agent additionally “utilized the Facebook page to initiate contact with dangerous individuals he was investigating with regard to an alleged narcotics distribution ring . . . [and] also initiated contacts with other persons known to [Arquiett].” Arquiett alleges that she suffered fear and distress from uncovering the impersonation because the DEA agent had, “created the appearance that Plaintiff was willfully cooperating in his investigation of the narcotics trafficking ring, thereby placing her in danger.” Arquiett is charging that this impersonation violated her constitutional rights to privacy afforded under the First Amendment, equal protection under the Fifth Amendment, and her Eighth Amendment right to be free from cruel and unusual punishment.
The U.S. Attorney’s Office acknowledges the events in Arquiett’s complaint that took place but argues that the use of the account was proper as it was “for a legitimate law enforcement purpose.” The government argues:
“Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic].”
The district court has since approved mediation to resolve the issue and both parties are currently attending.
Prior use of Social Media by Law Enforcement
This wouldn’t be the first time a law enforcement agency has utilized social media in a criminal investigation. LexisNexis published a report in 2014 stating that eight out of ten law enforcement agencies utilized social media in criminal investigations. Although it is unclear to what extent law enforcement agencies create profiles impersonating real people (as opposed to creating profiles of fictitious individuals). Such investigations include a 2008 gang sting operation in Cincinnati, OH where 71 people were arrested following a data mining operation on Facebook.
No “Likes” for the DEA
After BuzzFeed News broke the story, Facebook removed the account and rebuked the DEA for its violation of Facebook’s community guidelines and demanded it cease all activities relating to fake profiles.
“We ask that you refrain from publishing the personal information of others without their consent. Claiming to be another person, creating a false presence for an organization, or creating multiple accounts undermines community and violates Facebook’s terms.”
Joe Sullivan, Facebook’s Chief Security Officer, commented in an October 2014 letter to the DEA that, “Facebook is deeply troubled by the DEA’s claims and legal position . . . Facebook has long made clear that law enforcement authorities are subject to these policies.”
In an interview with CNN, he also stated actions like these, “[undermine] the integrity of [Facebook’s] whole service if we allow people to use false accounts.”
U.S. Senator Patrick Leahy, Chairman of the Senate Committee on the Judiciary, wrote a letter to U.S. Attorney General Eric Holder late last month condemning the DEA’s impersonation of Arquiett on Facebook and calling the DEA’s decision to post suggestive photos of Ms. Arquiett and pictures of her minor son and niece ‘appalling’ and ‘dangerous’. Leahy condemned the danger to Arquiett’s life the DEA incurred when they initiated conversations with known dangerous criminals impersonating Arquiett and then linking that to the pictures they posted of Arquiett’s son and niece. Leahy concluded:
“I hope the Justice Department will agree that creating an online profile using an unsuspecting person’s identity to communicate with criminals is unethical, potentially dangerous, and should not be condoned by our nation’s law enforcement agencies.”
This Isn’t Something New to the Internet
Impersonation isn’t anything new to social media. We all remember the infamous Manti Te’o scandal where the football star’s dead girlfriend turned out to be a hoax complete with her own Facebook profile.
Then there’s $616,165 fine the Federal Trade Commission leveled against JDI Dating last monthfor allowing users to create profiles on their sites for free and then send them fake messages from people who supposedly lived nearby and wanted to meet.
However, neither of these is as disturbing as the case of Megan Meier – the one that first drew national attention to the issue of online impersonation. Megan lived in Dardenne Prairie, MO and began an online friendship-turned-romance over her MySpace.com profile with Josh Evans. That was until October 2006 when Josh began being mean to her even to the point where he messaged Megan “The world would be a better place without you.” Megan hung herself in her bedroom closet. She was 13. It also turned out that Josh Evans never existed. A 47 year-old neighbor had been impersonating the profile the entire time.
This infamous case of “catfishing”, where someone impersonates being someone else over the internet often used to trick people into romantic relationships, prompted state legislatures across the country to create laws against this kind of fraudulent behavior. In California and New York, online impersonation is a misdemeanor. In Texas, it’s a third-degree felony.
Former California State Senator Joe Simitian commented that these laws were created to prevent harm from coming to individuals who fall victim to online impersonation – just like identity theft. “There are many kinds of harm . . . Emotional distress is a harm. Financial damage is a harm. When someone both steals your identity and damages your reputation, there ought to be consequences.”
But what about when it’s the government doing the “catfishing”?
A Novel Question for the Courts
Anita L. Allen, professor at University of Pennsylvania Law School, protests to the use of fake profiles by government agencies as “misrepresentation, fraud, and invasion of privacy.” However, she also pointed out that Arquiett’s case presents a novel legal issue that has not yet been tested in federal courts – how far is too far when the government impersonates a real individual over social media without their knowledge or consent? Ryan Calo, a professor at the University of Washington School of Law, says that what separates this kind of deceptive behavior from others in which law enforcement agencies have engaged in the past is that this case is an instance where the government assumed the identity of a real individual as opposed to a fictional one. Neil Richards, also a professor at Washington University School of Law, agrees that “There are a whole bunch of new things that are possible [with social media], and we don’t have rules for them yet.”
Allen also brings up the point that the government admits that Arquiett did not give her express permission to use the private photographs stored on her phone on social media. Allen analogies, “I may allow someone to come into my home and search, but that doesn’t mean they can take the photos from my coffee table and post them online.” Elizabeth Joh, professor at UC Davis School of Law, said that for the government to glean ‘implied consent’ for use of the pictures on social media absent any express permission to do so, “[is] a dangerous expansion of the idea of consent, particularly given the amount of information on people’s cell phones.”
In the era of mass privacy breaches of commercial retail chains and ex-patriots exposing NSA domestic spying programs; technology has allowed federally-sponsored “catfishing” to be added to the mix of privacy concerns. Maybe you should just call next time instead of sending that Facebook message. After all, the face behind the profile might not be the one you were expecting.