Earlier this week, the popular online dating site Match.com announced plans to implement a system to check their users against sex offender registries. This comes in the wake of a lawsuit against the company by a woman who says she was assaulted by someone she met through the website. While sexual assault is inexcusable, this would-be solution is deeply flawed. Match.com’s plan isn’t a good way to catch sexual predators (who could just use fake names), sacrifices user privacy, and sets a troubling precedent for allowing companies to peer into our personal lives and histories before doing business with us.
Now, to set the record straight: Section 230 of the Communications Decency Act generally protects Match.com from being held liable as a publisher for what users post on the site. And Match.com isn’t responsible for how users act when they aren’t on the site. But, as we saw with Craigslist last year, sometimes a site under pressure will change their legal policies rather than continue to face public criticism.
There are several glaring flaws with Match.com’s plan. For one, Match.com can’t prevent sexual assault by screening for sex offenders. But even if Match.com’s goal is merely to check whether users are on a registered sex offender list, rather than to actually prevent assault, Match.com runs into the difficulty that many people who use the site may not use their real names. And while a portion of Match.com’s services require a form of payment, a user looking to conceal her identity might simply use someone else’s credit card to purchase a Match.com subscription. For this plan to work, Match.com will likely need to move to a real name policy, similar to Facebook's. And often a legal name may not be enough to establish one’s identity – Match.com could well need to collect other data points, like address or phone number, to truly figure out which “John Smith” has registered for their site. (Of note: a quick search through the sex offender registries for the name “John Smith” returns dozens of results.) This will be a change for Match.com: you can currently sign up for an account without providing your real name and there’s nothing in the terms of service that requires an individual to provide her real name.
And the real flaw in Match.com’s plan is the most obvious: criminals who want to use Match.com for nefarious purposes could use a false identity to set up service. So while law abiding citizens searching for love are handing over loads of personal data to Match.com, those with criminal intent are unlikely to provide real information about themselves when signing up for the site.
Match.com, like any business, can choose whom they want to do business with – and even place requirements on users as a contingency for providing services. But every time a company demands more of our personal data as a contingency for a transaction, we lose a little bit more of our privacy. Data like our legal names, addresses, phone number, Social Security numbers, and credit card information can be demanded by businesses before we can complete our transactions, and users often have no right to refuse without jeopardizing the right to do business with the company. (Though California’s Civil Code Section 1747.08 is a rare counter example.) Which means businesses can –and do – take every opportunity to suck up personal data and store it, sometimes indefinitely, in enormous databases, which all too often suffer from data breaches that increase users’ chances of identity theft.
Collection and storage of sensitive personal information is an issue every online user should be concerned about. But for individuals whose very lives rest in their ability to maintain anonymity, whether because they are victims of stalking or political dissidents, the ability to use the Internet without giving away key pieces of data like your legal name is a matter of safety. And this is especially true for sites we use to communicate – including email, social networking sites, blog platforms, instant messaging services and even online dating sites.
Notably, Match.com doesn’t promise to safeguard user data even though they collect so much of it. In fact, they say specifically: “We do not promise, and you should not expect, that your personal information, searches, or other communications will always remain secure.” What’s more, Match.com actively shares your data with other businesses through the IAC business group, which includes companies like Ask.com, Urbanspoon, CitySearch, Dictionary.com, and Zwinky. Match.com states:
We may share information we collect, including personal information such as your name and contact information, interests, activities and transactions on our site, with the IAC companies.
They also give themselves ample flexibility to share user data they collect with the government upon “a request for cooperation from a law enforcement or other government agency.” They do not, however, promise to inform users when this data is handed over.
Let’s face it: Match.com is already collecting vast amounts of data about consumers, actively sharing it with other businesses, leaving themselves open to sharing it with the government and not providing many rights for users of their service to access, remove or update that data. They aren’t breaking any laws, and frankly lots of companies have similar practices. But considering their enormous user base and the size of their network of affiliated companies, users who care about privacy should strongly protest any attempt by Match.com to mandate identity verification as a contingency for using the service. It’s an affront to privacy masquerading as a safety feature.