We noted recently an odd lawsuit
against Match.com from a woman who was sexually assaulted by a man she met via the service. The company is almost certainly protected via Section 230 from liability, but with a bit of interesting timing, Match.com announced plans
to start screening users' names against a sexual predator database. This seems like the sort of quickly slapped together ideas that sound good
until you think through the details. And, thankfully, the folks over at the EFF have thought through the details and are pointing out how deeply flawed Match.com's idea is
There are several glaring flaws with Match.com's plan. For one, Match.com can't prevent sexual assault by screening for sex offenders. But even if Match.com's goal is merely to check whether users are on a registered sex offender list, rather than to actually prevent assault, Match.com runs into the difficulty that many people who use the site may not use their real names. And while a portion of Match.com's services require a form of payment, a user looking to conceal her identity might simply use someone else's credit card to purchase a Match.com subscription. For this plan to work, Match.com will likely need to move to a real name policy, similar to Facebook's. And often a legal name may not be enough to establish one's identity -- Match.com could well need to collect other data points, like address or phone number, to truly figure out which "John Smith" has registered for their site. (Of note: a quick search through the sex offender registries for the name "John Smith" returns dozens of results.) This will be a change for Match.com: you can currently sign up for an account without providing your real name and there's nothing in the terms of service that requires an individual to provide her real name.
And the real flaw in Match.com’s plan is the most obvious: criminals who want to use Match.com for nefarious purposes could use a false identity to set up service. So while law abiding citizens searching for love are handing over loads of personal data to Match.com, those with criminal intent are unlikely to provide real information about themselves when signing up for the site.
It's an affront to privacy masquerading as a safety feature.
This sort of thing, by the way, is exactly the kind of thing we'll be discussing at the Techdirt Insight Dinner salon
on May 18th, where one of the key points is to better figure out how companies can and should deal with the data they're collecting, without trampling on privacy issues.