Yottabytes: Storage and Disaster Recovery

May 22 2019   9:15AM GMT

Vibrator Data is Protected Content, Judge Rules

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
privacy
Security

In case you’re curious, stored data about the intensity with which you like to use a vibrator has now been ruled to be communications “content.”

It’s true. It was ruled on by a judge and everything.

Most of the vibrator data ruling has to deal with jurisdictional issues, but an important part is related to stored data.

So here’s the deal. There’s this Chinese company, Hytto Ltd., that developed a vibrator, Lush, that could be communicated with using a phone app and Bluetooth. Some of the communication involved factors such as intensity. Depending on how the app was set up, partners, or whomever had access to the app, could also provide input into the intensity, even from long distance.

“Long distance couples can connect their Lush devices to their cellphones via Bluetooth using Hytto’s Body Chat app,” writes Helen Christophi in Courthouse News. “When two people use the app together, either partner can select and transmit the vibration intensity for the paired device.”

Amuse your friends! Have fun at parties!

The thing is, the company that developed the vibrator and app was storing this data, including frequency, date, time, and intensity of use, on its own servers. Moreover, it was associating this vibrator data with the email addresses of the people involved. So it wasn’t anonymized or aggregated, but personally identifiable. Finally, it didn’t tell users, let alone ask their permission, that it was doing this.

(One wonders, how could the company have monetized this vibrator data? Hmm.)

One of the product’s 34,000 users, “S.D.,” found out about this, and filed a class-action lawsuit in January 2018, saying that collecting this data violated the federal Wiretap Act, because it was intercepting the contents of an electronic communication.

The company claimed that it wasn’t, either, because the transmissions didn’t count as “content.”

Not so much, a judge ruled.

“The Wiretap Act defines ‘content’ as ‘any information concerning the substance, purport, or meaning of that communication,’” Christophi writes. “The law excludes ‘record’ information – data automatically generated when a communication is sent, such as the origin or length of a phone call.”

Hytto did win some concessions. U.S. District Judge Jeffrey White agreed that some of the data – date and time – were “record” data, because they were automatically generated. But because users enter “desired strength of touch” into the app to set vibration intensity, that data should be considered content, the judge ruled.

“Protected ‘content’ under the Act is a person’s ‘intended message to another’ and the ‘essential part’ of a communication,” White writes. “Unlike record information, content is generated not automatically, but through the intent of the user.”

Some of the ruling is rather sweet – poetic, even. “Individuals, of course, communicate by touch all the time. A pet owner can communicate to its dog, by tugging (gently) on the leash, the owner’s desire that the dog stop walking or slow down. A person can communicate his happiness to see a friend by a hug or a handshake,” White writes. “It is only with the evolution of certain technologies that the conveyance of such unspoken communications is now apparently not limited to situations where both the sender and recipient of touch-based communication are in the same location. The involvement of technology in the transmission of data does not change the character of the data. That the internet is used to effect a touch-based communication does not change the essential character of that communication.”

Hytto also tried to claim that it needed to store this information to provide the service that the customer was paying for, but White wasn’t buying that, either. “Hytto does not explain how the collection of the communication is necessary to enabling users to use an app to control the vibration intensity of a paired sex toy,” he writes. “Put another way, Hytto has failed to explain why it would be difficult or impossible to provide its service without the objected-to interception, particularly where the FAC alleges that Hytto markets the app as functioning peer-to-peer. Hytto’s argument, therefore, is not persuasive.” He did, however, say that the company could feel free to elaborate on this during the actual trial.

(“And for this I went to law school,” Judge White might have been heard to mutter.)

It didn’t help that the company had apparently promised that it wouldn’t do exactly what it ended up doing. “The FAC includes a snapshot from Lovense.com that reads: ‘We take your privacy very seriously. We have designed our system to record as little information about our users as possible. Absolutely no sensitive data (pictures, video, chat logs) pass through (or are held) on our servers. All data transfers are peer-to-peer. Furthermore, we encrypt the data before passing it along to your partner,’” White writes. “After reviewing this policy, a reasonable person could conclude that Hytto would not harvest data about how its Body Chat app or paired devices were used.”

S.D. can amend her complaint to remove the time and date component by June 14, White ruled. And then, it’s back to court.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: