Future Tense

Guilty as Charged

The best way to stop shady mug shot website operators: talk to credit card companies.

How to stop online bad actors
Don’t waste time trying to figure out who they are, or where they live, or whether what they’re doing is illegal. Just cut off their money.

Photo illustration by Lisa Larson-Walker. Photos by Getty Images & Thinkstock

What’s the best way to get an embarrassing photo of yourself removed from the Internet? Some people think stronger legislation is the answer—just last month, California passed a law aimed at revenge porn websites—while others turn to online reputation management firms or filing take-down notices under the 1998 Digital Millennium Copyright Act.

But increasingly, credit card companies and online payment providers are emerging as crucial players in the complicated and controversial debate over how to stop undesirable Internet activity.

This weekend the New York Times ran a feature on websites that post mug shots and then charge people to have them removed. Mug shots are public records, and they can be useful for journalists reporting on crimes, or employers vetting job applicants. But for people trying to put youthful indiscretions or stupid mistakes behind them, these photos—like so many other online artifacts—can prove to be serious obstacles, anchoring them permanently to their pasts and tripping them up again and again, even when no actual crime was committed.

So far, in the United States, legal protections for people haunted by incriminating online content have been pretty weak. The recent California SB 568 requires websites to remove content posted by minors at the request of the poster—an attempt to give young adults a delete button so a poorly thought-out Facebook status won’t hurt their future—while laws passed in Oregon and Georgia earlier this year specifically target mug shot sites, requiring them to remove the photos for free if people pictured can prove they were not convicted of any crime. But as is often the case when dealing with online activity, the scope of state laws—and even national laws—can be pathetically inadequate when it comes to countering the global reach of the Internet.

Enter MasterCard.

“We looked at the activity and found it repugnant,” MasterCard General Counsel Noah Hanft told Times reporter David Segal of the websites offering to remove mug shots for fees. In the course of reporting the article, Segal brought the websites to the attention of MasterCard, American Express, Discover, and PayPal, all of which subsequently decided they would sever their relationships with the sites, effectively crippling their business model.

The story of the mug shot sites echoes a recent thread of academic research concerning a very different kind of online nuisance: spam. A 2011 study of the value chain of spam found that credit card companies and merchant banks could also play an instrumental role in countering commercial spam. The researchers found that just three banks were responsible for providing payment services to more than 95 percent of the spam-advertised products they identified. The authors hypothesize that if major credit card companies refused to carry out certain transactions with these specific banks, the spammers would have no way to sell their products and would therefore be forced out of business (or, at the very least, be forced to develop a new business model).

The underlying message of both the spam study and the mug shot article is simple enough: If you want to stop online bad actors—from nuisances to extortionists—don’t waste time trying to figure out who they are, or where they live, or whether what they’re doing is illegal. Just cut off their money.

Of course, for these economic solutions to work, there needs to be money involved in the first place. Such measures could not be used to counter noncommercial spam, or websites that post mug shots without offering to remove the photos for a fee. But so long as money is changing hands, payment processing services and credit card companies can be very powerful players when it comes to neutralizing online evildoers and irritants. Major payment companies like PayPal, Visa, and MasterCard operate internationally, so unlike lawmakers, their jurisdiction is not bounded by national borders, and their decisions affect nearly every Internet user and online business. A mug shot website run out of Mongolia might be tough for the Oregon or Georgia police to go after, but if it wants to collect payments from the U.S. residents whose photos it posts, it is completely at the mercy of the major Western payment providers.

This neat sidestepping of Internet jurisdiction disputes is not the only benefit of targeting online misbehavior with economics instead of laws. Credit card companies may also be able to respond more nimbly than law enforcement to changes by the online actors attempting to evade their sanctions. For instance, if the mug shot profiteers launched new sites with similar functions under different names, or partnered with different merchant banks, payment providers could adapt relatively quickly to these changes, whereas legal proceedings might move more slowly.

That’s not to say there isn’t an important and valuable role for law enforcement in preventing certain types of online activity. In San Francisco just last week, for instance, the FBI arrested Ross Ulbricht, who is believed to have created Silk Road, an online marketplace for illegal drugs. The Ulbricht arrest is a good example of online law enforcement efforts—it took time (Silk Road began operating in February 2011), it centered on the arrest of an individual located in the United States, and it involved indisputably illegal activity.

Credit card companies could not have easily targeted Silk Road—all sales on the site made use of anonymous Bitcoin digital currency—but they are much more powerful than law enforcement actors when it comes to quick, international interventions against behavior that may be unsavory but not obviously illegal. This ability to regulate behavior in the gray area between legal and illegal can be viewed as both a feature and a bug. For people trying to put their old arrest history behind them, MasterCard’s willingness to denounce mug shot websites—even though these sites are not illegal in most states—may be a blessing. But nonetheless it raises important questions about how much power these companies have and their appropriate role in passing judgment on online content. Do we want decisions about the Internet to be made based on what MasterCard considers repugnant? And does MasterCard want to be responsible for making those decisions?

Payment providers may have good reason to be wary of getting too involved in policing online content. In perhaps the most famous case of payment companies interfering with a website’s operations, in December 2010, MasterCard, Visa, and PayPal, among others, stopped processing donations to WikiLeaks, following the site’s release of secret U.S. diplomatic cables. Several of these same payment companies subsequently suffered distributed denial-of-service attacks, coordinated by Anonymous, which temporarily took down the Visa and MasterCard websites.

Payment processors have the potential to serve as a roadblock to many forms of online activity, ranging from mug shot websites to advertising spam to leaks of classified information. But in making decisions about which Internet acts are and are not allowable or desirable, they move far beyond their normal purview of moving money to a much more controversial space of value judgments and moral policing. We need to think through the burdens, responsibilities, and even risks that go along with putting on that badge. Negotiating these complexities is going to require a system of checks and balances on the Internet, and the most important part may be identifying the point at which someone can most conveniently stop the check—or decline the card.

This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.