Sex Tech, Security & the Law

0 Comment

This article was first published in Issue No. 3 of SexTechSpace.

When people think of sex toys, they don’t usually immediately think of seemingly unsexy topics like data security or legal issues… But, actually, they ought to.  Internet-connected sex tech is ushering in new and unique questions of exactly that – data security and the law.

When you put an internet-connected sex toy to your nether regions and press ”on,” data is, in many cases, being collected and sent to a remote admin server.  Types of data collected may include time of usage, duration of usage, settings like patterns and vibration strength selected, device temperature, etc.

Collection of data by a software provider is not unusual for most internet-of-things devices.  Given the intimate nature of the data involved with sex tech though, it’s really important that people realize that this is happening, and check into exactly what data is being collected, where it is being sent, and how it is to be used.  This data could potentially be utilized to infer very personal information about the user.

For many years, the sex toy/tech industry has been behind the times in terms of implementation of data security measures.  Things are improving, however, as companies in the industry have become more savvy.  But, in the meantime, it has cost at least one major company big bucks.

In 2016, a class action suit was filed in a federal court in Illinois against Ottawa-based Standard Innovation Corporation, the creator of the We-Vibe brand of sex toys, for failing to disclose, to users, their collection of data from their internet-connected vibrators.  The complaint in the lawsuit alleged a number of different causes of action, such as violation of the Federal Wiretap Act, violation of the Illinois Eavesdropping Act, and several others.  Although the company did not appear to have malicious intentions, and didn’t sell or share the data, it failed to disclose the collection, which basically amounted to a deficiency in its privacy policy.  For this, the business (or its insurance policy!) agreed to pay out five million Canadian dollars in 2017 as a settlement.

When we talk about things happening without our knowledge, there also comes the really interesting hypothetical issue of what if someone hacks another person’s vibrator… Or even their AI-enabled sex doll?  What if they hack in and start controlling it without the user’s knowledge or consent – Is that rape?  Is it sexual assault?  Abuse?  If not, what is it?  Is it a crime at all?

We start exploring the issue by looking at the definition of rape, sexual assault, sexual abuse, etc. in the appropriate jurisdiction.  The laws differ from state to state in the United States, and vary among countries.  As an example, let’s examine excerpts of some of the laws of my home state of New York.  As you’ll see, the analysis leaves us with more questions than answers.

Section 130.35 of the New York Code says, in pertinent part, a person commits rape in the first degree when the offender “engages in sexual intercourse with another person… by forcible compulsion. “ In our hypothetical, the hacker’s body is not actually touching the victim’s body since it’s a remote-controlled sex toy.  Can remotely controlling a sex toy used by another person be considered “sexual intercourse?”  Also, is it considered “forcible” if the victim is willingly using the sex toy, even though s/he doesn’t actually know that the hacking is happening?

Section 130.25 of the New York Code says, in pertinent part, a person commits rape in the third degree when the offender “engages in sexual intercourse with another person without such person’s consent, when such lack of consent is by some other reason than incapacity to consent.”  This is closer, but again, can remotely controlling another person’s sex toy be defined as sexual intercourse with that other person?

Section 130.52 of the New York Code says, in pertinent part, a person commits misdemeanor forcible touching when the offender intentionally and for no legitimate purpose “forcibly touches the sexual or intimate parts of another person for the purpose of degrading or abusing such person, or for the purpose of gratifying the actor’s sexual desire.”  Again, what is “forcible?”  And, what is touch – Would it require that the hacker touch the victim “body to body,” rather than a sex toy to a body?

The closest offense, in my opinion, was aggravated sexual abuse in the third degree. Section 130.66 of the New York Code says, in pertinent part, a person commits aggravated sexual abuse in the third degree when he or she, outside of a valid medical purpose, “inserts a foreign object in the vagina, urethra, penis, rectum, or anus of another person… by forcible compulsion.”  But the person hacking and controlling the vibrator may just be controlling the vibration, rather than insertion. So, does this apply?

Another one that might be close, but only if the victim is putting the vibrator on or in their anus, is New York Code Section 130.20, which defines misdemeanor sexual misconduct. This law says, in pertinent part, a person commits such crime when “he or she engages in oral sexual conduct or anal sexual conduct with another person without such person’s consent.”  What is anal sexual “conduct?”  Would control of a vibrator by a hacker, without consent, that the user is stimulating their anus with fall into that category?

So, as you can see, the advancement of Sex Tech, as an industry, will bring about many complicated issues and difficult questions.  The law typically lags behind technology.  Government bodies usually move slowly, and do not keep up to speed with the rapid pace of technological development.  Users of sex tech devices should be aware of possible issues and do their best to protect themselves, in the meantime.

Share This:


Leave a Comment