Herrick is suing Grindr, the popular dating app for gay and bisexual men, because of it.
According to the complaint, Herrick, 32, is the victim of an elaborate revenge scheme that's playing out on Grindr's platform. An ex-boyfriend of Herrick's, who he says he met on Grindr, has allegedly been creating fake accounts since October 2016. The accounts have Herrick's photos and personal details, including some falsehoods like a claim that that he's HIV positive.
The ex allegedly invites men to Herrick's apartment and the restaurant where he works. Sometimes as many as 16 strangers each day will show up looking for Herrick. In some instances, they are told not to be dissuaded if Herrick is resistant at first, "as part of an agreed upon rape fantasy or role play."
The case raises important questions in the social media age about impersonation, stalking and harassment.
"What are Grindr's legal responsibilities," asks Aaron Mackey, a Frank Stanton legal fellow at the Electronic Frontier Foundation. "And what are its corporate and ethical responsibilities to its users when it learns that its platform is being abused in this way?"
Mackey said the answers have big implications.
As with many complaints against tech platforms, Section 230 of the 1996 Communications Decency Act is at play in the Grindr case. It's a unique legal protection that gives a broad layer of immunity to online companies from being held liable for user-generated content. Companies are supposed to act in good faith to protect users.
In 2015, Grindr used the CDA to prevail in another case. It was found not liable in a suit filed by a man who was arrested for a sexual encounter with a minor he met on the app.
But in Herrick's case, attorneys Carrie Goldberg and Tor Ekeland are relying on different laws. They're alleging product liability, fraud and deceptive business practices, according to an amended complaint filed on March 31.
"Much of our work is about finding the cracks and holes in [Section] 230," said Goldberg, who is known for taking on sexual privacy and revenge porn cases. "Companies don't deserve special protections when their product is dangerous and [Section] 230 doesn't give them protection in such cases."
Originally filed in a New York state court in January, the case was moved to federal court at Grindr's request in February.
According to the complaint, there have been more than 100 reports flagging the fake profiles in Grindr's app, resulting in only generic replies from Grindr ("Thank you for your report.").
Grindr's terms of service state that impersonation accounts aren't permitted, but it's unclear whether Grindr is capable of cracking down on the accounts. A March email from Grindr's counsel said the company cannot search for photographs, according to the complaint. "Grindr claims it cannot control who uses its product and that it lacks the basic software capabilities used by its competitors and the social media industry," it reads.
According to Matthew Zeiler, founder of image recognition startup Clarifai, there are multiple ways for companies to identify specific images on their platforms, and third party providers can help implement these capabilities.
Processes known as image hashing or visual search can detect near duplicate images from being posted on their platforms.
In a statement, Grindr said it's "committed to creating a safe environment through a system of digital and human screening tools, while also encouraging users to report suspicious and threatening activities. While we are constantly improving upon this process, it is important to remember that Grindr is an open platform. Grindr cooperates with law enforcement on a regular basis and does not condone abusive or violent behavior."
Grindr and its attorneys declined to comment further, citing the active litigation.
Last week, Facebook (FB, Tech30) announced new measures to combat the spread of "revenge porn" on its platform. It said it would apply photo-matching to ensure intimate, non-consensual images that have been reported aren't able to be re-uploaded through Facebook's properties, including Messenger and Instagram.
The original complaint against Grindr said that hookup app Scruff, which Herrick's ex was also allegedly using to create fake profiles, was able to remove profiles and ban IP addresses.
CNNTech contacted the ex-boyfriend for comment. He denied setting up fake accounts but declined to comment further.
Neville Johnson of Johnson & Johnson, LLP told CNNTech that there needs to be a law that criminalizes impersonation and protects victims online.
"Legislation has not kept up with the advancement of technology," he said. "[Companies] can identify and stop this kind of stuff -- they just don't want to take on the obligation."
Attorney David Gingras, who frequently defends companies from lawsuits under Section 230, said these types of cases will likely increase.
"There is currently a war between online speech providers and people who are unhappy with that speech. It just seems like it is getting busier. People do the worst things online and it sucks -- but that's not the issue. The issue is who to blame for it."
A lot of cases never make it to court, according to one source who told CNNTech that companies end up striking deals to take down posts, in order to avoid drawn-out legal fees.
Goldberg doesn't plan to back down; she's already planning her next move: pushing Google and Apple to remove Grindr from their app store
"If a court won't hold Grindr responsible for having a dangerous product ... we'd need to examine the liability of the 'sellers' that are making available a dangerous product," she told CNNTech. "This lawsuit puts them on notice that a dangerous product, one purportedly not controllable by its manufacturer, is being downloaded from their marketplaces."
Goldberg likened it to a car battery exploding in a person's face.
"If the manufacturer and seller both know the battery could explode, there's a duty to inform users of the risk," she said. "Not to mention a duty to evaluate whether the product is so dangerous it should be removed from the market altogether."