ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published. This article is co-published with Columbia Journalism Investigations and BuzzFeed.

Susan Deveau saw Mark Papamechail’s online dating profile on PlentyofFish in late 2016. Scrolling through his pictures, she saw a 54-year-old man, balding and broad, dressed in a T-shirt. Papamechail lived near her home in a suburb of Boston and, like Deveau, was divorced. His dating app profile said he wanted “to find someone to marry.”

Deveau had used dating websites for years, but she told her adult daughter the men she met were “dorky.” She joked about how she could get “catfished” if a date looked nothing like his picture. Still Deveau, 53, wanted to grow old with someone. The two were — in the popular dating platform’s jargon — “matched.”

A background check would have revealed that Papamechail was a three-time convicted rapist. It would have shown that Massachusetts designated him a dangerous registered sex offender. So how did PlentyofFish allow such a man to use its service?

Get Our Top Investigations Subscribe to the Big Story newsletter.

PlentyofFish “does not conduct criminal background or identity verification checks on its users or otherwise inquire into the background of its users,” the dating app states in its terms of use. It puts responsibility for policing its users on users themselves. Customers who sign its service agreement promise they haven’t commited “a felony or indictable offense (or crime of similar severity), a sex crime, or any crime involving violence,” and aren’t “required to register as a sex offender with any state, federal or local sex offender registry.” PlentyofFish doesn’t attempt to verify whether its users tell the truth, according to the company.

Papamechail didn’t scare Deveau at first. They chatted online and eventually arranged a date. They went on a second date and a third. But months after their PlentyofFish match, Deveau became the second woman to report to police that Papamechail raped her after they had met through a dating app.

PlentyofFish is among 45 online dating brands now owned by Match Group, the Dallas-based corporation that has revenues of $1.7 billion and that dominates the industry in the U.S. Its top dating app, Tinder, has 5.2 million subscribers, surpassing such popular rivals as Bumble.

For nearly a decade, its flagship website, Match, has issued statements and signed agreements promising to protect users from sexual predators. The site has a policy of screening customers against government sex offender registries. But over this same period, as Match evolved into the publicly traded Match Group and bought its competitors, the company hasn’t extended this practice across its platforms — including PlentyofFish, its second most popular dating app. The lack of a uniform policy allows convicted and accused perpetrators to access Match Group apps and leaves users vulnerable to sexual assault, a 16-month investigation by Columbia Journalism Investigations found.

Match first agreed to screen for registered sex offenders in 2011 after Carole Markin made it her mission to improve its safety practices. The site had connected her with a six-time convicted rapist who, she told police, had raped her on their second date. Markin sued the company to push for regular registry checks. The Harvard-educated entertainment executive held a high-profile press conference to unveil her lawsuit. Within months, Match’s lawyers told the judge that “a screening process has been initiated,” records show. After the settlement, the company’s attorneys declared the site was “checking subscribers against state and national sex offender registries.”

After Match connected Carole Markin with a six-time convicted rapist, she sued the company to push for regular registry checks. (Kendrick Brinson for ProPublica)

The next year, Match made similar assurances to then-California Attorney General Kamala Harris. In a 2012 agreement on best industry practices between the attorney general’s office and the dating site, among others, the company again agreed to “identify sexual predators” and examine sex offender registries. It pledged to go further and respond to users’ rape complaints with an additional safety tool: “a rapid abuse reporting system.”

Today, Match Group checks the information of its paid subscribers on Match against state sex offender lists. But it doesn’t take that step on Tinder, OkCupid or PlentyofFish — or any of its free platforms. A Match Group spokesperson told CJI the company cannot implement a uniform screening protocol because it doesn’t collect enough information from its free users — and some paid subscribers — even when they pay for premium features. Acknowledging the limitations, the spokesperson said, “There are definitely registered sex offenders on our free products.”

CJI analyzed more than 150 incidents of sexual assault involving dating apps, culled from a decade of news reports, civil lawsuits and criminal records. Most incidents occurred in the past five years and during the app users’ first in-person meeting, in parking lots, apartments and dorm rooms. Most victims, almost all women, met their male attackers through Tinder, OkCupid, PlentyofFish or Match. Match Group owns them all.

In 10% of the incidents, dating platforms matched their users with someone who had been accused or convicted of sexual assault at least once, the analysis found. Only a fraction of these cases involved a registered sex offender. Yet the analysis suggests that Match’s screening policy has helped to prevent the problem: Almost all of these cases implicated Match Group’s free apps; the only service that scours sex offender registries, Match, had none.

In 2017, Tinder matched Massachusetts registered sex offender Michael Durgin with a woman, and she later told police he had raped her on their first date; Durgin’s two rape charges were dropped after the woman “indicated that she does not wish for the Commonwealth to proceed to trial,” records show. (Durgin didn’t respond to requests for comment.) OkCupid allowed another registered sex offender, Michael Miller, of Colorado, to create a new account after his 2015 conviction for raping a woman he met through the site. For months, Miller remained on the platform despite appearing on the registries Match screens. Even Pennsylvania registered sex offender Seth Mull, whose 17-year history of sex crimes convictions began as a teen, used Match Group’s dating sites; in 2017, PlentyofFish didn’t flag his eight-year registry status before matching him with a woman who later accused him of rape. Mull is now serving life in prison for her rape and two more rapes, among other sex crimes.

Asked about the CJI data, Match Group’s spokesperson said the 157 cases “need to be put in perspective with the tens of millions of people that have used our dating products.”

The company declined multiple requests to interview executives and other key employees familiar with its protocols for addressing online dating sexual assault. The spokesperson described the steps the company takes to ensure customer safety on its platforms — from blocking users accused of sexual assault to checking across its apps for accused users’ accounts and flagging them on a companywide distribution list. Other response protocols aren’t standardized across Match Group apps.

In a brief statement, the company said it “takes the safety, security and well-being of our users very seriously.” Match Group said “a relatively small amount of the tens of millions of people using one of our dating services have fallen victim to criminal activity by predators.” It added, “We believe any incident of misconduct or criminal behavior is one too many.”

Share Your Story We Are Investigating Sexual Violence and Dating Apps We’re not done digging. Now we need your story.

Interviews with more than a dozen former Match Group employees — from customer service representatives and security managers at OkCupid to senior executives at Tinder — paint a different picture. Most left on good terms; indeed, many told CJI they’re proud of the successful relationships their platforms have facilitated. But they criticize the lack of companywide protocols. Some voice frustration over the scant training and support they received for handling users’ rape complaints. Others describe having to devise their own ad hoc procedures. Often, the company’s response fails to prevent further harm, according to CJI interviews with more than 100 dating app users, lawmakers, industry experts, former employees and police officers; reviews of hundreds of records; and a survey of app users.

Even the screening policy on the one site that checks registries, Match, is limited. The company’s spokesperson acknowledges that the website doesn’t screen all paid subscribers. The site has argued in court for years that it has no legal obligation to conduct background checks, and it fought state legislation that would require it to disclose whether it does so.

Markin, whose civil suit led to the registry policy, cannot help but feel the company has failed to deliver. Calling registry screenings “the easiest kind of cross-checking,” she said she had expected Match Group to embrace the practice.

“I did something to help other women,” she told CJI. “It’s disappointing to see Match did not.”

Susan Flaherty grew up in the 1960s outside Hoboken, New Jersey, where she developed a style that her daughter describes simply as “Jersey”: “big-haired, blonde, blue-eyed and loud.” With a head for numbers, she got a degree in finance and spent most of her adult life working as a mortgage broker.

In the mid-1990s, she walked into a bar near Naples, Maine, and came face to face with Denie Deveau, a bartender. They got married and had two children. Seven years later, they divorced. Susan kept her husband’s last name. She bounced from relationship to relationship after that. She always thought she “needed a man to come take care of her,” her 24-year-old daughter, Jackie, said.

Papamechail grew up in the 1960s in Peabody, Massachusetts, just north of Boston. He came from a prominent family that owns a construction company. Since the late 1980s, Papamechail has built a rap sheet consisting of eight criminal convictions, four of them sex crimes. He has pleaded guilty to three separate rapes.

His first rape conviction in 1987 involved a neighbor and resulted in an eight-year prison sentence and a 10-year probationary period “with special conditions to undergo sex offender treatment.” Court records show Papamechail served one year in prison and later violated his probation. Within four years, he was convicted of rape again for two more incidents. During that case, he told police he had a “problem” and needed “help,” court records show. He spent another four years behind bars. By 1994, he had spent yet another year in prison after his second conviction for indecent assault and battery, a sex crime in Massachusetts. Court records show Papamechail has served a total of at least eight years in prison. The state officially designated him a sex offender.

Papamechail declined to comment for this article. He told a CJI reporter over Facebook that “if you ever contact me or my family again I will reach out to the Massachusetts courts.”

In 2014, Papamechail became familiar to sex crimes detectives again. This time, a woman he met through PlentyofFish accused him of raping her on their first date. The claim put him in county jail without bail for two years; he was eventually acquitted after a weeklong jury trial. Still, law enforcement officials raised his sex offender status to the state’s most dangerous category, Level III, deeming him highly likely to offend again.

Nicole Xu, special to ProPublica

By the time PlentyofFish matched him with Deveau, Papamechail’s heightened status meant he would have already appeared on the state’s sex offender registry — something that PlentyofFish didn’t check, the company confirms. At the time, Deveau, a recovering alcoholic, was living in a sober house near Papamechail’s home. Over the ensuing months, the pair chatted online. They texted and spoke on the phone. They met in person; she went to his apartment twice.

Then, in October 2017, Papamechail picked up Deveau for what would be their final date, court records show. They went for dinner and returned to his home. She “expected to just hang out together,” court records note she told the grand jury, but he had “other plans.” They got into a fight. “He wanted her in the bedroom,” according to her testimony, “but she said no.” Around 7:40 p.m., court records show, she called the Peabody emergency dispatch service for help.

Deveau told the 911 dispatcher “a man was trying to rape her and had threatened her,” the court records state. “He’s coming,” she told the dispatcher, dropping the phone.

Susan Deveau is among the users in CJI’s data who reported being victimized by someone they met through a dating platform. The analysis suggests the problem has grown as the popularity of online dating has soared — in 2015, 12% of American adults were on a dating site, compared with 3% in 2008. Other studies reinforce this trend. In 2016, the U.K. National Crime Agency reviewed police reports over a five-year period and found online-dating sexual assault had increased as much as 450% — from 33 to 184 cases.

Because no one collects official statistics on online dating sexual assault in the U.S., CJI surveyed more than 1,200 women who said they had used a dating platform in the past 15 years. It is a non-scientific questionnaire about an underreported crime, and the results represent only CJI’s specific group. They are not generalizable and cannot be extrapolated to all online dating subscribers. (Read the survey’s methodology at the end of this story.) Among this small group, more than a third of the women said they were sexually assaulted by someone they had met through a dating app. Of these women, more than half said they were raped.

If such results are confirmed by further studies, the numbers would be alarming, said Bethany Backes, an assistant professor in the Violence Against Women Faculty Cluster Initiative at the University of Central Florida. Backes, who reviewed CJI’s questionnaire, noted that this one group of dating app users reported a higher rate of sexual assault than women in the general population do. Backes speculated that’s because the users sampled were actively dating. The results, she added, suggest a need for the platforms to protect their users not just online but offline as well.

“I think anyone has a moral responsibility to do something about it,” Backes said, “whether they think they have a legal or business responsibility.”

Match Group declined to comment on CJI’s survey. Its spokesperson noted that Match Group CEO Mandy Ginsberg has prioritized customer safety. “I’m a woman and a mom of a 20-year-old who uses dating apps,” the executive said in an interview in 2018 with The Wall Street Journal. “I think a lot about the safety and security, in particular, of our female users.”

In 2018, Ginsberg launched a safety council made up of leading victim advocates and other experts. Interviews with its members show that the council has focused on getting users to take action themselves rather than having the company act.

Match has long argued that such checks were too incomplete or costly for its users. Markham Erickson, a lawyer specializing in internet law who worked with Match to lobby against background checks, told CJI it was “incredibly hard” to screen online dating users. “It’s not like you’re getting the fingerprint of an individual,” he said. All a sex offender “had to do was give a false name.”

A Match Group spokesperson contends that background checks do little more than create what she calls “a false sense of security” among users. “Our checks of the sex offender registry can only be as good as the information we receive,” she said, explaining that the government databases can lack data, have old pictures or include partial information on sex offenders.

But some in the industry have argued that the onus should be on the dating app companies to check users’ backgrounds to protect their customers from predators. Herb Vest, a Texas entrepreneur who made a legislative crusade out of the issue in the 2000s, launched his own dating platform in 2003. Dubbed True.com, the company’s name reflected its policy of screening users for sex crimes and other felonies, Vest said. It paid approximately $1 million a year for third-party services like rapsheets.com and backgroundchecks.com, partly because public registries were scattershot at first, and partly because the vendors could do a more comprehensive check.

The contracts allowed the company to screen an unlimited number of subscribers each month, former True president Reuben Bell said, an expense it incorporated into membership fees totaling $50 a month. By contrast, Match charged a similar monthly rate — $60 at the time — without conducting any form of background check.

True even warned subscribers that the company would sue if they misrepresented their pasts. “If you are a felon, sex offender or married, DO NOT use our website,” it stated on its site. In 2005, the company took one registered sex offender to court after discovering he had lied about his status. The lawsuit settled. According to Vest, the man agreed to stop using dating platforms. True ultimately folded in 2013.

Another Match Group rival, a free dating app called Gatsby that operated from 2017 until this year, used government databases to screen its 20,000 users. Gatsby’s founder, Joseph Penora, told CJI in an email he was inspired to create what he calls “a creepy guy filter” after reading about a woman who was assaulted by a sex offender she had met through Match. “Our users are the backbone of our success,” Penora wrote. “Let’s do something proactive to keep them safe.”

Even former Match Group insiders agree the registries are more accessible and have fewer blind spots today. Several former security executives told CJI that such screenings would be a feasible way to help prevent online dating sexual assault — if the company invested the resources. For example, they and other experts say Match Group, which expects to make around $800 million in profits this year by one measure, could purchase an application program interface, or API, from a third-party vendor to allow it to check its users against the nearly 900,000 registered sex offenders in the U.S.

Vest still cannot understand why the industry has resisted such measures. He insists the cost of doing background checks didn’t play a role in his company’s closing. True’s bankruptcy records blame its subscription losses on banking reforms after the recession that left consumers with limited or no credit.

The company’s background-checking policy wasn’t mentioned in the thousands of pages of filings. Nor did True report owing money to its screening vendors.

“People can’t rely 100% on the sites,” Vest said. “But as an industry, we could have done much better.”

Peabody police officers responded to Deveau’s 911 call on Oct. 28, 2017, arriving at a multifamily complex with a purple door. The officers found her and Papamechail outside, court records show. There, she told the police that he had demanded sex. When she refused, she said, he pushed her against the wall and yelled, “I am going to have you one way or another.”

Peabody police had come there before. In March 2014, Janine Dunphy reported that Papamechail had raped her at his home after the two had met through PlentyofFish, which Match Group would buy within the year.

Janine Dunphy at her family cabin. In 2014, Dunphy reported that Mark Papamechail, a registered sex offender, had raped her at his home after the two had met through PlentyofFish. Dunphy saw Papamechail back on the app in 2016. (Sarah Rice, special to ProPublica)

Dunphy’s allegations sounded strikingly similar to those of Deveau, court records show. Both said he invited them to his home after a date. When they refused his sexual advances, their victim testimonies state, Papamechail — he is 6 feet, 2 inches tall and weighs 260 pounds, according to the state sex offender registry — threw them on the floor or the bed, restrained them with his arms and raped them.

Papamechail pleaded not guilty to Dunphy’s rape charge; at the 2016 trial, his defense attorney claimed the incident was consensual and questioned the influence of her medical prescriptions and financial motivations. “Her story changes,” his lawyer said at the time. “And the truth never changes.”

Dunphy never knew Papamechail was a registered sex offender when PlentyofFish had matched them, she said. During the criminal case, she told a detective that Papamechail had confided that he was kicked off the Match dating site but didn’t say why, the police report shows. Match Group declined to confirm or deny whether its flagship platform has ever blocked Papamechail. Prosecutors tried to subpoena PlentyofFish for records of his correspondence with her. Dunphy remembers that the company, which is based in Canada, refused, saying it didn’t have to comply with U.S. subpoenas.

By 2016, the registry board had raised Papamechail’s sex offender status to the highest level, indicating what the board considers “a high degree of danger to the public.” Papamechail’s listing, including a photo, appeared on the registry’s public website, where it remains today. The Massachusetts board declined to comment on Papamechail’s sex offender history, citing state laws.

“He’s going to do it over and over again,” said Dunphy, who has a lifetime restraining order barring Papamechail from contacting or abusing her. In the winter of 2016, she remembers seeing him back on PlentyofFish, which by then was owned by Match Group.

Ten months later, the Peabody detective responded to the 911 call at Papamechail’s house. Deveau reported he had raped her in a follow-up interview. “She did not tell police on the date of the incident because she stated she was afraid and she wanted to leave,” court records note. By January 2018, a grand jury had found enough evidence to indict him for rape. Papamechail pleaded not guilty. He told police that he and Deveau had been in an off-and-on sexual relationship. He maintained that he didn’t try to have sex with Deveau, and that she “woke up abruptly and was screaming at him, calling him a sex offender and a rapist,” the police report states.

In a February 2018 decision ordering his temporary detention as a “habitual offender,” Superior Court Judge Timothy Feeley ruled that Papamechail’s “propensity for sexual violence against women is uncontrollable.” The judge found that “even house arrest would not in this court’s view protect future potential victims of Papamechail’s sexual violence.” One of the reasons Feeley cited was Papamechail’s online activities.

Papamechail stands out among the convicted and alleged perpetrators in CJI’s data. Most dating app users accused of assaulting another user weren’t registered sex offenders at the time. Some had past sex crime convictions. Others were subjects of prior police complaints. But most of the time checking users’ criminal backgrounds alone would not have prevented the problem, the analysis found.

Match Group presents its rapid abuse reporting system as crucial for protecting customers from sexual assault. “Our brands also depend on our users to report any profiles engaged in concerning behavior so that we can investigate and take appropriate action,” the company states on its website. Any user can log a complaint online or through its apps. Moderators and security agents try to identify the accused user and block his account, according to the company. They check across platforms for other associated accounts.

“If there’s bad behavior on one app,” Match Group CEO Ginsberg has said, describing the company’s response protocols, “we can identify that user, we’ll kick him off all the apps.”

But some users who reported their rape claims to the company describe a different outcome. Brittney Westphal, 31, who lives outside Aspen, Colorado, said she informed Tinder in 2015 that another user had raped her on their first date. She asked the dating app how she could get a record of her conversations with the accused when he “unmatched” her — which instantly deletes the history of communication between two users — leaving her unable to give his information or a record of their conversations to police.

Tinder never replied, she said, and local authorities declined to press charges. “I made it clear to them [Tinder] like how serious this was,” Westphal said, “and then I never heard anything.” Within months, she said she spotted her alleged attacker on the app again.

A Utah college student, Madeline MacDonald, told Tinder in a December 2014 email that she “was sexually assaulted (or something very similar),” records show. She provided the app with pertinent information, including the accused’s name, age and physical description. The next day, their email correspondence shows, a Tinder employee asked for screen shots of his app profile, adding that a link to the accused’s Facebook profile “could help as well.” MacDonald offered screenshots of his Facebook page, which included his employer, town, high school and phone number. An employee responded by asking for a link to the Facebook page. MacDonald said she gave up. Eventually, she said she saw her alleged assailant back on Tinder.

Three years later, according to Dixie State University Police Chief Blair Barfuss, a detective in his unit informed MacDonald that the man she had accused had allegedly assaulted three other women he met through dating apps. Two were Match Group platforms.

And then there’s Kerry Gaude, 31, of Golden, Colorado, whose experience after Michael Miller raped her on their first date illustrates the shortcomings of Match Group’s protocols. When OkCupid matched the two in May 2014, Miller, then 28 and using the handle mike22486, was not yet a registered sex offender. Two women who had met him online told police he sexually assaulted them, but their claims didn’t lead to criminal charges. Gaude reported her rape to police, and then she emailed OkCupid and PlentyofFish. She remembers warning the platforms that a rapist was using their services to meet women.

Kerry Gaude was raped by Michael Miller after the two met on OkCupid. Miller pleaded guilty to sexual exploitation and assault charges. Gaude said she frequently saw Miller on OkCupid after the sentencing. (Rachel Woolf for ProPublica)

The following year, Miller pleaded guilty to sexual exploitation and assault charges stemming from Gaude’s claim. He got 10 years’ probation with sex offender stipulations prohibiting him from using “any applications to communicate with women in any way about sex,” court records state. He also appeared on the state’s public sex offender registry two days after his sentencing in May 2015, state officials confirm.

Yet Gaude said she frequently saw Miller on OkCupid after the sentencing. Within three months, in fact, he was charged with probation violations after admitting to using an unapproved cellphone to access the app, records show. The violations put him in a Cañon City, Colorado, prison for four years.

During the proceedings, Gaude went on local TV and warned people that Miller could victimize other OkCupid users.

Three women contacted police about their exchanges with Miller on the dating app throughout 2015. Police records show one 25-year-old got a message on OkCupid from a man with the handle lucky4me123. On his profile, the man presented himself as an “independent yet naturally caring” person who lived alone and hoped to “find that special someone.” He was, OKCupid said, a “67% match” in compatibility for the woman. She recognized Miller’s mugshot from a news article about Gaude’s warnings.

By then, Miller had been listed in the state’s online sex offender database for almost seven months. The Colorado bureau that administers the registry had no record of Match Group employees requesting information about individuals on its offender list during this time. A Match Group spokesperson confirms OkCupid never checked his registry status.

“It’s the after the fact that bothers me,” Gaude said of Miller’s ability to keep using OkCupid. “How is that not aiding and abetting?”

Match Group’s spokesperson said the company uses “industry-leading automated and manual moderation and review tools,” and spends millions every year to “prevent, monitor and remove people who engage in inappropriate behavior from our apps.”

Several former OkCupid employees familiar with the company’s complaint process say it is easy for banned individuals, like Miller, to get back on the app. The company’s moderators adopt a general “ban first” mentality for any accused user, the employees said, but once blocked, they have little ability to stop the accused from using different identifying information, or signing up for new accounts. Some say they complained about this issue to OkCupid supervisors, only to be ignored. Others say they found themselves searching public offender lists on their own.

Match Group, for its part, declined to comment.

Miller didn’t respond to repeated interview requests, and nobody answered the door when a CJI reporter visited his house. While on probation, Miller wrote to one woman on OkCupid, apologizing for his crime and pleading for “the opportunity to prove myself that im not a bad indiviual.”

Now on parole, he is subject to intensive supervision. One condition prohibits him from using online dating sites.

Some time after Deveau had reported her rape allegation to police, her daughter, Jackie, remembers being on a lunch break when she got a phone call from the assistant district attorney handling the Papamechail criminal case. Her mother had returned to drinking by then, Jackie said, and shut herself off from family.

Jackie knew her mother had experienced something bad with a date, but she didn’t know anything more until a prosecutor told her. She recalls hearing Papamechail’s litany of sex crime convictions. Still on the phone, Jackie looked him up on the internet and scrolled through news articles on Dunphy’s case. She learned about his registry status. “It was just horrifying,” Jackie said.

Jackie dialed her mother right away. Deveau sounded drunk and incoherent, so Jackie didn’t broach the criminal case. Her mother’s behavior seemed to be unraveling from the ordeal, Jackie said.

In April 2018, Jackie got another phone call about her mother. This time, she learned Deveau was in the hospital, admitted after a drinking binge, her vitals unstable. Jackie arrived at the hospital; within days, doctors were putting her mother on life support.

Deveau died on April 27, 2018, from “acute kidney failure,” her death certificate states.

By May, the Middlesex County District Attorney’s Office was forced to drop the criminal case it was building against Papamechail. It filed a formal notice ceasing prosecution on two counts of rape, citing Deveau’s death. “Without the testimony of the alleged victim in this sexual assault case,” it stated in its filing, “the Commonwealth is unable to meet its burden at trial to prove the defendant guilty beyond reasonable doubt.”

Papamechail was released from jail again but remained on the state’s registry. Once again, he would be spotted on a Match Group app.

When Jackie learned her mother had met Papamechail through PlentyofFish, she considered suing. The dating app could have prevented what happened, she said, especially considering “how severe he is as a sex offender.” Intimidated by the well-resourced company, she never did file a civil lawsuit.

Even if Jackie had gone to court, though, the Communications Decency Act would have rendered legal action practically futile. The act, passed in 1996, when internet companies were nascent and viewed as needing protection, contains a provision, known as CDA Section 230, that was originally intended to protect websites from being held liable for their users’ speech.

Companies, including Match Group, have successfully invoked CDA 230 to shield themselves from liability in incidents involving users harmed by other users, including victims of sexual assault. Internet regulation experts say the measure effectively allows online dating companies to avoid legal repercussions. In the few civil suits accusing Match Group platforms of negligence for online dating sexual assaults, its lawyers have cited CDA 230 to try to dismiss nearly every one, records show.

Olivier Sylvain, a Fordham University law professor who specializes in the ethics of media and technology, believes judges have been so overly generous in interpreting CDA 230 that they dismiss cases before an aggrieved party can even obtain information about the company’s response. “That speaks to how these companies are held unaccountable,” he said.

Only one civil suit, filed against Match in an Illinois county courthouse in 2011, has gotten around CDA 230. The case ended in an undisclosed settlement in April 2016. Over its five-year history, it pried open internal Match documents shedding light on how the site has handled online dating sexual assault.

Nicole Xu, special to ProPublica

The case dates back to December 2009, when Match connected Ryan Logan, then 33, a Chicago technology consultant, with a 31-year-old baker identified as Jane Doe. The woman, whose name has never been made public, asked to remain anonymous for this article. She told police Logan had raped her on their first date, spurring a chain of events that would lead him to be convicted of sexual assault in 2011. Around the time of his criminal trial, she learned another woman had previously accused Logan of rape and had alerted Match.

Logan “proceeded to date rape me,” the woman wrote the site in a 2007 complaint. She warned Match he could use its service to attack others.

Logan didn’t respond to multiple requests for comment for this article. Currently an Illinois registered sex offender, he was ordered to pay more than $6 million in damages to Doe as a result of her civil suit. The judge in his criminal case barred Logan from using online dating services.

Company documents obtained during the discovery process show Match’s customer service team treated the sex assault complaint as it would any other at the time: It sent the complaint to a security agent, who created an incident case file. But Match’s response ended there. “The employee who was to handle the case did not follow internal procedure and closed the case without taking action,” the documents state. The site didn’t take down Logan’s profile at the time, nor did it acknowledge the woman’s complaint.

During the civil proceedings, Match attempted to dismiss the negligence claims, citing CDA 230. In December 2013 — a year after it promised to implement registry screenings and response protocols — the dating site used the law to argue against any obligation to remove users who become subjects of sex assault complaints.

“Whatever Match does, whether they leave the profile on or take it off, even if they had knowledge, is a protected act,” James Gardner, its lawyer, claimed in court. He maintained the site shouldn’t be responsible for taking action against accused users even if it failed to remove a user after being warned about him. “Why shouldn’t they be responsible for that?” Gardner asked rhetorically. “The law says they are not. And the reason the law says they are not is because we understand that the larger purpose of internet commerce is more important.”

Circuit Court Judge Moira Johnson rejected that argument, finding “the allegations do not support conduct that is immune” under CDA 230, which covers third-party content, a hearing transcript states.

Discovery documents offered a rare window into Match’s response system. As of November 2007, court filings show, the site was keeping track of users accused of sexual assault in a spreadsheet detailing their identification numbers, handles and full names. The site handed over nearly 1,300 complaints of physical and sexual violence filed by users against other users during the two years preceding Doe’s rape. The judge ruled the spreadsheet’s contents could be redacted and the complaints sealed, making it impossible to glean whether or not Match could identify repeat offenders among its subscribers and, if so, how it responded.

Match Group declined to comment on the redacted spreadsheet’s numbers, or to release its own numbers of sex assault complaints filed with its apps.

Doe thought Match executives would be outraged that an accused rapist had been allowed back on their site, she said, but she soon learned otherwise. The site discouraged her from speaking publicly about her case, and it has yet to implement her policy recommendation for a user assault hotline. The Match Group spokesperson notes the company’s safety pages list support services for sex assault victims. But the company doesn’t sponsor its own hotline for its users.

Its lawyers pointed out in court records that Match’s “common sense recommendations” for offline user conduct advise never meeting in a private location. “We’re not going to say, ‘Oh my gosh, it was her fault that he raped her,” Gardner said during a hearing, “but she has to take some responsibility.”

Doe still tears up when she remembers how Match treated her in court. “You are not a victim,” she told CJI. “You are enemy No. 1.”

Janine Dunphy had learned, through a local newspaper article in early 2018, that Papamechail had allegedly assaulted another woman whom he met through a dating app. Then, in May last year, Dunphy got a phone call from an assistant district attorney, the same one who had handled the case involving Papamechail and Dunphy. “I have some really bad news,” she recalls the prosecutor saying. The woman had died. The rape charges had been dropped.

The news sent Dunphy on a quest to find Papamechail on PlentyofFish. She had made fake profiles to try to track him down on the platform before. She created a male profile once and posted some of his photos alongside warnings of his sex-offender status to see if the website would react. Another time she used a fake female profile without pictures to see if the app would connect them. Sometimes, she searched for his dating profiles for hours.

“I lost so much of my life,” said Dunphy, whose health has deteriorated in the years since her rape claim. Doctors have diagnosed her with blood clots from stress, therapists have treated her for post-traumatic stress disorder. Of her Papamechail date, she said, “It’s in my head every day.”

Dunphy said she continued to see Papamechail on PlentyofFish until she stopped searching last fall. (Sarah Rice, special to ProPublica)

Dunphy recalls finding his profile on PlentyofFish less than a month after she had heard about Deveau’s death. She recognized Papamechail’s pictures — a photo of himself in a car, another of an orange cat. His username was Deadbolt56. He described himself as a “coffee snob.” She took screenshots of his profile, she said, and notified PlentyofFish. She never heard back.

Match Group would not confirm or deny whether PlentyofFish ever received a complaint about Papamechail. Its spokesperson said the company’s team of security agents removed him from its platforms more than a year ago — around the time Dunphy would have filed her complaint — but didn’t answer questions about why he was barred, how many times he’s been barred or how often he’s gotten back on the apps. According to Match Group, there are no accounts associated with Papamechail on its platforms.

Dunphy said she continued to see him on PlentyofFish until she stopped searching last fall. She got tired of trying to keep Papamechail off the site, she says. She felt like she was doing the work the app should’ve been doing.

Over the past 15 years, as online dating has emerged as the most popular matchmaker among Americans, state legislators have tried to address its potential for real-world harm. The earliest proposals would have required platforms to conduct full background checks. But since online dating companies do business nationwide, and only the federal government can regulate interstate operations, they went nowhere.

State lawmakers then took a different tack and pushed to mandate that apps disclose whether or not they conduct background checks. These laws, typically enforced by state attorneys general or consumer affairs departments, fine companies if they don’t disclose. These measures explain why Match Group platforms adopted the no-check warnings buried in their Terms of Use in the first place.

In 2005, legislators — from Virginia to California, and Michigan to Florida — were debating disclosure bills championed by True.com. Vest, True’s founder, considered the company’s legislative campaign a form of marketing that would inspire brand loyalty. Generally opposed to government intervention, he saw an exception in this case. “We have a legislative branch intended to protect the citizenry,” Vest said.

Among the most vocal critics of the bills was Match. In Michigan, for example, Marshall Dye, then assistant general counsel for the website, testified at a hearing on that state’s bill. Match opposed the bill, Dye testified, on the grounds that it would give users a false sense of security. Consumers might assume that everyone on the platform had a spotless record, she argued. But no one convicted of a crime would give his real name. (Dye declined a request to comment on her testimony.)

“It’s just a buyer beware statement,” said Alan Cropsey, a Michigan state senator at the time who sponsored the failed bill because he figured industry support would be a no-brainer. Of the platforms, he said, “They don’t want the buyer to beware.”

New Jersey became the first state in 2008 to pass an online dating disclosure statute, which also required the platforms to publish safety tips — such as “Tell friends and family about your plans,” and “Meet in public and stay in public.” Legislatures in Illinois, New York and Texas soon followed suit. At times, Match lobbyists led the industry opposition in the debates.

Match Group didn’t soften its stance until 2017, when the company helped to push a measure that would lead to California’s first — albeit limited — online dating rules. State lawmakers say the #MeToo movement’s momentum drove passage of provisions that require dating platforms to offer California users the same safety tips and reporting processes already required elsewhere. The regulations don’t mandate any form of background check.

Today, just five states have regulations aimed at improving online dating customer safety. Records requests filed in those states have yielded hundreds of complaints about the industry involving contract disputes or romance scams. None involve online dating sexual assault. No state regulators have taken action against a platform for violating disclosure rules.

Former Texas State Sen. Leticia Van de Putte, who sponsored that state’s 2011 legislation, said states can only do so much to protect dating app users. “We really do need to have some sort of national framework,” she said.

Last May, Jackie sat in a conference room at her employer’s office in Portland, Maine, taking in a photograph of Deveau. It was three weeks after the first anniversary of her mother’s death, and her grief was palpable. “I need my Mom more than anything,” she wrote on her Facebook page weeks earlier. The photograph in her hand depicts Jackie as an infant, sitting in Deveau’s lap. Jackie, sucking on her mother’s finger, wears an oversized floppy pink hat. Deveau wears a wide grin.

Jackie remembers small moments growing up with her mother: a look the two would share when a snack craving overcame them. Deveau would drive Jackie to a local convenience store to order big salted pretzels. Or the pool parties her mother hosted at their home, where she always put out a good spread and welcomed everyone with open arms.

Deveau spoke constantly on the phone with Jackie as an adult — until she stopped.

Jackie wore a V-neck striped shirt, a tattoo peeking out from underneath. It depicts the jagged line of a heart monitor before Deveau’s last heartbeat. Jackie got it etched over her own heart to commemorate her mother.

Reflecting on her mother’s last months, Jackie portrayed Deveau like so many women who use online dating apps: vulnerable, at risk of assault. She doubted Deveau would have thought about registry screenings and response protocols. She finds it “disgusting” that online dating companies like Match Group would expect its female users to check sex offender lists themselves.

They may be looking for the man of their dreams on these dating apps, Jackie said, but they “can’t do that if these predators are on there.”

Share Your Story

This form requires JavaScript to complete. Powered by Screendoor.

Methodology

Columbia Journalism Investigations worked with subject matter experts primarily at Columbia University — from public health researchers to sociologists and statisticians — to craft and vet our questionnaire for dating app users. No government agency in the United States has data on online dating sexual violence, and the questionnaire was meant to initiate a larger reporting effort, bringing us leads and directions to follow. It is not a formal survey. Respondents were not selected at random from a population but instead volunteered to fill in the questionnaire. For that reason, we do not claim that our results represent the general experience of dating app users.

We relied on the online survey platform Amazon Mechanical Turk (MTurk) to distribute an initial questionnaire to identify women living in the U.S. who had used an online dating site over the past 15 years. Some researchers have used this platform to ask participants — who receive compensation for their time — about traumatic events and experiences. Following MTurk’s guidelines, we made our questionnaire available to potential respondents in all regions of the country, and we screened out anyone who had a poor record of taking questionnaires.

In all, 2,151 women responded to the initial questions establishing that they live in the U.S. and have used dating apps. Of these, 1,244 volunteered to complete our full questionnaire. Our questions included general inquiries into demographic information, online dating experiences and consensual sexual behavior. Respondents also answered five questions meant to describe acts of sexual assault and rape. These questions, developed in consultation with our experts, followed professional standards for sexual violence surveys. We eliminated results that could be classified as “bad data,” such as those from people who started but did not finish the questionnaire.

Overall, 31% of the women in the survey reported being sexually assaulted or raped by someone they had met through an online dating site.

Our database of incidents of sexual assault involving online dating platforms was created from a web scrape of a decade of news reports and civil lawsuits that CJI reporters vetted and analyzed. Most of the 157 cases took place during the past five years. We then corroborated these cases through court and police records, as well as interviews with officials and additional media reports.