Law Commons^™

Shields Up For Software, Derek E. Bambauer, Melanie J. Teplinsky

UF Law Faculty Publications

This Article contends that the National Cybersecurity Strategy's software liability regime should incorporate two safe harbors. The first would shield software creators and vendors from liability for decisions related to design, implementation, and maintenance, as long as those choices follow enumerated best practices. The second—the “inverse safe harbor”—would have the opposite effect: coders and distributors who engaged in defined worst practices would automatically become liable. This Article explains the design, components, and justifications for these twin safe harbors. The software safe harbors are key parts of the overall design of the new liability regime and work in tandem with the …

Passcodes, Protection, And Legal Practicality: The Necessity Of A Digital Fifth Amendment, Ethan Swierczewski

Catholic University Journal of Law and Technology

No abstract provided.

Biometric Data Regulation And The Right Of Publicity: A Path To Regaining Autonomy Over Our Commodified Identity, Lisa Raimondi

University of Massachusetts Law Review

This Note explores how a right of publicity action might be used to address present day concerns regarding biometric data ownership rights where an individual’s likeness can essentially be bought and sold. As social networking and use of the internet has grown, so has the opportunity for people to engage with others and share their lives. However, that opportunity also comes with risk. More and more, people are required to accept the terms of use and privacy policies detailing how their biometric data will be collected and stored if they want to download and use certain technological applications. Most of …

Chinese Technology Platforms Operating In The United States: Assessing The Threat (Originally Published As A Joint Report Of The National Security, Technology, And Law Working Group At The Hoover Institution At Stanford University And The Tech, Law & Security Program At American University Washington College Of Law), Gary Corn, Jennifer Daskal, Jack Goldsmith, Chris Inglis, Paul Rosenzweig, Samm Sacks, Bruce Schneier, Alex Stamos, Vincent Stewart

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Contracting For Algorithmic Accountability, Cary Coglianese, Erik Lampmann

All Faculty Scholarship

As local, state, and federal governments increase their reliance on artificial intelligence (AI) decision-making tools designed and operated by private contractors, so too do public concerns increase over the accountability and transparency of such AI tools. But current calls to respond to these concerns by banning governments from using AI will only deny society the benefits that prudent use of such technology can provide. In this Article, we argue that government agencies should pursue a more nuanced and effective approach to governing the governmental use of AI by structuring their procurement contracts for AI tools and services in ways that …

Legal Risks Of Adversarial Machine Learning Research, Ram Shankar Siva Kumar, Jonathon Penney, Bruce Schneier, Kendra Albert

Articles, Book Chapters, & Popular Press

Adversarial machine learning is the systematic study of how motivated adversaries can compromise the confidentiality, integrity, and availability of machine learning (ML) systems through targeted or blanket attacks. The problem of attacking ML systems is so prevalent that CERT, the federally funded research and development center tasked with studying attacks, issued a broad vulnerability note on how most ML classifiers are vulnerable to adversarial manipulation. Google, IBM, Facebook, and Microsoft have committed to investing in securing machine learning systems. The US and EU are likewise putting security and safety of AI systems as a top priority.

Now, research on adversarial …

Politics Of Adversarial Machine Learning, Kendra Albert, Jonathon Penney, Bruce Schneier, Ram Shankar Siva Kumar

Articles, Book Chapters, & Popular Press

In addition to their security properties, adversarial machine-learning attacks and defenses have political dimensions. They enable or foreclose certain options for both the subjects of the machine learning systems and for those who deploy them, creating risks for civil liberties and human rights. In this paper, we draw on insights from science and technology studies, anthropology, and human rights literature, to inform how defenses against adversarial attacks can be used to suppress dissent and limit attempts to investigate machine learning systems. To make this concrete, we use real-world examples of how attacks such as perturbation, model inversion, or membership inference …

Who Gets To Operate On Herbie? Right To Repair Legislation In The Context Of Automated Vehicles, Jennifer J. Huseby

Journal of Law and Mobility

You bought it, you own it, but do you have the right to repair it? As right-to-repair remains a hot topic in the context of consumer electronics such as smartphones, one must consider the ramifications it may have for the automated vehicle (“AV”) industry. As the backdrop for one of the first legislative victories for right-to-repair, the automobile industry has continued to push for the expansion of right-to-repair to cover increased access to telematics and exceptions to proprietary software controls. However, as we revisit the issue for more highly connected and automated vehicles, it is important to assess the unique …

The Law Of The Tetrapods, Henry T. Greely

Vanderbilt Journal of Entertainment & Technology Law

Should there be such a thing as "Technology Law"? This Article explores that question in two ways. It first looks at four substantive issues that appear across many different areas of technology law: privacy, security, property, and responsibility. It then examines five questions that frequently recur about how to regulate very different new technologies. These questions include which agency should regulate, whether regulation should focus on before or after marketing, what jurisdiction should regulate, how relevant new information will be gained and used, and how-politically-good regulation can be enacted. This Article concludes that it may make sense to develop a …

Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera

Fordham Intellectual Property, Media and Entertainment Law Journal

As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security …

Reading Reflection Privacy And Security, Paul Sujith Rayi

School of Information Studies - Post-doc and Student Scholarship

No abstract provided.

Smart Baby Monitors: The Modern Nanny Or A Home Invader, Sarah Ensenat

Catholic University Journal of Law and Technology

Smart baby monitors exist to help parents protect and watch over their children. The smart baby monitors act as a second set of eyes when parents cannot be in the same room as their children. Low-tech hackers take advantage of gaps in the security of smart baby monitors. A hacker violates a consumer’s privacy by gaining access to private information, viewing the home and its occupants, and even speaking to children through the monitor.

This comment advocates for stricter security legislation for smart baby monitors. Without new legislation, manufacturers of smart baby monitors do not apply or invest in the …

Borders And Bits, Jennifer Daskal

Articles in Law Reviews & Other Academic Journals

Our personal data is everywhere and anywhere, moving across national borders in ways that defy normal expectations of how things and people travel from Point A to Point B. Yet, whereas data transits the globe without any intrinsic ties to territory, the governments that seek to access or regulate this data operate with territorial-based limits. This Article tackles the inherent tension between how governments and data operate, the jurisdictional conflicts that have emerged, and the power that has been delegated to the multinational corporations that manage our data across borders as a result. It does so through the lens of …

Saving Face: Unfolding The Screen Of Chinese Privacy Law, Tiffany Li, Jill Bronfman, Zhou Zhou

Faculty Scholarship

Privacy is often a subjective value, taking on meaning from specific social, historical, and cultural contexts. Western privacy scholars have so far generally limited academic study to focus on Western ideals of privacy. However, privacy – or some notion of it – can be found in almost every culture and every nation, including the growing economic powerhouse that is the People’s Republic of China. Focusing on China as a case study of non-Western privacy norms is important today, given the rapid rise of the Chinese economy and its corresponding impact on worldwide cultural norms and law. Simply put, it is …

Data Collection And The Regulatory State, Ahmed Ghappour

Faculty Scholarship

The following remarks were given on January 27, 2017 during the Connecticut Law Review’s symposium, “Privacy, Security & Power: The State of Digital Surveillance.” Hillary Greene, the Zephaniah Swift Professor of Law at the University of Connecticut School of Law, offered introductory remarks and moderated the panel. The panel included Dr. Cooper, Associate Professor of Law and Director of the Program on Economics & Privacy at Antonin Scalia Law School at George Mason University, Professor Ghappour, Visiting Assistant Professor at UC Hastings College of the Law, Attorney Lieber, Senior Privacy Policy Counsel at Google, and Dr. Wu, Professor of Law …

The Market’S Law Of Privacy: Case Studies In Privacy/Security Adoption, Chetan Gupta

Washington and Lee Law Review Online

This paper examines the hypothesis that it may be possible for individual actors in a marketplace to drive the adoption of particular privacy and security standards. It aims to explore the diffusion of privacy and security technologies in the marketplace. Using HTTPS, Two-Factor Authentication, and End-to-End Encryption as case studies, it tries to ascertain which factors are responsible for successful diffusion which improves the privacy of a large number of users. Lastly, it explores whether the FTC may view a widely diffused standard as a necessary security feature for all actors in a particular industry.

Based on the case studies …

Civil Liberty Or National Security: The Battle Over Iphone Encryption, Karen Lowell

Georgia State University Law Review

On June 5, 2013, Edward Snowden released what would be the first of many documents exposing the vast breadth of electronic surveillance the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) had been conducting on millions of United States citizens. Although the federal agencies had legal authority under the Foreign Intelligence Surveillance Act (FISA) to collect metadata from companies such as Verizon, many Americans considered this data collection to be a massive invasion of privacy.

Equipped with the knowledge of sweeping domestic surveillance programs, citizens and technology firms fighting for strong privacy and security protection, have started …

Enhancing Cybersecurity In The Private Sector By Means Of Civil Liability Lawsuits - The Connie Francis Effect, Jeffrey F. Addicott

University of Richmond Law Review

The purpose of this article is to explore the threats posed by

cybersecurity breaches, outline the steps taken by the government

to address those threats in the private sector economy, and

call attention to the ultimate solution, which will most certainly

spur private businesses to create a more secure cyber environment

for the American people-a Connie Francis-styled cyber civil

action lawsuit.

"I Want My File": Surveillance Data, Minimization, And Historical Accountability, Douglas Cox

University of Richmond Law Review

No abstract provided.

Privacy's Trust Gap, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

It can be easy to get depressed about the state of privacy these days. In an age of networked digital information, many of us feel disempowered by the various governments, companies, and criminals trying to peer into our lives to collect our digital data trails. When so much is in flux, the way we think about an issue matters a great deal. Yet while new technologies abound, our ideas and thinking — as well as our laws — have lagged in grappling with the new problems raised by the digital revolution. In their important new book, Obfuscation: A User’s Guide …

Decrypting The Fourth Amendment: Applying Fourth Amendment Principles To Evolving Privacy Expectations In Encryption Technologies, Candice Gliksberg

Loyola of Los Angeles Law Review

No abstract provided.

Paying For Privacy And The Personal Data Economy, Stacy-Ann Elvy

Articles & Chapters

Growing demands for privacy and increases in the quantity and variety of consumer data have engendered various business offerings to allow companies, and in some instances consumers, to capitalize on these developments. One such example is the emerging “personal data economy” (PDE) in which companies, such as Datacoup, purchase data directly from individuals. At the opposite end of the spectrum, the “pay-for-privacy” (PFP) model requires consumers to pay an additional fee to prevent their data from being collected and mined for advertising purposes. This Article conducts a simultaneous in-depth exploration of the impact of burgeoning PDE and PFP models. It …

13th Annual Diversity Symposium Dinner 04-07-2016, Roger Williams University School Of Law

School of Law Conferences, Lectures & Events

No abstract provided.

Ou Professor: Fourth Amendment At Heart Of Dispute Between Fbi, Apple, Stephen E. Henderson

Stephen E Henderson

The Internet Of Heirlooms And Disposable Things, Woodrow Hartzog, Evan Selinger

Faculty Scholarship

The Internet of Things (“IoT”) is here, and we seem to be going all in. We are trying to put a microchip in nearly every object that is not nailed down and even a few that are. Soon, your cars, toasters, toys, and even your underwear will be wired up to make your lives better. The general thought seems to be that “Internet connectivity makes good objects great.” While the IoT might be incredibly useful, we should proceed carefully. Objects are not necessarily better simply because they are connected to the Internet. Often, the Internet can make objects worse and …

The Continuing Battle Over Privacy Vs. Security, Ellen Cornelius

Homeland Security Publications

No abstract provided.

Deconstructing The Relationship Between Privacy And Security [Viewpoint], Gregory Conti, Lisa A. Shay, Woodrow Hartzog

Faculty Scholarship

From a government or law-enforcement perspective, one common model of privacy and security postulates that security and privacy are opposite ends of a single continuum. While this model has appealing properties, it is overly simplistic. The relationship between privacy and security is not a binary operation in which one can be traded for the other until a balance is found. One fallacy common in privacy and security discourse is that trade-offs are effective or even necessary. Consider the remarks of New York Police Department Commissioner Ray Kelly shortly after the Boston Marathon bombing, “I'm a major proponent of cameras. I …

Regulating The Internet Of Things: First Steps Toward Managing Discrimination, Privacy, Security, And Consent, Scott R. Peppet

Publications

The consumer "Internet of Things" is suddenly reality, not science fiction. Electronic sensors are now ubiquitous in our smartphones, cars, homes, electric systems, health-care devices, fitness monitors, and workplaces. These connected, sensor-based devices create new types and unprecedented quantities of detailed, high-quality information about our everyday actions, habits, personalities, and preferences. Much of this undoubtedly increases social welfare. For example, insurers can price automobile coverage more accurately by using sensors to measure exactly how you drive (e.g., Progressive 's Snapshot system), which should theoretically lower the overall cost of insurance. But the Internet of Things raises new and difficult questions …

Getting The Balance Right Between Information Security And Privacy Rights, Katina Michael

Associate Professor Katina Michael

- Laws, regulations, industry guidelines, and codes for new technologies and their use - The balance between encouraging innovation and future proofing technology-related policy - The difference between the existence of legislation and the enforcement of that legislation - Citizen responses to the fear of policing and security controls

The Fight To Frame Privacy, Woodrow Hartzog

Michigan Law Review

In his important new book, Nothing to Hide: The False Tradeoff Between Privacy and Security, Daniel Solove argues that if we continue to view privacy and security as diametrically opposed to each other, privacy will always lose. Solove argues that the predetermined abandonment of privacy in security-related disputes means that the structure of the privacy-security debate is inherently flawed. Solove understands that privacy is far too vital to our freedom and democracy to accept its inevitable demise. The central thesis of this Review is that Solove's polemic is a strong and desperately needed collection of frames that counterbalances the "nothing …