Law Commons^™

Distinguishing Privacy Law: A Critique Of Privacy As Social Taxonomy, María P. Angel, Ryan Calo

Articles

What distinguishes privacy violations from other harms? This has proven a surprisingly difficult question to answer. For over a century, privacy law scholars labored to define the elusive concept of privacy. Then they gave up. Efforts to distinguish privacy were superseded at the turn of the millennium by a new approach: a taxonomy of privacy problems grounded in social recognition. Privacy law became the field that simply studies whatever courts or scholars talk about as related to privacy.

Decades into privacy as social taxonomy, the field has expanded to encompass a broad range of information-based harms—from consumer manipulation to algorithmic …

Wrong Search At The Wrong Time: Keyword Search Warrants And The Fourth Amendment, Nicole Chan

Articles

This Note will advocate for the view that when presented with the issue, state and federal courts should establish that keyword search warrants are unconstitutional because they violate the Fourth Amendment. Keyword search warrants cannot meet the Fourth Amendment’s requirements of probable cause and particularity because the subjects of the search cannot be identified until after the search is completed. These warrants are unnecessary and have the potential of implicating millions of internet users who have no connection to a crime. This Note will contend that individuals have a reasonable expectation of privacy in their search history data, and that …

Who Owns Data? Constitutional Division In Cyberspace, Dongsheng Zang

Articles

Privacy emerged as a concern as soon as the internet became commercial. In early 1995, Lawrence Lessig warned that the internet, though giving us extraordinary potential, was “not designed to protect individuals against this extraordinary potential for others to abuse.” The same technology can “destroy the very essence of what now defines individuality.” Lessig urged that “a constitutional balance will have to be drawn between these increasingly important interests in privacy, and the competing interest in collective security.” Lessig envisioned that creating property rights in data would help individuals by giving them control of their data. As utopian as property …

Privacy And National Politics: Fingerprint And Dna Litigation In Japan And The United States Compared, Dongsheng Zang

Articles

Drawing cases from two related areas of law-fingerprint and DNA (deoxyribonucleic acid) data-this Article proposes a modified framework, built on the Balkin-Levinson emphasis on national politics: First, national politics understood as partisan rivalry cannot account for what I call doctrinal lock-in in this Article, where I will demonstrate that in different stages of American politics-the Lochner era, the New Deal era, and Civil Rights era-courts across the nation ruled predominantly in favor of public data collectors-state and federal law enforcement in fingerprint cases. From the 1990s, when DNA data became hot targets of law enforcement, the United States Supreme Court …

Self-Control Of Personal Data And The Constitution In East Asia, Dongsheng Zang

Articles

No abstract provided.

Pandemic Surveillance Discrimination, Christian Sundquist

Articles

The COVID-19 pandemic has laid bare the abiding tension between surveillance and privacy. Public health epidemiology has long utilized a variety of surveillance methods—such as contact tracing, quarantines, and mandatory reporting laws—to control the spread of disease during past epidemics and pandemics. Officials have typically justified the resulting intrusions on privacy as necessary for the greater public good by helping to stave off larger health crisis. The nature and scope of public health surveillance in the battle against COVID-19, however, has significantly changed with the advent of new technologies. Digital surveillance tools, often embedded in wearable technology, have greatly increased …

Privacy In The Age Of Medical Big Data, W. Nicholson Price Ii, I. Glenn Cohen

Articles

Big data has become the ubiquitous watch word of medical innovation. The rapid development of machine-learning techniques and artificial intelligence in particular has promised to revolutionize medical practice from the allocation of resources to the diagnosis of complex diseases. But with big data comes big risks and challenges, among them significant questions about patient privacy. Here, we outline the legal and ethical challenges big data brings to patient privacy. We discuss, among other topics, how best to conceive of health privacy; the importance of equity, consent, and patient governance in data collection; discrimination in data uses; and how to handle …

Taking Data, Michael C. Pollack

Articles

Technological development has created new forms of information, altered expectations of privacy, and given law enforcement more tools to examine that information and intrude on that privacy. One crucial facet of these changes involves internet service providers (ISPs): as people expose more of their lives to their ISPs—all the websites they visit, people they communicate with, emails they send, files they store, and more—law enforcement efforts to access that data become more and more common. But scholars and policymakers alike recognize that the existing statutory frameworks governing those efforts are based on obsolete technology and strike balances that are difficult …

Artificial Intelligence In Health Care: Applications And Legal Implications, W. Nicholson Price Ii

Articles

Artificial intelligence (AI) is rapidly moving to change the healthcare system. Driven by the juxtaposition of big data and powerful machine learning techniques—terms I will explain momentarily—innovators have begun to develop tools to improve the process of clinical care, to advance medical research, and to improve efficiency. These tools rely on algorithms, programs created from healthcare data that can make predictions or recommendations. However, the algorithms themselves are often too complex for their reasoning to be understood or even stated explicitly. Such algorithms may be best described as “black-box.” This article briefly describes the concept of AI in medicine, including …

Ancient Worries And Modern Fears: Different Roots And Common Effects Of U.S. And Eu Privacy Regulation, David Thaw, Pierluigi Perri

Articles

Much legal and technical scholarship discusses the differing views of the United States and European Union toward privacy concepts and regulation. A substantial amount of effort in recent years, in both research and policy, focuses on attempting to reconcile these viewpoints searching for a common framework with a common level of protection for citizens from both sides of Atlantic. Reconciliation, we argue, misunderstands the nature of the challenge facing effective cross-border data flows. No such reconciliation can occur without abdication of some sovereign authority of nations, that would require the adoption of an international agreement with typical tools of international …

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Privacy, Vulnerability, And Affordance, Ryan Calo

Articles

This essay begins to unpack the complex, sometimes contradictory relationship between privacy and vulnerability. I begin by exploring how the law conceives of vulnerability — essentially, as a binary status meriting special consideration where present. Recent literature recognizes vulnerability not as a status but as a state — a dynamic and manipulable condition that everyone experiences to different degrees and at different times. I then discuss various ways in which vulnerability and privacy intersect. I introduce an analytic distinction between vulnerability rendering, i.e., making a person more vulnerable, and the exploitation of vulnerability whether manufactured or native. I also describe …

Democratic Surveillance, Mary Anne Franks

Articles

No abstract provided.

Country By Country Reporting And Corporate Privacy: Some Unanswered Questions, Reuven S. Avi-Yonah

Articles

Corporate privacy is an oxymoron. Individuals have a right to privacy, which the Supreme Court has recognized at least since Griswold v. Connecticut (1965). Warren and Brandeis’ famous defense of the right to privacy (1890) clearly applied only to individuals, because only individuals have the kind of feelings that are affected by invasions of privacy. Corporations are legal entities, and the concept of privacy does not apply to them, as the Supreme Court held in 1906. Thus, any objection to making corporate tax returns public cannot rest on the right to privacy. In fact, corporate returns were made public in …

Riley V. California And The Beginning Of The End For The Third-Party Search Doctrine, David A. Harris

Articles

In Riley v. California, the Supreme Court decided that when police officers seize a smart phone, they may not search through its contents -- the data found by looking into the call records, calendars, pictures and so forth in the phone -- without a warrant. In the course of the decision, the Court said that the rule applied not just to data that was physically stored on the device, but also to data stored "in the cloud" -- in remote sites -- but accessed through the device. This piece of the decision may, at last, allow a re-examination of …

Privacy, Public Disclosure, Police Body Cameras: Policy Splits, Mary D. Fan

Articles

When you call the police for help—or someone calls the police on you—do you bear the risk that your worst moments will be posted on YouTube for public viewing? Police officers enter some of the most intimate incidences of our lives—after an assault, when we are drunk and disorderly, when someone we love dies in an accident, when we are distraught, enraged, fighting, and more. As police officers around the nation begin wearing body cameras in response to calls for greater transparency, communities are wrestling with how to balance privacy with public disclosure.

This Article sheds light on the balances …

Intelligence Legalism And The National Security Agency’S Civil Liberties Gap, Margo Schlanger

Articles

Since June 2013, we have seen unprecedented security breaches and disclosures relating to American electronic surveillance. The nearly daily drip, and occasional gush, of once-secret policy and operational information makes it possible to analyze and understand National Security Agency activities, including the organizations and processes inside and outside the NSA that are supposed to safeguard American’s civil liberties as the agency goes about its intelligence gathering business. Some have suggested that what we have learned is that the NSA is running wild, lawlessly flouting legal constraints on its behavior. This assessment is unfair. In fact, the picture that emerges from …

Taxation And Surveillance: An Agenda, Michael Hatfield

Articles

Among government agencies, the IRS likely has the surest legal claim to the most information about the most Americans: their hobbies, religious affiliations, reading activities, travel, and medical information are all potentially tax relevant. Privacy scholars have studied the arrival of Big Data, the internet-of-things, and the cooperation of private companies with the government in surveillance, but neither privacy nor tax scholars have considered how these technological advances should impact the U.S. tax system. As government agencies and private companies increasingly pursue what has been described as the “growing gush of data,” the use of these technologies in tax administration …

Self-Defense Against Robots And Drones, A. Michael Froomkin, P. Zak Colangelo

Articles

Robots can pose-or can appear to pose-a threat to life, property, and privacy. May a landowner legally shoot down a trespassing drone? Can she hold a trespassing autonomous car as security against damage done or further torts? Is the fear that a drone may be operated by a paparazzo or Peeping Tom sufficient grounds to disable or interfere with it? How hard may you shove if the office robot rolls over your foot? This Article addresses all those issues and one more. what rules and standards we could put into place to make the resolution of those questions easier and …

Push, Pull, And Spill: A Transdisciplinary Case Study In Municipal Open Government, Jan Whittington, Ryan Calo, Mike Simon, Jesse Woo, Meg Young, Perter Schmiedeskamp

Articles

Municipal open data raises hopes and concerns. The activities of cities produce a wide array of data, data that is vastly enriched by ubiquitous computing. Municipal data is opened as it is pushed to, pulled by, and spilled to the public through online portals, requests for public records, and releases by cities and their vendors, contractors, and partners. By opening data, cities hope to raise public trust and prompt innovation. Municipal data, however, is often about the people who live, work, and travel in the city. By opening data, cities raise concern for privacy and social justice.

This article presents …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

Reasonable Expectations Of Privacy Settings: Social Media And The Stored Communications Act, David Thaw, Christopher Borchert, Fernando Pinguelo

Articles

In 1986, Congress passed the Stored Communications Act (“SCA”) to provide additional protections for individuals’ private communications content held in electronic storage by third parties. Acting out of direct concern for the implications of the Third-Party Records Doctrine — a judicially created doctrine that generally eliminates Fourth Amendment protections for information entrusted to third parties — Congress sought to tailor the SCA to electronic communications sent via and stored by third parties. Yet, because Congress crafted the SCA with language specific to the technology of 1986, courts today have struggled to apply the SCA consistently with regard to similar private …

Can Americans Resist Surveillance?, Ryan Calo

Articles

This Essay analyzes the ability of everyday Americans to resist and alter the conditions of government surveillance. Americans appear to have several avenues of resistance or reform. We can vote for privacy-friendly politicians, challenge surveillance in court, adopt encryption or other technologies, and put market pressure on companies not to cooperate with law enforcement.

In practice, however, many of these avenues are limited. Reform-minded officials lack the capacity for real oversight. Litigants lack standing to invoke the Constitution in court. Encryption is not usable and can turn citizens into targets. Citizens can extract promises from companies to push back against …

Regulating Mass Surveillance As Privacy Pollution: Learning From Environmental Impact Statements, A. Michael Froomkin

Articles

Encroachments on privacy through mass surveillance greatly resemble the pollution crisis in that they can be understood as imposing an externality on the surveilled. This Article argues that this resemblance also suggests a solution: requiring those conducting mass surveillance in and through public spaces to disclose their plans publicly via an updated form of environmental impact statement, thus requiring an impact analysis and triggering a more informed public conversation about privacy. The Article first explains how mass surveillance is polluting public privacy and surveys the limited and inadequate doctrinal tools available to respond to mass surveillance technologies. Then, it provides …

From Anonymity To Identification, A. Michael Froomkin

Articles

This article examines whether anonymity online has a future. In the early days of the Internet, strong cryptography, anonymous remailers, and a relative lack of surveillance created an environment conducive to anonymous communication. Today, the outlook for online anonymity is poor. Several forces combine against it: ideologies that hold that anonymity is dangerous, or that identifying evil-doers is more important than ensuring a safe mechanism for unpopular speech; the profitability of identification in commerce; government surveillance; the influence of intellectual property interests and in requiring hardware and other tools that enforce identification; and the law at both national and supranational …

The 1 Percent Solution: Corporate Tax Returns Should Be Public (And How To Get There), Reuven S. Avi-Yonah, Ariel Siman

Articles

The justification for publishing corporate tax returns is that corporations are given immense benefits by the state that bestows upon them unlimited life and limited liability, and therefore they owe the public the information of how they treat the state that created them. Tax returns, like the financial disclosures that publicly traded corporations must file with the SEC, also provide useful information to shareholders, creditors, and the investing public.

Hands Off Our Fingerprints: State, Local, Andindividual Defiance Of Federal Immigrationenforcement, Christine N. Cimini

Articles

Secure Communities, though little-known outside law-enforcement circles, is one of the most powerful of the federal government’s immigration enforcement programs. Under Secure Communities, fingerprints collected by state and local law enforcement and provided to the Federal Bureau of Investigation for criminal background checks are automatically shared with the Department of Homeland Security, which checks the fingerprints against its immigration database. In the event of a match, an immigration detainer can be issued and an individual held after they would otherwise be entitled to release. Originally designed as a voluntary program in which local governments could choose to participate, the Department …

Privacy Harm Exceptionalism, Ryan Calo

Articles

“Exceptionalism” refers to the belief that a person, place, or thing is qualitatively different from others in the same basic category. Thus, some have spoken of America’s exceptionalism as a nation. Early debates about the Internet focused on the prospect that existing laws and institutions would prove inadequate to govern the new medium of cyberspace. Scholars have made similar claims about other areas of law.

The focus of this short essay is the supposed exceptionalism of privacy. Rather than catalogue all the ways that privacy might differ from other concepts or areas of study, I intend to focus on the …

Surveillance At The Source, David Thaw

Articles

Contemporary discussion concerning surveillance focuses predominantly on government activity. These discussions are important for a variety of reasons, but generally ignore a critical aspect of the surveillance-harm calculus – the source from which government entities derive the information they use. The source of surveillance data is the information "gathering" activity itself, which is where harms like "chilling" of speech and behavior begin.

Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals' …

Rethinking Online Privacy In Canada: Commentary On Voltage Pictures V. John And Jane Doe, Ngozi Okidegbe

Articles

This article problematizes the use of the bona fide case standard as the legal standard for a court to order a third party Internet Service Provider ("ISP") to disclose subscriber information to a copyright owner in online piracy cases. It argues that ISP account holders have a reasonable expectation of privacy in their subscriber information. It contends that the current bona fide case standard affords a relatively low threshold of protection for Internet users’ subscriber information. The reason for which the article takes this position is that the bona fide case standard can be met solely by IP address evidence, …