Computer Law Commons^™

The Failure Of Market Efficiency, William Magnuson

Faculty Scholarship

Recent years have witnessed the near total triumph of market efficiency as a regulatory goal. Policymakers regularly proclaim their devotion to ensuring efficient capital markets. Courts use market efficiency as a guiding light for crafting legal doctrine. And scholars have explored in great depth the mechanisms of market efficiency and the role of law in promoting it. There is strong evidence that, at least on some metrics, our capital markets are indeed more efficient than they have ever been. But the pursuit of efficiency has come at a cost. By focusing our attention narrowly on economic efficiency concerns—such as competition, …

A Guide To Federal Broadband Funding Programs - Overview Of Bead (Updated) - June 2022, New York Law School

Reports and Resources

No abstract provided.

Revolt Against The U.S. Hegemony: Judicial Divergence In Cyberspace, Dongsheng Zang

Articles

This Article contributes to our understanding of the current state of cyber law. The global perspective demonstrates an almost uniform response to the U.S. law in cyberspace from all of America's major trading partners. In the past, comparative studies tended to focus on a single jurisdiction-typically, the European Union-and compared it with the United States. This approach, informative as it was, significantly understated the gravity of the differences between that jurisdiction and the United States. Fundamentally, it was based on an American-centric outlook with primary interests in building convergence models. In cyberspace, however, this is simply not helpful. In recent …

It's Time To Reform The U.S. Vulnerabilities Equities Process, Amy Gaudion

Faculty Scholarly Works

No abstract provided.

Recognizing The Role Of Inspectors General In The U.S. Government's Cybersecurity Restructuring Task, Amy Gaudion

Faculty Scholarly Works

Months prior to the 2015 public disclosure of a data breach at the U.S. government’s Office of Personnel and Management (OPM), the Office of the Inspector General for OPM issued a report that identified significant deficiencies and material weaknesses in a number of the agency’s information systems and IT security programs. In response to the 2020 SolarWinds supply chain hack, attributed to Russia, calls are underway for inspectors general to conduct audits and inspections and to review prior inspector general assessments of information systems and vulnerabilities at federal agencies. The use of inspectors general to assess information system vulnerabilities and …

Administrative Law In The Automated State, Cary Coglianese

All Faculty Scholarship

In the future, administrative agencies will rely increasingly on digital automation powered by machine learning algorithms. Can U.S. administrative law accommodate such a future? Not only might a highly automated state readily meet longstanding administrative law principles, but the responsible use of machine learning algorithms might perform even better than the status quo in terms of fulfilling administrative law’s core values of expert decision-making and democratic accountability. Algorithmic governance clearly promises more accurate, data-driven decisions. Moreover, due to their mathematical properties, algorithms might well prove to be more faithful agents of democratic institutions. Yet even if an automated state were …

Algorithmic Impact Assessments Under The Gdpr: Producing Multi-Layered Explanations, Margot E. Kaminski, Gianclaudio Malgieri

Publications

Policy-makers, scholars, and commentators are increasingly concerned with the risks of using profiling algorithms and automated decision-making. The EU’s General Data Protection Regulation (GDPR) has tried to address these concerns through an array of regulatory tools. As one of us has argued, the GDPR combines individual rights with systemic governance, towards algorithmic accountability. The individual tools are largely geared towards individual “legibility”: making the decision-making system understandable to an individual invoking her rights. The systemic governance tools, instead, focus on bringing expertise and oversight into the system as a whole, and rely on the tactics of “collaborative governance,” that is, …

Persuasion About/Without International Law: The Case Of Cybersecurity Norms, Steven R. Ratner

Book Chapters

International law on cybersecurity is characterized by at best a thin consensus on the existence of rules, their meaning, and the desirability and content of new rules. This legal landscape results in a unique pattern of argumentation and persuasion by states and non-state actors both in advocating for a regulatory scheme for cyber activity and in reacting to malicious cyber acts. By examining argumentation in the absence of a generally agreed legal framework, this chapter seeks to provide new insights into the motivations for and effects of international legal argumentation in shaping debates and behavior. After describing the legal landscape …

Data-Informed Duties In Ai Development, Frank A. Pasquale

Faculty Scholarship

Law should help direct—and not merely constrain—the development of artificial intelligence (AI). One path to influence is the development of standards of care both supplemented and informed by rigorous regulatory guidance. Such standards are particularly important given the potential for inaccurate and inappropriate data to contaminate machine learning. Firms relying on faulty data can be required to compensate those harmed by that data use—and should be subject to punitive damages when such use is repeated or willful. Regulatory standards for data collection, analysis, use, and stewardship can inform and complement generalist judges. Such regulation will not only provide guidance to …

Administrative Truth: Comments On Cortez’S Information Mischief, David Thaw

Articles

This short essay responds to Professor Nathan Cortez’s argument describing an emerging “information policy” reflecting on the practices of President Donald J. Trump’s executive administration (the “Trump Administration”) regarding the development, release, and management of official information. Professor Cortez argues that viewed holistically, this information policy suggests a shift toward the use of information practices by administrative agencies for purposes other than “neutral principles” and rather focusing on a “more cynical [use] of government information.”

This argument may be well-founded, and the Trump Administration certainly has been criticized widely for the relationship between its public statements and widespread media interpretation …

Binary Governance: Lessons From The Gdpr’S Approach To Algorithmic Accountability, Margot E. Kaminski

Publications

Algorithms are now used to make significant decisions about individuals, from credit determinations to hiring and firing. But they are largely unregulated under U.S. law. A quickly growing literature has split on how to address algorithmic decision-making, with individual rights and accountability to nonexpert stakeholders and to the public at the crux of the debate. In this Article, I make the case for why both individual rights and public- and stakeholder-facing accountability are not just goods in and of themselves but crucial components of effective governance. Only individual rights can fully address dignitary and justificatory concerns behind calls for regulating …

That Was Close! Reward Reporting Of Cybersecurity “Near Misses”, Jonathan Bair, Steven M. Bellovin, Andrew Manley, Blake Reid, Adam Shostak

Publications

Building, deploying, and maintaining systems with sufficient cybersecurity is challenging. Faster improvement would be valuable to society as a whole. Are we doing as much as we can to improve? We examine robust and long-standing systems for learning from near misses in aviation, and propose the creation of a Cyber Safety Reporting System (CSRS).

To support this argument, we examine the liability concerns which inhibit learning, including both civil and regulatory liability. We look to the way in which cybersecurity engineering and science is done today, and propose that a small amount of ‘policy entrepreneurship’ could have substantial positive impact. …

Regulating Robo Advice Across The Financial Services Industry, Tom Baker, Benedict G. C. Dellaert

All Faculty Scholarship

Automated financial product advisors – “robo advisors” – are emerging across the financial services industry, helping consumers choose investments, banking products, and insurance policies. Robo advisors have the potential to lower the cost and increase the quality and transparency of financial advice for consumers. But they also pose significant new challenges for regulators who are accustomed to assessing human intermediaries. A well-designed robo advisor will be honest and competent, and it will recommend only suitable products. Because humans design and implement robo advisors, however, honesty, competence, and suitability cannot simply be assumed. Moreover, robo advisors pose new scale risks that …

Common Carriage’S Domain, Christopher S. Yoo

All Faculty Scholarship

The judicial decision invalidating the Federal Communications Commission's first Open Internet Order has led advocates to embrace common carriage as the legal basis for network neutrality. In so doing, network neutrality proponents have overlooked the academic literature on common carriage as well as lessons from its implementation history. This Essay distills these learnings into five factors that play a key role in promoting common carriage's success: (1) commodity products, (2) simple interfaces, (3) stability and uniformity in the transmission technology, (4) full deployment of the transmission network, and (5) stable demand and market shares. Applying this framework to the Internet …

The Gdpr’S Version Of Algorithmic Accountability, Margot Kaminski

Publications

No abstract provided.

Regulating By Robot: Administrative Decision Making In The Machine-Learning Era, Cary Coglianese, David Lehr

All Faculty Scholarship

Machine-learning algorithms are transforming large segments of the economy, underlying everything from product marketing by online retailers to personalized search engines, and from advanced medical imaging to the software in self-driving cars. As machine learning’s use has expanded across all facets of society, anxiety has emerged about the intrusion of algorithmic machines into facets of life previously dependent on human judgment. Alarm bells sounding over the diffusion of artificial intelligence throughout the private sector only portend greater anxiety about digital robots replacing humans in the governmental sphere. A few administrative agencies have already begun to adopt this technology, while others …

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

The Notion And Practice Of Reputation And Professional Identity In Social Networking: From K-12 Through Law School, Roberta Bobbie Studwell

Faculty Scholarship

No abstract provided.

Regulating Software When Everything Has Software, Paul Ohm, Blake Reid

Publications

This Article identifies a profound, ongoing shift in the modern administrative state: from the regulation of things to the regulation of code. This shift has and will continue to place previously isolated agencies in an increasing state of overlap, raising the likelihood of inconsistent regulations and putting seemingly disparate policy goals, like privacy, safety, environmental protection, and copyright enforcement, in tension. This Article explores this problem through a series of case studies and articulates a taxonomy of code regulations to help place hardware-turned-code rules in context. The Article considers the likely turf wars, regulatory thickets, and related dynamics that are …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

Reasonable Expectations Of Privacy Settings: Social Media And The Stored Communications Act, David Thaw, Christopher Borchert, Fernando Pinguelo

Articles

In 1986, Congress passed the Stored Communications Act (“SCA”) to provide additional protections for individuals’ private communications content held in electronic storage by third parties. Acting out of direct concern for the implications of the Third-Party Records Doctrine — a judicially created doctrine that generally eliminates Fourth Amendment protections for information entrusted to third parties — Congress sought to tailor the SCA to electronic communications sent via and stored by third parties. Yet, because Congress crafted the SCA with language specific to the technology of 1986, courts today have struggled to apply the SCA consistently with regard to similar private …

Drones, Henry H. Perritt Jr., Eliot O. Sprague

All Faculty Scholarship

Abstract

Drone technology is evolving rapidly. Microdrones—what the FAA calls “sUAS”—already on the market at the $1,000 level, have the capability to supplement manned helicopters in support of public safety operations, news reporting, and powerline and pipeline patrol, when manned helicopter support is infeasible, untimely, or unsafe.

Larger drones–"machodrones”–are not yet available outside battlefield and counterterrorism spaces. Approximating the size of manned helicopters, but without pilots, or with human pilots being optional, their design is still in its infancy as designers await greater clarity in the regulatory requirements that will drive airworthiness certification.

This article evaluates drone technology and design …

The Efficacy Of Cybersecurity Regulation, David Thaw

Articles

Cybersecurity regulation presents an interesting quandary where, because private entities possess the best information about threats and defenses, legislatures do – and should – deliberately encode regulatory capture into the rulemaking process. This relatively uncommon approach to administrative law, which I describe as Management-Based Regulatory Delegation, involves the combination of two legislative approaches to engaging private entities' expertise. This Article explores the wisdom of those choices by comparing the efficacy of such private sector engaged regulation with that of a more traditional, directive mode of regulating cybersecurity adopted by the state legislatures. My analysis suggests that a blend of these …

Enlightened Regulatory Capture, David Thaw

Articles

Regulatory capture generally evokes negative images of private interests exerting excessive influence on government action to advance their own agendas at the expense of the public interest. There are some cases, however, where this conventional wisdom is exactly backwards. This Article explores the first verifiable case, taken from healthcare cybersecurity, where regulatory capture enabled regulators to harness private expertise to advance exclusively public goals. Comparing this example to other attempts at harnessing industry expertise reveals a set of characteristics under which regulatory capture can be used in the public interest. These include: 1) legislatively-mandated adoption of recommendations by an advisory …

Wickard For The Internet? Network Neutrality After Verizon V. Fcc, Christopher S. Yoo

All Faculty Scholarship

The D.C. Circuit’s January 2014 decision in Verizon v. FCC represented a major milestone in the debate over network neutrality that has dominated communications policy for the past decade. This article analyzes the implications of the D.C. Circuit’s ruling, beginning with a critique of the court’s ruling that section 706 of the Telecommunications Act of 1996 gave the Federal Communications Commission (FCC) the authority to mandate some form of network neutrality. Examination of the statute’s text, application of canons of construction such as ejusdem generis and noscitur a sociis, and a perusal of the statute’s legislative history all raise questions …

Is There A Role For Common Carriage In An Internet-Based World?, Christopher S. Yoo

All Faculty Scholarship

During the course of the network neutrality debate, advocates have proposed extending common carriage regulation to broadband Internet access services. Others have endorsed extending common carriage to a wide range of other Internet-based services, including search engines, cloud computing, Apple devices, online maps, and social networks. All too often, however, those who focus exclusively on the Internet era pay too little attention to the lessons of the legacy of regulated industries, which has long struggled to develop a coherent rationale for determining which industries should be subject to common carriage. Of the four rationales for determining the scope of common …

Enhancing Public Access To Online Rulemaking Information, Cary Coglianese

All Faculty Scholarship

One of the most significant powers exercised by federal agencies is their power to make rules. Given the importance of agency rulemaking, the process by which agencies develop rules has long been subject to procedural requirements aiming to advance democratic values of openness and public participation. With the advent of the digital age, government agencies have engaged in increasing efforts to make rulemaking information available online as well as to elicit public participation via electronic means of communication. How successful are these efforts? How might they be improved? In this article, I investigate agencies’ efforts to make rulemaking information available …

Supervising Managed Services, James B. Speta

Faculty Working Papers

Many Internet-access providers simultaneously offer Internet access and other services, such as traditional video channels, video on demand, voice calling, and other emerging services, through a single, converged platform. These other services—which can be called "managed services" because the carrier offers them only to its subscribers in a manner designed to ensure some quality of service—in many circumstances will compete with services that are offered by unaffiliated parties as applications or services on the Internet. This situation creates an important interaction effect between the domains of Internet access and managed services, an effect that has largely been missing from the …

When Machines Are Watching: How Warrantless Use Of Gps Surveillance Technology Violates The Fourth Amendment Right Against Unreasonable Searches, David Thaw, Priscilla Smith, Nabiha Syed, Albert Wong

Articles

Federal and state law enforcement officials throughout the nation are currently using Global Positioning System (GPS) technology for automated, prolonged surveillance without obtaining warrants. As a result, cases are proliferating in which criminal defendants are challenging law enforcement’s warrantless uses of GPS surveillance technology, and courts are looking for direction from the Supreme Court. Most recently, a split has emerged between the Ninth and D.C. Circuit Courts of Appeal on the issue. In United States v. Pineda-Moreno, the Ninth Circuit relied on United States v. Knotts — which approved the limited use of beeper technology without a warrant — to …

Product Life Cycle Theory And The Maturation Of The Internet, Christopher S. Yoo

All Faculty Scholarship

Much of the recent debate over Internet policy has focused on the permissibility of business practices that are becoming increasingly common, such as new forms of network management, prioritization, pricing, and strategic partnerships. This Essay analyzes these developments through the lens of the management literature on the product life cycle, dominant designs, technological trajectories and design hierarchies, and the role of complementary assets in determining industry structure. This analysis suggests that many of these business practices may represent nothing more than a reflection of how the nature of competition changes as industries mature. This in turn suggests that network neutrality …