Computer Law Commons^™

Ispy: Threats To Individual And Institutional Privacy In The Digital World, Lori Andrews

All Faculty Scholarship

What type of information is collected, who is viewing it, and what law librarians can do to protect their patrons and institutions.

From The National Surveillance State To The Cybersurveillance State, Margaret Hu

Scholarly Articles

This article anchors the phenomenon of bureaucratized cybersurveillance around the concept of the National Surveillance State, a theory attributed to Professor Jack Balkin of Yale Law School and Professor Sanford Levinson of the University of Texas School of Law. Pursuant to the theory of the National Surveillance State, because of the routinized and administrative nature of government-led surveillance, normalized mass surveillance is viewed as justified under crime and counterterrorism policy rationales. This article contends that the Cybersurveillance State is the successor to the National Surveillance State. The Cybersurveillance State harnesses technologies that fuse biometric and biographic data for risk assessment, …

Peeling Back The Student Privacy Pledge, Alexi Pfeffer-Gillett

Scholarly Articles

Education software is a multi-billion dollar industry that is rapidly growing. The federal government has encouraged this growth through a series of initiatives that reward schools for tracking and aggregating student data. Amid this increasingly digitized education landscape, parents and educators have begun to raise concerns about the scope and security of student data collection.

Industry players, rather than policymakers, have so far led efforts to protect student data. Central to these efforts is the Student Privacy Pledge, a set of standards that providers of digital education services have voluntarily adopted. By many accounts, the Pledge has been a success. …

Lessons Learned Too Well: Anonymity In A Time Of Surveillance, A. Michael Froomkin

Articles

It is no longer reasonable to assume that electronic communications can be kept private from governments or private-sector actors. In theory, encryption can protect the content of such communications, and anonymity can protect the communicator's identity. But online anonymity-one of the two most important tools that protect online communicative freedom-is under practical and legal attack all over the world. Choke-point regulation, online identification requirements, and data-retention regulations combine to make anonymity very difficult as a practical matter and, in many countries, illegal. Moreover, key internet intermediaries further stifle anonymity by requiring users to disclose their real names.

This Article traces …

The Inadequate, Invaluable Fair Information Practices, Woodrow Hartzog

Faculty Scholarship

For the past thirty years, the general advice for those seeking to collect, use, and share people’s personal data in a responsible way was relatively straightforward: follow the fair information practices, often called the “FIPs.” These general guidelines were designed to ensure that data processors are accountable for their actions and that data subjects are safe, secure, and endowed with control over their personal information. The FIPs have proven remarkably sturdy against the backdrop of near-constant technological change. Yet in the age of social media, big data, and artificial intelligence, the FIPs have been pushed to their breaking point. We …

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Ancient Worries And Modern Fears: Different Roots And Common Effects Of U.S. And Eu Privacy Regulation, David Thaw, Pierluigi Perri

Articles

Much legal and technical scholarship discusses the differing views of the United States and European Union toward privacy concepts and regulation. A substantial amount of effort in recent years, in both research and policy, focuses on attempting to reconcile these viewpoints searching for a common framework with a common level of protection for citizens from both sides of Atlantic. Reconciliation, we argue, misunderstands the nature of the challenge facing effective cross-border data flows. No such reconciliation can occur without abdication of some sovereign authority of nations, that would require the adoption of an international agreement with typical tools of international …