Science and Technology Law Commons^™

The Automated Fourth Amendment, Maneka Sinha

Faculty Scholarship

Courts routinely defer to police officer judgments in reasonable suspicion and probable cause determinations. Increasingly, though, police officers outsource these threshold judgments to new forms of technology that purport to predict and detect crime and identify those responsible. These policing technologies automate core police determinations about whether crime is occurring and who is responsible. Criminal procedure doctrine has failed to insist on some level of scrutiny of—or skepticism about—the reliability of this technology. Through an original study analyzing numerous state and federal court opinions, this Article exposes the implications of law enforcement’s reliance on these practices given the weighty interests …

Privacy Nicks: How The Law Normalizes Surveillance, Woodrow Hartzog, Evan Selinger, Johanna Gunawan

Faculty Scholarship

Privacy law is failing to protect individuals from being watched and exposed, despite stronger surveillance and data protection rules. The problem is that our rules look to social norms to set thresholds for privacy violations, but people can get used to being observed. In this article, we argue that by ignoring de minimis privacy encroachments, the law is complicit in normalizing surveillance. Privacy law helps acclimate people to being watched by ignoring smaller, more frequent, and more mundane privacy diminutions. We call these reductions “privacy nicks,” like the proverbial “thousand cuts” that lead to death.

Privacy nicks come from the …

Femtechnodystopia, Leah R. Fowler, Michael Ulrich

Faculty Scholarship

Reproductive rights, as we have long understood them, are dead. But at the same time history seems to be moving backward, technology moves relentlessly forward. Femtech products, a category of consumer technology addressing an array of “female” health needs, seem poised to fill gaps created by states and stakeholders eager to limit birth control and abortion access and increase pregnancy surveillance and fetal rights. Period and fertility tracking applications could supplement or replace other contraception. Early digital alerts to missed periods can improve the chances of obtaining a legal abortion in states with ever-shrinking windows of availability or prompt behavioral …

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

Data Autonomy, Cesare Fracassi, William Magnuson

Faculty Scholarship

In recent years, “data privacy” has vaulted to the forefront of public attention. Scholars, policymakers, and the media have, nearly in unison, decried the lack of data privacy in the modern world. In response, they have put forth various proposals to remedy the situation, from the imposition of fiduciary obligations on technology platforms to the creation of rights to be forgotten for individuals. All these proposals, however, share one essential assumption: we must raise greater protective barriers around data. As a scholar of corporate finance and a scholar of corporate law, respectively, we find this assumption problematic. Data, after all, …

Privacy In Pandemic: Law, Technology, And Public Health In The Covid-19 Crisis, Tiffany Li

Faculty Scholarship

The COVID-19 pandemic has caused millions of deaths and disastrous consequences around the world, with lasting repercussions for every field of law, including privacy and technology. The unique characteristics of this pandemic have precipitated an increase in use of new technologies, including remote communications platforms, healthcare robots, and medical AI. Public and private actors are using new technologies, like heat sensing, and technologically-influenced programs, like contact tracing, alike in response, leading to a rise in government and corporate surveillance in sectors like healthcare, employment, education, and commerce. Advocates have raised the alarm for privacy and civil liberties violations, but the …

Gdpr And The Importance Of Data To Ai Startups, James Bessen, Stephen Michael Impink, Lydia Reichensperger, Robert Seamans

Faculty Scholarship

What is the impact of the European Union’s General Data Protection Regime (“GDPR”) and data regulation on AI startups? How important is data to AI product development? We study these questions using unique survey data of commercial AI startups. AI startups rely on data for their product development. Given the scale and scope of their business models, these startups are particularly susceptible to policy changes impacting data collection, storage and use. We find that training data and frequent model refreshes are particularly important for AI startups that rely on neural nets and ensemble learning algorithms. We also find that firms …

Automation In Moderation, Hannah Bloch-Wehba

Faculty Scholarship

This Article assesses recent efforts to encourage online platforms to use automated means to prevent the dissemination of unlawful online content before it is ever seen or distributed. As lawmakers in Europe and around the world closely scrutinize platforms’ “content moderation” practices, automation and artificial intelligence appear increasingly attractive options for ridding the Internet of many kinds of harmful online content, including defamation, copyright infringement, and terrorist speech. Proponents of these initiatives suggest that requiring platforms to screen user content using automation will promote healthier online discourse and will aid efforts to limit Big Tech’s power.

In fact, however, the …

Informed Trading And Cybersecurity Breaches, Joshua Mitts, Eric L. Talley

Faculty Scholarship

Cybersecurity has become a significant concern in corporate and commercial settings, and for good reason: a threatened or realized cybersecurity breach can materially affect firm value for capital investors. This paper explores whether market arbitrageurs appear systematically to exploit advance knowledge of such vulnerabilities. We make use of a novel data set tracking cybersecurity breach announcements among public companies to study trading patterns in the derivatives market preceding the announcement of a breach. Using a matched sample of unaffected control firms, we find significant trading abnormalities for hacked targets, measured in terms of both open interest and volume. Our results …

Towards A New California Revised Uniform Fiduciary Access To Digital Assets Act, Michael T. Yu

Faculty Scholarship

California enacted the Revised Uniform Fiduciary Access to Digital Assets Act (the California RUFADAA) to govern the disclosure (or nondisclosure) of digital assets when a California resident dies. Digital assets include not just emails and social media accounts but may also include online files and assets, digital currencies, domain names, and blogs. The California RUFADAA ostensibly governs the disclosure of digital assets only when a California resident dies, and it, therefore, does not govern the scenario when a California resident becomes incapacitated and can no longer handle his or her digital assets. This scenario is likely to become more common …

The Value Of Deviance: Understanding Contextual Privacy, Timothy Casey

Faculty Scholarship

Recent decisions by the Supreme Court in Carpenter v. United States and the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corporation signal a shift in the traditional understanding of what exactly is protected by a privacy interest. Carpenter distinguished between a police officer’s observation of a suspect’s location and a perpetual catalogue of a person’s movements obtained through cell site location information (CSLI). The pervasive and vast quantity of information from CSLI exposed a protected privacy interest. In Rosenbach, the Illinois Supreme Court found the unique and personal quality of biometric information meant that consent and disclosure requirements …

Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg

Faculty Scholarship

To understand the Right to be Forgotten in context of artificial intelligence, it is necessary to first delve into an overview of the concepts of human and AI memory and forgetting. Our current law appears to treat human and machine memory alike – supporting a fictitious understanding of memory and forgetting that does not comport with reality. (Some authors have already highlighted the concerns on the perfect remembering.) This Article will examine the problem of AI memory and the Right to be Forgotten, using this example as a model for understanding the failures of current privacy law to reflect the …

Metadata: Piecing Together A Privacy Solution, Chris Conley

Faculty Scholarship

Imagine the government is constantly monitoring you — keeping track of every person you call or email, every place you go, everything you buy, and more — all without getting a warrant. And when you challenge them, they claim you have no right to expect this kind of information to be private. Besides, they’re not actually listening to what you say or reading what you write, so what’s the big deal anyhow?

Unfortunately, this scenario is more real than imaginary. Government agencies ranging from the NSA to local police departments have taken advantage of weak or uncertain legal protections for …

When Enough Is Enough: Location Tracking, Mosaic Theory, And Machine Learning, Steven M. Bellovin, Renée M. Hutchins, Tony Jebara, Sebastian Zimmeck

Faculty Scholarship

Since 1967, when it decided Katz v. United States, the Supreme Court has tied the right to be free of unwanted government scrutiny to the concept of reasonable xpectations of privacy.^[1] An evaluation of reasonable expectations depends, among other factors, upon an assessment of the intrusiveness of government action. When making such assessment historically the Court has considered police conduct with clear temporal, geographic, or substantive limits. However, in an era where new technologies permit the storage and compilation of vast amounts of personal data, things are becoming more complicated. A school of thought known as “mosaic theory” …

Failing Expectations: Fourth Amendment Doctrine In The Era Of Total Surveillance, Olivier Sylvain

Faculty Scholarship

Today’s reasonable expectation test and the third-party doctrine have little to nothing to offer by way of privacy protection if users today are at least conflicted about whether transactional noncontent data should be shared with third parties, including law enforcement officials. This uncertainty about how to define public expectation as a descriptive matter has compelled courts to defer to legislatures to find out what public expectation ought to be more as a matter of prudence than doctrine. Courts and others presume that legislatures are far better than courts at defining public expectations about emergent technologies.This Essay argues that the reasonable …

Digital Security In The Expository Society: Spectacle, Surveillance, And Exhibition In The Neoliberal Age Of Big Data, Bernard E. Harcourt

Faculty Scholarship

In 1827, Nicolaus Heinrich Julius, a professor at the University of Berlin, identified an important architectural mutation in nineteenth-century society that reflected a deep disruption in our technologies of knowledge and a profound transformation in relations of power across society: Antiquity, Julius observed, had discovered the architectural form of the spectacle; but modern times had operated a fundamental shift from spectacle to surveillance. Michel Foucault would elaborate this insight in his 1973 Collège de France lectures on The Punitive Society, where he would declare: “[T]his is precisely what happens in the modern era: the reversal of the spectacle into surveillance…. …

A Shattered Looking Glass: The Pitfalls And Potential Of The Mosaic Theory Of Fourth Amendment Privacy, David C. Gray, Danielle Keats Citron

Faculty Scholarship

On January 23, 2012, the Supreme Court issued a landmark non-decision in United States v. Jones. In that case, officers used a GPS-enabled device to track a suspect’s public movements for four weeks, amassing a considerable amount of data in the process. Although ultimately resolved on narrow grounds, five Justices joined concurring opinions in Jones expressing sympathy for some version of the “mosaic theory” of Fourth Amendment privacy. This theory holds that we maintain reasonable expectations of privacy in certain quantities of information even if we do not have such expectations in the constituent parts. This Article examines and …

Location-Based Services: Time For A Privacy Check-In, Chris Conley, Nicole Ozer, Hari O'Connell, Ellen Ginsburg, Tamar Gubins

Faculty Scholarship

Need to get directions when you are lost? Want to know if your friends are in the neighborhood? Location-based services – applications and websites that provide services based on your current location – can put this information and more in the palm of your hand.

But outdated privacy laws and varying corporate practices could mean that sensitive information about who you are, where you go, what you do, and who you know end up being shared, sold, or turned over to the government.

Can location-based services protect your privacy? Do they? And what can we do to improve the situation? …

The Magic Lantern Revealed: A Report Of The Fbi's New Key Logging Trojan And Analysis Of Its Possible Treatment In A Dynamic Legal Landscape, Woodrow Hartzog

Faculty Scholarship

Magic Lantern presents several difficult legal questions that are left unanswered due to new or non-existent statutes and case law directly pertaining to the unique situation that Magic Lantern creates. ²⁵ The first concern is statutory. It is unclear what laws, if any, will apply when Magic Lantern is put into use.²⁶ The recent terrorist attacks in the United States have brought the need for information as a matter of national security to the forefront. Congress recently passed legislation (i.e. USA PATRIOT Act) ²⁷ that dramatically modifies current surveillance law, thus further complicating the untested waters of a …