Science and Technology Law Commons^™

Aclu V. Clearview Ai, Inc.,, Isra Ahmed

DePaul Journal of Art, Technology & Intellectual Property Law

No abstract provided.

A Loaded God Complex: The Unconstitutionality Of The Executive Branch’S Unilaterally Withholding Zero-Days, Brendan Gilligan

Northwestern Journal of Technology and Intellectual Property

No abstract provided.

Governing Smart Cities As Knowledge Commons - Introduction, Chapter 1 & Conclusion, Brett M. Frischmann, Michael J. Madison, Madelyn Sanfilippo

Book Chapters

Smart city technology has its value and its place; it isn’t automatically or universally harmful. Urban challenges and opportunities addressed via smart technology demand systematic study, examining general patterns and local variations as smart city practices unfold around the world. Smart cities are complex blends of community governance institutions, social dilemmas that cities face, and dynamic relationships among information and data, technology, and human lives. Some of those blends are more typical and common. Some are more nuanced in specific contexts. This volume uses the Governing Knowledge Commons (GKC) framework to sort out relevant and important distinctions. The framework grounds …

Inadequate Privacy: The Necessity Of Hipaa Reform In A Post-Dobbs World, Katherine Robertson

Seattle University Law Review

Part I of this Comment will provide an overview of HIPAA and the legal impacts of Dobbs. Part II will discuss the anticipatory response to the impacts of Dobbs on PHI by addressing the response from (1) the states, (2) the Biden Administration, and (3) the medical field. Part III will discuss the loopholes that exist in HIPAA and further address the potential impacts on individuals and the medical field if reform does not occur. Finally, Part IV will argue that the reform of HIPAA is the best avenue for protecting PHI related to reproductive healthcare.

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove

Books

Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and …

Submission To The Province Of Nova Scotia On Its Review Of The Intimate Images And Cyber-Protection Act - Leaf, Suzie Dunn, Rosel Kim

Reports & Public Policy Documents

The Women’s Legal Education and Action Fund (LEAF) commends the Nova Scotia government for reviewing its Intimate Images and Cyber-protection Act (the Act) and seeking public input for this review. Nova Scotia has been, and continues to be, a leader in Canada for its role in advancing innovative laws and supports for people targeted by technology-facilitated violence (TFV), digital abuse, and the non-consensual distribution of intimate images (NCDII). As these forms of harmful behaviour evolve and become better understood, it is important to revisit this legislation to assess whether it is providing meaningful and accessible responses to such serious social …

Passcodes, Protection, And Legal Practicality: The Necessity Of A Digital Fifth Amendment, Ethan Swierczewski

Catholic University Journal of Law and Technology

No abstract provided.

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Delineating The Legal Framework For Data Protection: A Fundamental Rights Approach Or Data Propertization?, Efe Lawrence Ogbeide

Canadian Journal of Law and Technology

The Charter of Fundamental Rights of the European Union, like other key legal instruments around the globe, grants citizens the right to privacy in Article 7. The Charter, however, further provides for the right to data protection in Article 8. Simply put, the implication of Article 8 of the Charter is that the right to data protection is a fundamental right. The central question in this article is whether data protection indeed qualifies to be categorized as a fundamental right. If not, what other approach(es) to data protection may be implemented?

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

The Right To Contest Ai, Margot E. Kaminski, Jennifer M. Urban

Publications

Artificial intelligence (AI) is increasingly used to make important decisions, from university admissions selections to loan determinations to the distribution of COVID-19 vaccines. These uses of AI raise a host of concerns about discrimination, accuracy, fairness, and accountability.

In the United States, recent proposals for regulating AI focus largely on ex ante and systemic governance. This Article argues instead—or really, in addition—for an individual right to contest AI decisions, modeled on due process but adapted for the digital age. The European Union, in fact, recognizes such a right, and a growing number of institutions around the world now call for …

Good Health And Good Privacy Go Hand-In-Hand (Originally Published By Jnslp), Jennifer Daskal

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips

Journal of Digital Forensics, Security and Law

Military-grade cryptography has been widely available at no cost for personal and commercial use since the early 1990s. Since the introduction of Pretty Good Privacy (PGP), more and more people encrypt files and devices, and we are now at the point where our smartphones are encrypted by default. While this ostensibly provides users with a high degree of privacy, compelling a user to provide a password has been interpreted by some courts as a violation of our Fifth Amendment protections, becoming an often insurmountable hurdle to law enforcement lawfully executing a search warrant. This paper will explore some of the …

Can Pipeda ‘Face’ The Challenge? An Analysis Of The Adequacy Of Canada’S Private Sector Privacy Legislation Against Facial Recognition Technology, Tunca Bolca

Canadian Journal of Law and Technology

Facial recognition technology is one of the most intrusive and privacy threatening technologies available today. The literature around this technology mainly focuses on its use by the public sector as a mass surveillance tool; however, the private sector uses of facial recognition technologies also raise significant privacy concerns. This paper aims to identify and examine the privacy implications of the private sector uses of facial recognition technologies and the adequacy of Canada’s federal private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), in addressing these privacy concerns. Facial templates produced and recorded by these technologies are …

The Limits And Possibilities Of Data-Driven Antitrafficking Efforts, Jennifer Musto Ph.D.

Georgia State University Law Review

An examination of technology in the countertrafficking space reveals recurring tensions between law enforcement and rights-based approaches. It also illuminates assumptions, such as the one that posits more law enforcement-focused, nonstate-actor-supported data-driven efforts are necessary to securing justice for people in trafficking situations. However, a closer look at how technology is used and by whom also invites us to ask different questions and to leverage the power of our all-too-human creative potential in thinking about how to value and prioritize data ethics, transparency, and accountability in future countertrafficking work.

Opting Out: Biometric Information Privacy And Standing, Michelle Jackson

Duke Law & Technology Review

No abstract provided.

The Danger Of Facial Recognition In Our Children’S Classrooms, Nila Bala

Duke Law & Technology Review

No abstract provided.

Closed Adoption: An Illusory Promise To Birth Parents And The Changing Landscape Of Sealed Adoption Records, Bryn Baffer

Catholic University Journal of Law and Technology

Imagine spitting into a tube and mailing your DNA off only to discover that you had a sibling who had been adopted by another family or that a parent’s affair had resulted in a half-sibling. For many individuals, these family secrets have been exposed due to direct-to-consumer DNA testing companies, such as 23andMe.

By the 1950s, most states had enacted statutes that sealed adoption record files in order to preserve the privacy of the birth parents, adoptees, and adoptive families. While some states have moved toward granting adoptees access to their adoption records, most states still have some type of …

Protecting Online Privacy In The Digital Age: Carpenter V. United States And The Fourth Amendment’S Third-Party Doctrine, Cristina Del Rosso, Carol M. Bast

Catholic University Journal of Law and Technology

The goal of this paper is to examine the future of the third-party doctrine with the proliferation of technology and the online data we are surrounded with daily, specifically after the Supreme Court’s decision in Carpenter v. United States. It is imperative that individuals do not forfeit their Constitutional guarantees for the benefit of living in a technologically advanced society. This requires an understanding of the modern-day functional equivalents of “papers” and “effects.”

Looking to the future, this paper contemplates solutions on how to move forward in this technology era by scrutinizing the relevancy of the third-party doctrine due …

Politics Of Adversarial Machine Learning, Kendra Albert, Jonathon Penney, Bruce Schneier, Ram Shankar Siva Kumar

Articles, Book Chapters, & Popular Press

In addition to their security properties, adversarial machine-learning attacks and defenses have political dimensions. They enable or foreclose certain options for both the subjects of the machine learning systems and for those who deploy them, creating risks for civil liberties and human rights. In this paper, we draw on insights from science and technology studies, anthropology, and human rights literature, to inform how defenses against adversarial attacks can be used to suppress dissent and limit attempts to investigate machine learning systems. To make this concrete, we use real-world examples of how attacks such as perturbation, model inversion, or membership inference …

Ethical Testing In The Real World: Evaluating Physical Testing Of Adversarial Machine Learning, Kendra Albert, Maggie Delano, Jonathon Penney, Afsaneh Ragot, Ram Shankar Siva Kumar

Articles, Book Chapters, & Popular Press

This paper critically assesses the adequacy and representativeness of physical domain testing for various adversarial machine learning (ML) attacks against computer vision systems involving human subjects. Many papers that deploy such attacks characterize themselves as “real world.” Despite this framing, however, we found the physical or real-world testing conducted was minimal, provided few details about testing subjects and was often conducted as an afterthought or demonstration. Adversarial ML research without representative trials or testing is an ethical, scientific, and health/safety issue that can cause real harms. We introduce the problem and our methodology, and then critique the physical domain testing …

The Role Of Satellites And Smart Devices: Data Surprises And Security, Privacy, And Regulatory Challenges, Anne T. Mckenna, Amy C. Gaudion, Jenni L. Evans

Amy C. Gaudion

Strava, a popular social media platform and mobile app like Facebook but specifically designed for athletes, posts a “heatmap” with consensually-obtained details about users’ workouts and geolocation. Strava’s heatmap depicts aggregated data of user location and movement by synthesizing GPS satellite data points and movement data from users’ smart devices together with satellite imagery. In January of 2018, a 20-year-old student tweeted that Strava’s heatmap revealed U.S. forward operating bases. The tweet revealed a significant national security issue and flagged substantial privacy and civil liberty concerns.

Smart devices, software applications, and social media platforms aggregate consumer data from multiple data …

Privacy Statements Under The Gdpr, Mike Hintze

Seattle University Law Review

The need to include specific types of information in a privacy statement is a GDPR compliance obligation that does not get as much attention as some other GDPR requirements. Perhaps that is because privacy statements have been much maligned in recent years. They are too long and full of legalese. Nobody reads them. They are part of a notice and consent approach to privacy that puts an unrealistic burden on consumers to make informed choices. But despite these well-known criticisms, the GDPR doubles down on privacy statements. In fact, gauging by the roughly fourfold increase in privacy statement requirements compared …

Confiding In Con Men: U.S. Privacy Law, The Gdpr, And Information Fiduciaries, Lindsey Barrett

Seattle University Law Review

In scope, ambition, and animating philosophy, U.S. privacy law and Europe’s General Data Protection Regulation are almost diametric opposites. The GDPR’s ambitious individual rights, significant prohibitions, substantive enforcement regime, and broad applicability contrast vividly with a scattershot U.S. regime that generally prioritizes facilitating commerce over protecting individuals, and which has created perverse incentives for industry through anemic enforcement of the few meaningful limitations that do exist. A privacy law that characterizes data collectors as information fiduciaries could coalesce with the commercial focus of U.S. law, while emulating the GDPR’s laudable normative objectives and fortifying U.S. consumer privacy law with a …

Privacy, Freedom, And Technology—Or “How Did We Get Into This Mess?”, Alex Alben

Seattle University Law Review

Can we live in a free society without personal privacy? The question is worth pondering, not only in light of the ongoing debate about government surveillance of private communications, but also because new technologies continue to erode the boundaries of our personal space. This Article examines our loss of freedom in a variety of disparate contexts, all connected by the thread of erosion of personal privacy. In the scenarios explored here, privacy reducing activities vary from government surveillance, personal stalking conducted by individuals, and profiling by data-driven corporations, to political actors manipulating social media platforms. In each case, new technologies …

Gdpr Compliance—It Takes A Village, Susy Mendoza

Seattle University Law Review

When the General Data Protection Regulation (GDPR) came into effect in May of 2018, many legal departments were confronted with the gravity of just how they were going to comply with such a wide-reaching law. If you have international customers (both direct to consumer or business to business), it is not hard to convince your general counsel that compliance with the GDPR is a must. You may even be able to get the chief technical officer (CTO) or chief operating officer (COO) onboard just by mentioning the steep fines—two to four percent of worldwide gross revenue. But how does the …

Footprints: Privacy For Enterprises, Processors, And Custodians…Oh My!, Blair Witzel, Carrie Mount

Seattle University Law Review

Americans’ interest in privacy—as evidenced by increasing news coverage, online searches, and new legislation—has grown over the past decade. After the European Union enacted the General Data Protection Regulation (GDPR), technologists and legal professionals have focused on primary collectors of data—known under various legal regimes as the “controller” or “custodian.” Thanks to advances in computing, many of these data collectors offload the processing of data to third parties providing data-related cloud services like Amazon, Microsoft, and Google. In addition to the data they have already collected about the data subjects themselves, these companies now “hold” that data on behalf of …