Law Commons^™

Content Moderation As Surveillance, Hannah Bloch-Wehba

Faculty Scholarship

Technology platforms are the new governments, and content moderation is the new law, or so goes a common refrain. As platforms increasingly turn toward new, automated mechanisms of enforcing their rules, the apparent power of the private sector seems only to grow. Yet beneath the surface lies a web of complex relationships between public and private authorities that call into question whether platforms truly possess such unilateral power. Law enforcement and police are exerting influence over platform content rules, giving governments a louder voice in supposedly “private” decisions. At the same time, law enforcement avails itself of the affordances of …

Legislating Data Loyalty, Woodrow Hartzog, Neil Richards

Faculty Scholarship

Lawmakers looking to embolden privacy law have begun to consider imposing duties of loyalty on organizations trusted with people’s data and online experiences. The idea behind loyalty is simple: organizations should not process data or design technologies that conflict with the best interests of trusting parties. But the logistics and implementation of data loyalty need to be developed if the concept is going to be capable of moving privacy law beyond its “notice and consent” roots to confront people’s vulnerabilities in their relationship with powerful data collectors.

In this short Essay, we propose a model for legislating data loyalty. Our …

Automation In Moderation, Hannah Bloch-Wehba

Faculty Scholarship

This Article assesses recent efforts to encourage online platforms to use automated means to prevent the dissemination of unlawful online content before it is ever seen or distributed. As lawmakers in Europe and around the world closely scrutinize platforms’ “content moderation” practices, automation and artificial intelligence appear increasingly attractive options for ridding the Internet of many kinds of harmful online content, including defamation, copyright infringement, and terrorist speech. Proponents of these initiatives suggest that requiring platforms to screen user content using automation will promote healthier online discourse and will aid efforts to limit Big Tech’s power.

In fact, however, the …

Cyber Mobs, Disinformation, And Death Videos: The Internet As It Is (And As It Should Be), Danielle K. Citron

Faculty Scholarship

Fiction and visual representations can alter our understanding of human experiences and struggles. They help us understand human frailties and suffering in a visceral way. Nick Drnaso’s graphic novel Sabrina does that in spades. In Sabrina, a woman is murdered by a misogynist, and a video of her execution is leaked. Conspiracy theorists deem her murder a hoax. A cyber mob smears the woman’s loved ones as crisis actors, posts death threats, and spreads their personal information. The attacks continue until a shooting massacre redirects the cyber mob’s wrath to other mourners. Sabrina captures the breathtaking velocity of disinformation online …

Deep Fakes: A Looming Challenge For Privacy, Democracy, And National Security, Danielle K. Citron, Robert Chesney

Faculty Scholarship

Harmful lies are nothing new. But the ability to distort reality has taken an exponential leap forward with “deep fake” technology. This capability makes it possible to create audio and video of real people saying and doing things they never said or did. Machine learning techniques are escalating the technology’s sophistication, making deep fakes ever more realistic and increasingly resistant to detection. Deep-fake technology has characteristics that enable rapid and widespread diffusion, putting it into the hands of both sophisticated and unsophisticated actors. While deep-fake technology will bring with it certain benefits, it also will introduce many harms. The marketplace …

Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg

Faculty Scholarship

To understand the Right to be Forgotten in context of artificial intelligence, it is necessary to first delve into an overview of the concepts of human and AI memory and forgetting. Our current law appears to treat human and machine memory alike – supporting a fictitious understanding of memory and forgetting that does not comport with reality. (Some authors have already highlighted the concerns on the perfect remembering.) This Article will examine the problem of AI memory and the Right to be Forgotten, using this example as a model for understanding the failures of current privacy law to reflect the …

Risk And Anxiety: A Theory Of Data Breach Harms, Danielle K. Citron, Daniel Solove

Faculty Scholarship

In lawsuits about data breaches, the issue of harm has confounded courts. Harm is central to whether plaintiffs have standing to sue in federal court and whether their claims are viable. Plaintiffs have argued that data breaches create a risk of future injury from identity theft or fraud and that breaches cause them to experience anxiety about this risk. Courts have been reaching wildly inconsistent conclusions on the issue of harm, with most courts dismissing data breach lawsuits for failure to allege harm. A sound and principled approach to harm has yet to emerge, resulting in a lack of consensus …

Four Principles For Digital Expression (You Won't Believe #3!), Danielle K. Citron, Neil Richards

Faculty Scholarship

At the dawn of the Internet’s emergence, the Supreme Court rhapsodized about its potential as a tool for free expression and political liberation. In ACLU v. Reno (1997), the Supreme Court adopted a bold vision of Internet expression to strike down a federal law - the Communications Decency Act - that restricted digital expression to forms that were merely “decent.” Far more than the printing press, the Court explained, the mid-90s Internet enabled anyone to become a town crier. Communication no longer required the permission of powerful entities. With a network connection, the powerless had as much luck reaching a …

Data Collection And The Regulatory State, Ahmed Ghappour

Faculty Scholarship

The following remarks were given on January 27, 2017 during the Connecticut Law Review’s symposium, “Privacy, Security & Power: The State of Digital Surveillance.” Hillary Greene, the Zephaniah Swift Professor of Law at the University of Connecticut School of Law, offered introductory remarks and moderated the panel. The panel included Dr. Cooper, Associate Professor of Law and Director of the Program on Economics & Privacy at Antonin Scalia Law School at George Mason University, Professor Ghappour, Visiting Assistant Professor at UC Hastings College of the Law, Attorney Lieber, Senior Privacy Policy Counsel at Google, and Dr. Wu, Professor of Law …

The Notion And Practice Of Reputation And Professional Identity In Social Networking: From K-12 Through Law School, Roberta Bobbie Studwell

Faculty Scholarship

No abstract provided.

Disagreeable Privacy Policies: Mismatches Between Meaning And Users’ Understanding, Joel R. Reidenberg, Travis Breaux, Lorrie F. Cranor, Brian M. French, Amanda Grannis, James T. Graves, Fei Liu, Aleecia Mcdonald, Thomas B. Norton, Rohan Ramanath, N. Cameron Russell, Norman Sadeh, Florian Schaub

Faculty Scholarship

Privacy policies are verbose, difficult to understand, take too long to read, and may be the least-read items on most websites even as users express growing concerns about information collection practices. For all their faults, though, privacy policies remain the single most important source of information for users to attempt to learn how companies collect, use, and share data. Likewise, these policies form the basis for the self-regulatory notice and choice framework that is designed and promoted as a replacement for regulation. The underlying value and legitimacy of notice and choice depends, however, on the ability of users to understand …

Promoting Innovation While Preventing Discrimination: Policy Goals For The Scored Society, Danielle K. Citron, Frank Pasquale

Faculty Scholarship

There are several normative theories of jurisprudence supporting our critique of the scored society, which complement the social theory and political economy presented in our 2014 article on that topic in the Washington Law Review. This response to Professor Tal Zarsky clarifies our antidiscrimination argument while showing that is only one of many bases for the critique of scoring practices. The concerns raised by Big Data may exceed the capacity of extant legal doctrines. Addressing the potential injustice may require the hard work of legal reform.

Failing Expectations: Fourth Amendment Doctrine In The Era Of Total Surveillance, Olivier Sylvain

Faculty Scholarship

Today’s reasonable expectation test and the third-party doctrine have little to nothing to offer by way of privacy protection if users today are at least conflicted about whether transactional noncontent data should be shared with third parties, including law enforcement officials. This uncertainty about how to define public expectation as a descriptive matter has compelled courts to defer to legislatures to find out what public expectation ought to be more as a matter of prudence than doctrine. Courts and others presume that legislatures are far better than courts at defining public expectations about emergent technologies.This Essay argues that the reasonable …

Rethinking Privacy, William H. Simon

Faculty Scholarship

Anxiety about surveillance and data mining has led many to embrace implausibly expansive and rigid conceptions of privacy. The premises of some current privacy arguments do not fit well with the broader political commitments of those who make them. In particular, liberals seem to have lost touch with the reservations about privacy expressed in the social criticism of some decades ago. They seem unable to imagine that preoccupation with privacy might amount to a “pursuit of loneliness” or how “eyes on the street” might have reassuring connotations. Without denying the importance of the effort to define and secure privacy values, …

Governing, Exchanging, Securing: Big Data And The Production Of Digital Knowledge, Bernard E. Harcourt

Faculty Scholarship

The emergence of Big Data challenges the conventional boundaries between governing, exchange, and security. It ambiguates the lines between commerce and surveillance, between governing and exchanging, between democracy and the police state. The new digital knowledge reproduces consuming subjects who wittingly or unwittingly allow themselves to be watched, tracked, linked and predicted in a blurred amalgam of commercial and governmental projects. Linking back and forth from consumer data to government information to social media, these new webs of information become available to anyone who can purchase the information. How is it that governmental, commercial and security interests have converged, coincided, …

Addressing The Harm Of Total Surveillance: A Reply To Professor Neil Richards, Danielle Keats Citron, David C. Gray

Faculty Scholarship

In his insightful article The Dangers of Surveillance, 126 HARV. L. REV. 1934 (2013), Neil Richards offers a framework for evaluating the implications of government surveillance programs that is centered on protecting "intellectual privacy." Although we share his interest in recognizing and protecting privacy as a condition of personal and intellectual development, we worry in this essay that, as an organizing principle for policy, "intellectual privacy" is too narrow and politically fraught. Drawing on other work, we therefore recommend that judges, legislators, and executives focus instead on limiting the potential of surveillance technologies to effect programs of broad and indiscriminate …

Fighting Cybercrime After United States V. Jones, David C. Gray, Danielle Keats Citron, Liz Clark Rinehart

Faculty Scholarship

In a landmark non-decision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus …

Federal Search Commission? Access, Fairness, And Accountability In The Law Of Search, Oren Bracha, Frank Pasquale

Faculty Scholarship

Should search engines be subject to the types of regulation now applied to personal data collectors, cable networks, or phone books? In this article, we make the case for some regulation of the ability of search engines to manipulate and structure their results. We demonstrate that the First Amendment, properly understood, does not prohibit such regulation. Nor will such interventions inevitably lead to the disclosure of important trade secrets.

After setting forth normative foundations for evaluating search engine manipulation, we explain how neither market discipline nor technological advance is likely to stop it. Though savvy users and personalized search may …

Reservoirs Of Danger: The Evolution Of Public And Private Law At The Dawn Of The Information Age, Danielle Keats Citron

Faculty Scholarship

A defining problem at the dawn of the Information Age will be securing computer databases of ultra-sensitive personal information. These reservoirs of data fuel our Internet economy but endanger individuals when their information escapes into the hands of cyber-criminals. This juxtaposition of opportunities for rapid economic growth and novel dangers recalls similar challenges society and law faced at the outset of the Industrial Age. Then, reservoirs collected water to power textile mills: the water was harmless in repose but wrought havoc when it escaped. After initially resisting Rylands v. Fletcher’s strict liability standard as undermining economic development, American courts …

Reservoirs Of Danger: The Evolution Of Public And Private Law At The Dawn Of The Information Age, Danielle K. Citron

Faculty Scholarship

A defining problem at the dawn of the Information Age will be securing computer databases of ultra-sensitive personal information. These reservoirs of data fuel our Internet economy but endanger individuals when their information escapes into the hands of cyber-criminals. This juxtaposition of opportunities for rapid economic growth and novel dangers recalls similar challenges society and law faced at the outset of the Industrial Age. Then, reservoirs collected water to power textile mills: the water was harmless in repose but wrought havoc when it escaped. After initially resisting Rylands v. Fletcher's strict liability standard as undermining economic development, American courts and …

The International Privacy Regime, Tim Wu

Faculty Scholarship

Privacy has joined one of many areas of law understandable only by reference to the results of overlapping and conflicting national agendas. What has emerged as the de facto international regime is complex. Yet based on a few simplifying principles, we can nonetheless do much to understand it and predict its operation.

First, the idea that self-regulation by the internet community will be the driving force in privacy protection must be laid to rest. The experience of the last decade shows that nation-states, powerful nation-states in particular, drive the system of international privacy. The final mix of privacy protection that …

States And Internet Enforcement, Joel R. Reidenberg

Faculty Scholarship

This essay addresses the enforcement of decisions through internet instruments. The starting point is a brief justification of internet enforcement as the obligation of democratic states. Next, the essay argues that the movement to re-engineer the internet infrastructure by public and private actions also facilitates state enforcement of legal and policy decisions. The essay maintains that states will increasingly try to use network intermediaries such as payment systems and Internet Service Providers as enforcement instruments. Finally, and most importantly, the essay focuses on ways that states may harness the power of technological instruments such as worms, filters and packet interceptors …

Privacy Wrongs In Search Of Remedies, Joel R. Reidenberg

Faculty Scholarship

The American legal system has generally rejected legal rights for data privacy and relies instead on market self-regulation and the litigation process to establish norms of appropriate behavior in society. Information privacy is protected only through an amalgam of narrowly targeted rules. The aggregation of these specific rights leaves many significant gaps and fewer clear remedies for violations of fair information practices. With an absence of well-established legal rights, privacy wrongs are currently in search of remedies. This Article first describes privacy rights and wrongs that frame the search for remedies in the United States. It explores public enforcement of, …

E-Commerce And Trans-Atlantic Privacy, Joel R. Reidenberg

Faculty Scholarship

For almost a decade, the United States and Europe have anticipated a clash over the protection of personal information. Between the implementation in Europe of comprehensive legal protections pursuant to the directive on data protection and the continued reliance on industry self-regulation in the United States, trans-Atlantic privacy policies have been at odds with each other. The rapid growth in e-commerce is now sparking the long-anticipated trans-Atlantic privacy clash. This Article will first look at the context of American e-commerce and the disjuncture between citizens' privacy and business practices. The Article will then turn to the international context and explore …

Resolving Conflicting International Data Privacy Rules In Cyberspace, Joel R. Reidenberg

Faculty Scholarship

While core principles for the fair treatment of personal information are common to democracies, privacy rights vary considerably across national borders. This article explores the divergences in approach and substance of data privacy between Europe and the United States. It argues that the specific privacy rules adopted in a country have a governance function. The article shows that national differences support two distinct political choices for the roles in democratic society assigned to the state, the market and the individual: either liberal, market-based governance or socially-protective, rights-based governance. These structural divergences make international cooperation imperative for effective data protection in …

Restoring Americans' Privacy In Electronic Commerce Symposium - The Legal And Policy Framework For Global Electronic Commerce: A Progress Report, Joel R. Reidenberg

Faculty Scholarship

In the United States today, substance abusers have greater privacy than web users and privacy has become the critical issue for the development of electronic commerce. Yet, the U.S. government’s privacy policy relies on industry self-regulation rather than legal rights. This article argues that the theory of self-regulation has normative flaws and that public experience shows the failure of industry to implement fair information practices. Together the flawed theory and data scandals demonstrate the sophistry of U.S. policy. The article then examines the comprehensive legal rights approach to data protection that has been adopted by governments around the world, most …

Lex Informatica: The Formulation Of Information Policy Rules Through Technology , Joel R. Reidenberg

Faculty Scholarship

Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of …

Governing Networks And Rule-Making In Cyberspace, Joel R. Reidenberg

Faculty Scholarship

The global network environment defies traditional regulatory theories and policymaking practices. At present, policymakers and private sector organizations are searching for appropriate regulatory strategies to encourage and channel the global information infrastructure (“GII”). Most attempts to define new rules for the development of the GII rely on disintegrating concepts of territory and sector, while ignoring the new network and technological borders that transcend national boundaries. The GII creates new models and sources for rules. Policy leadership requires a fresh approach to the governance of global networks. Instead of foundering on old concepts, the GII requires a new paradigm for governance …

Setting Standards For Fair Information Practice In The U.S. Private Sector, Joel R. Reidenberg

Faculty Scholarship

The confluence of plans for an Information Superhighway, actual industry self-regulatory practices, and international pressure dictate renewed consideration of standard setting for fair information practices in the U.S. private sector. The legal rules, industry norms, and business practices that regulate the treatment of personal information in the United States are organized in a wide and dispersed manner. This Article analyzes how these standards are established in the U.S. private sector. Part I argues that the U.S. standards derive from the influence of American political philosophy on legal rule making and a preference for dispersed sources of information standards. Part II …