Law Commons^™

Layered Fiduciaries In The Information Age, Zhaoyi Li

Articles

Technology companies such as Facebook have long been criticized for abusing customers’ personal information and monetizing user data in a manner contrary to customer expectations. Some commentators suggest fiduciary law could be used to restrict how these companies use their customers’ data. Under this framework, a new member of the fiduciary family called the “information fiduciary” was born. The concept of an information fiduciary is that a company providing network services to “collect, analyze, use, sell, and distribute personal information” owes customers and end-users a fiduciary duty to use the collected data to promote their interests, thereby assuming fiduciary liability …

Ancient Worries And Modern Fears: Different Roots And Common Effects Of U.S. And Eu Privacy Regulation, David Thaw, Pierluigi Perri

Articles

Much legal and technical scholarship discusses the differing views of the United States and European Union toward privacy concepts and regulation. A substantial amount of effort in recent years, in both research and policy, focuses on attempting to reconcile these viewpoints searching for a common framework with a common level of protection for citizens from both sides of Atlantic. Reconciliation, we argue, misunderstands the nature of the challenge facing effective cross-border data flows. No such reconciliation can occur without abdication of some sovereign authority of nations, that would require the adoption of an international agreement with typical tools of international …

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

Reasonable Expectations Of Privacy Settings: Social Media And The Stored Communications Act, David Thaw, Christopher Borchert, Fernando Pinguelo

Articles

In 1986, Congress passed the Stored Communications Act (“SCA”) to provide additional protections for individuals’ private communications content held in electronic storage by third parties. Acting out of direct concern for the implications of the Third-Party Records Doctrine — a judicially created doctrine that generally eliminates Fourth Amendment protections for information entrusted to third parties — Congress sought to tailor the SCA to electronic communications sent via and stored by third parties. Yet, because Congress crafted the SCA with language specific to the technology of 1986, courts today have struggled to apply the SCA consistently with regard to similar private …

The Efficacy Of Cybersecurity Regulation, David Thaw

Articles

Cybersecurity regulation presents an interesting quandary where, because private entities possess the best information about threats and defenses, legislatures do – and should – deliberately encode regulatory capture into the rulemaking process. This relatively uncommon approach to administrative law, which I describe as Management-Based Regulatory Delegation, involves the combination of two legislative approaches to engaging private entities' expertise. This Article explores the wisdom of those choices by comparing the efficacy of such private sector engaged regulation with that of a more traditional, directive mode of regulating cybersecurity adopted by the state legislatures. My analysis suggests that a blend of these …

Surveillance At The Source, David Thaw

Articles

Contemporary discussion concerning surveillance focuses predominantly on government activity. These discussions are important for a variety of reasons, but generally ignore a critical aspect of the surveillance-harm calculus – the source from which government entities derive the information they use. The source of surveillance data is the information "gathering" activity itself, which is where harms like "chilling" of speech and behavior begin.

Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals' …

Criminalizing Hacking, Not Dating: Reconstructing The Cfaa Intent Requirement, David Thaw

Articles

Cybercrime is a growing problem in the United States and worldwide. Many questions remain unanswered as to the proper role and scope of criminal law in addressing socially-undesirable actions affecting and conducted through the use of computers and modern information technologies. This Article tackles perhaps the most exigent question in U.S. cybercrime law, the scope of activities that should be subject to criminal sanction under the Computer Fraud and Abuse Act (CFAA), the federal "anti-hacking" statute.

At the core of current CFAA debate is the question of whether private contracts, such as website "Terms of Use" or organizational "Acceptable Use …

When Machines Are Watching: How Warrantless Use Of Gps Surveillance Technology Violates The Fourth Amendment Right Against Unreasonable Searches, David Thaw, Priscilla Smith, Nabiha Syed, Albert Wong

Articles

Federal and state law enforcement officials throughout the nation are currently using Global Positioning System (GPS) technology for automated, prolonged surveillance without obtaining warrants. As a result, cases are proliferating in which criminal defendants are challenging law enforcement’s warrantless uses of GPS surveillance technology, and courts are looking for direction from the Supreme Court. Most recently, a split has emerged between the Ninth and D.C. Circuit Courts of Appeal on the issue. In United States v. Pineda-Moreno, the Ninth Circuit relied on United States v. Knotts — which approved the limited use of beeper technology without a warrant — to …