Law Commons^™

The Pathologies Of Digital Consent, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Consent permeates both our law and our lives — especially in the digital context. Consent is the foundation of the relationships we have with search engines, social networks, commercial web sites, and any one of the dozens of other digitally mediated businesses we interact with regularly. We are frequently asked to consent to terms of service, privacy notices, the use of cookies, and so many other commercial practices. Consent is important, but it’s possible to have too much of a good thing. As a number of scholars have documented, while consent models permeate the digital consumer landscape, the practical conditions …

The Upside Of Deep Fakes, Jessica Silbey, Woodrow Hartzog

Faculty Scholarship

It’s bad. We know. The dawn of “deep fakes” — convincing videos and images of people doing things they never did or said — puts us all in jeopardy in several different ways. Professors Bobby Chesney and Danielle Citron have noted that now “false claims — even preposterous ones — can be peddled with unprecedented success today thanks to a combination of social media ubiquity and virality, cognitive biases, filter bubbles, and group polarization.” The scholars identify a host of harms from deep fakes, ranging from people being exploited, extorted, and sabotaged, to societal harms like the erosion of democratic …

The Inconsentability Of Facial Surveillance, Evan Selinger, Woodrow Hartzog

Faculty Scholarship

Governments and companies often use consent to justify the use of facial recognition technologies for surveillance. Many proposals for regulating facial recognition technology incorporate consent rules as a way to protect those faces that are being tagged and tracked. But consent is a broken regulatory mechanism for facial surveillance. The individual risks of facial surveillance are impossibly opaque, and our collective autonomy and obscurity interests aren’t captured or served by individual decisions.

In this article, we argue that facial recognition technologies have a massive and likely fatal consent problem. We reconstruct some of Nancy Kim’s fundamental claims in Consentability: Consent …

A Poor Mother's Right To Privacy: A Review, Danielle K. Citron

Faculty Scholarship

Collecting personal data is a feature of daily life. Businesses, advertisers, agencies, and law enforcement amass massive reservoirs of our personal data. This state of affairs—what I am calling the “collection imperative”—is justified in the name of efficiency, convenience, and security. The unbridled collection of personal data, meanwhile, leads to abuses. Public and private entities have disproportionate power over individuals and groups whose information they have amassed. Nowhere is that power disparity more evident than for the state’s surveillance of the indigent. Poor mothers, in particular, have vanishingly little privacy. Whether or not poor mothers receive subsidized prenatal care, the …

Technology Regulation By Default: Platforms, Privacy, And The Cfpb, Rory Van Loo

Faculty Scholarship

In the absence of a technology-focused regulator, diverse administrative agencies have been forced to develop regulatory models for governing their sphere of the data economy. These largely uncoordinated efforts offer a laboratory of regulatory experimentation on governance architecture. This symposium essay explores what the Consumer Financial Protection Bureau (CFPB) has done in its first several years to regulate financial technology (“fintech”), in the context of broader technology-related concerns identified in the literature. It begins with a survey of what the CFPB has undertaken using more traditional administrative agency tools—enforcement and rulemaking—in areas such as privacy, consumer control over data, and …

Humans Forget, Machines Remember: Artificial Intelligence And The Right To Be Forgotten, Tiffany Li, Eduard Fosch Villaronga, Peter Kieseberg

Faculty Scholarship

To understand the Right to be Forgotten in context of artificial intelligence, it is necessary to first delve into an overview of the concepts of human and AI memory and forgetting. Our current law appears to treat human and machine memory alike – supporting a fictitious understanding of memory and forgetting that does not comport with reality. (Some authors have already highlighted the concerns on the perfect remembering.) This Article will examine the problem of AI memory and the Right to be Forgotten, using this example as a model for understanding the failures of current privacy law to reflect the …

Risk And Anxiety: A Theory Of Data Breach Harms, Danielle K. Citron, Daniel Solove

Faculty Scholarship

In lawsuits about data breaches, the issue of harm has confounded courts. Harm is central to whether plaintiffs have standing to sue in federal court and whether their claims are viable. Plaintiffs have argued that data breaches create a risk of future injury from identity theft or fraud and that breaches cause them to experience anxiety about this risk. Courts have been reaching wildly inconsistent conclusions on the issue of harm, with most courts dismissing data breach lawsuits for failure to allege harm. A sound and principled approach to harm has yet to emerge, resulting in a lack of consensus …

The Case Against Idealising Control, Woodrow Hartzog

Faculty Scholarship

Seemingly everyone, from scholars, industry, and privacy advocates to lawmakers, regulators, and judges seems to have settled on the idea that the key to privacy is control over personal information. But in practice, there is only so much a person can do. Control is far too precious and finite of a concept to meaningfully scale. It will never work for personal data mediated by technology.

Now we have an entire empire of data protection built around the crumbling edifice of control. The idealisation of control in modern data protection regimes like the GDPR and the ePrivacy Directive creates a pursuit …

Saving Face: Unfolding The Screen Of Chinese Privacy Law, Tiffany Li, Jill Bronfman, Zhou Zhou

Faculty Scholarship

Privacy is often a subjective value, taking on meaning from specific social, historical, and cultural contexts. Western privacy scholars have so far generally limited academic study to focus on Western ideals of privacy. However, privacy – or some notion of it – can be found in almost every culture and every nation, including the growing economic powerhouse that is the People’s Republic of China. Focusing on China as a case study of non-Western privacy norms is important today, given the rapid rise of the Chinese economy and its corresponding impact on worldwide cultural norms and law. Simply put, it is …

Four Principles For Digital Expression (You Won't Believe #3!), Danielle K. Citron, Neil Richards

Faculty Scholarship

At the dawn of the Internet’s emergence, the Supreme Court rhapsodized about its potential as a tool for free expression and political liberation. In ACLU v. Reno (1997), the Supreme Court adopted a bold vision of Internet expression to strike down a federal law - the Communications Decency Act - that restricted digital expression to forms that were merely “decent.” Far more than the printing press, the Court explained, the mid-90s Internet enabled anyone to become a town crier. Communication no longer required the permission of powerful entities. With a network connection, the powerless had as much luck reaching a …

Are Privacy Laws Deficient?, Woodrow Hartzog

Faculty Scholarship

Privacy law around the world is deficient because it ignores design. Lawmakers have attempted to establish limits on the collection, use, and distribution of personal information. But they have largely overlooked the power of design. They have discounted the role that design plays in facilitating the conduct and harm privacy law is meant to prevent. Design pitches and picks privacy winners and losers, with people as data subjects and surveillance objects often on the losing side.

Why Courts Fail To Protect Privacy: Race, Age, Bias, And Technology, Christopher Robertson, Bernard Chao, Ian Farrell, Catherine Durso

Faculty Scholarship

The Fourth Amendment protects against unreasonable “searches and seizures,” but in the digital age of stingray devices and IP tracking, what constitutes a search or seizure? The Supreme Court has held that the threshold question is supposed to depend on and reflect the “reasonable expectations” of ordinary members of the public concerning their own privacy. For example, the police now exploit the “third party” doctrine to access data held by email and cell phone providers, without securing a warrant, on the Supreme Court’s intuition that the public has no expectation of privacy in that information. Is that assumption correct? If …

Body Cameras And The Path To Redeem Privacy Law, Woodrow Hartzog

Faculty Scholarship

From a privacy perspective, the movement towards police body cameras seems ominous. The prospect of a surveillance device capturing massive amounts of data concerning people’s most vulnerable moments is daunting. These concerns are compounded by the fact that there is little consensus and few hard rules on how and for whom these systems should be built and used. But in many ways, this blank slate is a gift. Law and policy makers are not burdened by the weight of rules and technologies created in a different time for a different purpose. These surveillance and data technologies will be modern. Many …

Data Collection And The Regulatory State, Ahmed Ghappour

Faculty Scholarship

The following remarks were given on January 27, 2017 during the Connecticut Law Review’s symposium, “Privacy, Security & Power: The State of Digital Surveillance.” Hillary Greene, the Zephaniah Swift Professor of Law at the University of Connecticut School of Law, offered introductory remarks and moderated the panel. The panel included Dr. Cooper, Associate Professor of Law and Director of the Program on Economics & Privacy at Antonin Scalia Law School at George Mason University, Professor Ghappour, Visiting Assistant Professor at UC Hastings College of the Law, Attorney Lieber, Senior Privacy Policy Counsel at Google, and Dr. Wu, Professor of Law …

Copyright Owners' Putative Interests In Privacy, Reputation, And Control: A Reply To Goold, Wendy J. Gordon

Faculty Scholarship

My own view is that Goold overstates the explanatory role of tort law. But even were that not the case, the courts need to reach some kind of “settled” understanding on these various interests before a cause of action is created or definitively rejected, and that no such consensus on the three matters mentioned yet exists, whether they are viewed as forms of tort or otherwise. Goold’s work may nevertheless be an important step toward reaching closure on these and other open questions in copyright law.

Copyright Owners' Putative Interests In Privacy, Reputation, And Control: A Reply To Goold - Draft - 05-15-2017, Wendy J. Gordon

Scholarship Chronologically

Patrick Goold’s interesting new article, Unbundling the “Tort” of Copyright Infringement (“Unbundling”) centers on a key lack of clarity that Professor Goold perceives in the cause of action for copyright infringement. The lack of clarity, he argues, afflicts threshold definitions of what constitutes actionable copying.

Searching Places Unknown: Law Enforcement Jurisdiction On The Dark Web, Ahmed Ghappour

Faculty Scholarship

The use of hacking tools by law enforcement to pursue criminal suspects who have anonymized their communications on the dark web presents a looming flashpoint between criminal procedure and international law. Criminal actors who use the dark web (for instance, to commit crimes or to evade authorities) obscure digital footprints left behind with third parties, rendering existing surveillance methods obsolete. In response, law enforcement has implemented hacking techniques that deploy surveillance software over the Internet to directly access and control criminals’ devices. The practical reality of the underlying technologies makes it inevitable that foreign-located computers will be subject to remote …

Trusting Big Data Research, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

Although it might puzzle or even infuriate data scientists, suspicion about big data is understandable. The concept doesn’t seem promising to most people. It seems scary. This is partly because big data research is shrouded in mystery. People are unsure about organizations’ motives and methods. What do companies think they know about us? Are they keeping their insights safe from hackers? Are they selling their insights to unscrupulous parties? Most importantly, do organizations use our personal information against us? Big data research will only overcome its suspicious reputation when people can trust it.

Some scholars and commentators have proposed review …

Privacy's Trust Gap, Neil M. Richards, Woodrow Hartzog

Faculty Scholarship

It can be easy to get depressed about the state of privacy these days. In an age of networked digital information, many of us feel disempowered by the various governments, companies, and criminals trying to peer into our lives to collect our digital data trails. When so much is in flux, the way we think about an issue matters a great deal. Yet while new technologies abound, our ideas and thinking — as well as our laws — have lagged in grappling with the new problems raised by the digital revolution. In their important new book, Obfuscation: A User’s Guide …

The Privacy Policymaking Of State Attorneys General, Danielle K. Citron

Faculty Scholarship

Accounts of privacy law have focused on legislation, federal agencies, and the self-regulation of privacy professionals. Crucial agents of regulatory change, however, have been ignored: the state attorneys general. This article is the first in-depth study of the privacy norm entrepreneurship of state attorneys general. Because so little has been written about this phenomenon, I engaged with primary sources — first interviewing state attorneys general and current and former career staff, and then examining documentary evidence received through FOIA requests submitted to AG offices around the country.

Much as Justice Louis Brandeis imagined states as laboratories of the law, offices …

The Right To Silence V. The Fifth Amendment, Tracey Maclin

Faculty Scholarship

This paper concerns a well-known, but badly misunderstood, constitutional right. The Fifth Amendment to the Constitution guarantees, inter alia, that no person “shall be compelled in any criminal case to be a witness against himself.” For the non-lawyer, the Fifth Amendment protects an individual’s right to silence. Many Americans believe that the Constitution protects their right to remain silent when questioned by police officers or governmental officials. Three rulings from the Supreme Court over the past twelve years, Chavez v. Martinez (2003), Berghuis v. Thomkpins (2010) and Salinas v. Texas (2013), however, demonstrate that the “right to remain silent” that …

Reconsidering Constitutional Protection For Health Information Privacy, Wendy K. Mariner

Faculty Scholarship

What kinds of health information should be reported to government for civil purposes? Several competing trends encourage efforts to reassess the scope of constitutional protection for health information: the social and commercial value of health information; the amount of data held by third parties, from health care providers to internet servers; critiques of the third party doctrine exception to Fourth Amendment protection; and concerns about the loss of privacy. This article describes a variety of civil purposes for which health information is collected today. A close analysis of cases applying the third party doctrine, administrative search principles, and the special …

The Internet Of Heirlooms And Disposable Things, Woodrow Hartzog, Evan Selinger

Faculty Scholarship

The Internet of Things (“IoT”) is here, and we seem to be going all in. We are trying to put a microchip in nearly every object that is not nailed down and even a few that are. Soon, your cars, toasters, toys, and even your underwear will be wired up to make your lives better. The general thought seems to be that “Internet connectivity makes good objects great.” While the IoT might be incredibly useful, we should proceed carefully. Objects are not necessarily better simply because they are connected to the Internet. Often, the Internet can make objects worse and …

Anonymization And Risk, Ira S. Rubinstein, Woodrow Hartzog

Faculty Scholarship

Perfect anonymization of data sets that contain personal information has failed. But the process of protecting data subjects in shared information remains integral to privacy practice and policy. While the deidentification debate has been vigorous and productive, there is no clear direction for policy. As a result, the law has been slow to adapt a holistic approach to protecting data subjects when data sets are released to others. Currently, the law is focused on whether an individual can be identified within a given set. We argue that the best way to move data release policy past the alleged failures of …

Taking Trust Seriously In Privacy Law, Neil Richards, Woodrow Hartzog

Faculty Scholarship

Trust is beautiful. The willingness to accept vulnerability to the actions of others is the essential ingredient for friendship, commerce, transportation, and virtually every other activity that involves other people. It allows us to build things, and it allows us to grow. Trust is everywhere, but particularly at the core of the information relationships that have come to characterize our modern, digital lives. Relationships between people and their ISPs, social networks, and hired professionals are typically understood in terms of privacy. But the way we have talked about privacy has a pessimism problem – privacy is conceptualized in negative terms, …

Picturing Moral Arguments In A Fraught Legal Arena: Fetuses, Photographic Phantoms And Ultrasounds, Jessica Silbey

Faculty Scholarship

This article investigates the movement in the U.S. that seeks to regulate the abortion decision by mandating ultrasounds prior to the procedure. The article argues that this reform effort is misguided not only because it is ineffective, but also because ultrasounds provide misleading information and are part of shaming practices that degrade the dignity of women. Both of these problems violate the main tenets of Planned Parenthood of Southern Pennsylvania v. Casey (1992). Central to the article’s argument and novelty is that the pro-ultrasound movement’s mistake is both legal and cultural. It misunderstands the nature of visual technology by failing …

Surveillance As Loss Of Obscurity, Woodrow Hartzog, Evan Selinger

Faculty Scholarship

Everyone seems concerned about government surveillance, yet we have a hard time agreeing when and why it is a problem and what we should do about it. When is surveillance in public unjustified? Does metadata raise privacy concerns? Should encrypted devices have a backdoor for law enforcement officials? Despite increased attention, surveillance jurisprudence and theory still struggle for coherence. A common thread for modern surveillance problems has been difficult to find.

In this article we argue that the concept of ‘obscurity,’ which deals with the transaction costs involved in finding or understanding information, is the key to understanding and uniting …

The Scope And Potential Of Ftc Data Protection, Woodrow Hartzog, Daniel J. Solove

Faculty Scholarship

For more than fifteen years, the FTC has regulated privacy and data security through its authority to police deceptive and unfair trade practices as well as through powers conferred by specific statutes and international agreements. Recently, the FTC’s powers for data protection have been challenged by Wyndham Worldwide Corp. and LabMD. These recent cases raise a fundamental issue, and one that has surprisingly not been well explored: How broad are the FTC’s privacy and data security regulatory powers? How broad should they be?

In this Article, we address the issue of the scope of FTC authority in the areas of …

Unfair And Deceptive Robots, Woodrow Hartzog

Faculty Scholarship

Robots, like household helpers, personal digital assistants, automated cars, and personal drones are or will soon be available to consumers. These robots raise common consumer protection issues, such as fraud, privacy, data security, and risks to health, physical safety and finances. Robots also raise new consumer protection issues, or at least call into question how existing consumer protection regimes might be applied to such emerging technologies. Yet it is unclear which legal regimes should govern these robots and what consumer protection rules for robots should look like.

The thesis of the Article is that the FTC’s grant of authority and …

The Substance Of Self-Government, James E. Fleming

Faculty Scholarship

In Democratic Rights: The Substance of Self-Government, Corey Brettschneider develops an attractive and powerful conception of self-government - the value theory of democracy - that encompasses both substantive rights like privacy and procedural rights. Although he argues, following Habermas and Rawls, that substantive rights and procedural rights are "co-original," the structure of his theory may lead him to reduce the former into the latter and not fully to account for personal self-government in his conception of democratic self-government. The wages of his democratic justifications for substantive rights may be a surprising anxiety or unwarranted tension concerning judicial review protecting such …