Law Commons^™

Distinguishing Privacy Law: A Critique Of Privacy As Social Taxonomy, María P. Angel, Ryan Calo

Articles

What distinguishes privacy violations from other harms? This has proven a surprisingly difficult question to answer. For over a century, privacy law scholars labored to define the elusive concept of privacy. Then they gave up. Efforts to distinguish privacy were superseded at the turn of the millennium by a new approach: a taxonomy of privacy problems grounded in social recognition. Privacy law became the field that simply studies whatever courts or scholars talk about as related to privacy.

Decades into privacy as social taxonomy, the field has expanded to encompass a broad range of information-based harms—from consumer manipulation to algorithmic …

Who Owns Data? Constitutional Division In Cyberspace, Dongsheng Zang

Articles

Privacy emerged as a concern as soon as the internet became commercial. In early 1995, Lawrence Lessig warned that the internet, though giving us extraordinary potential, was “not designed to protect individuals against this extraordinary potential for others to abuse.” The same technology can “destroy the very essence of what now defines individuality.” Lessig urged that “a constitutional balance will have to be drawn between these increasingly important interests in privacy, and the competing interest in collective security.” Lessig envisioned that creating property rights in data would help individuals by giving them control of their data. As utopian as property …

Privacy And National Politics: Fingerprint And Dna Litigation In Japan And The United States Compared, Dongsheng Zang

Articles

Drawing cases from two related areas of law-fingerprint and DNA (deoxyribonucleic acid) data-this Article proposes a modified framework, built on the Balkin-Levinson emphasis on national politics: First, national politics understood as partisan rivalry cannot account for what I call doctrinal lock-in in this Article, where I will demonstrate that in different stages of American politics-the Lochner era, the New Deal era, and Civil Rights era-courts across the nation ruled predominantly in favor of public data collectors-state and federal law enforcement in fingerprint cases. From the 1990s, when DNA data became hot targets of law enforcement, the United States Supreme Court …

Self-Control Of Personal Data And The Constitution In East Asia, Dongsheng Zang

Articles

No abstract provided.

Pandemic Surveillance Discrimination, Christian Sundquist

Articles

The COVID-19 pandemic has laid bare the abiding tension between surveillance and privacy. Public health epidemiology has long utilized a variety of surveillance methods—such as contact tracing, quarantines, and mandatory reporting laws—to control the spread of disease during past epidemics and pandemics. Officials have typically justified the resulting intrusions on privacy as necessary for the greater public good by helping to stave off larger health crisis. The nature and scope of public health surveillance in the battle against COVID-19, however, has significantly changed with the advent of new technologies. Digital surveillance tools, often embedded in wearable technology, have greatly increased …

Privacy In The Age Of Medical Big Data, W. Nicholson Price Ii, I. Glenn Cohen

Articles

Big data has become the ubiquitous watch word of medical innovation. The rapid development of machine-learning techniques and artificial intelligence in particular has promised to revolutionize medical practice from the allocation of resources to the diagnosis of complex diseases. But with big data comes big risks and challenges, among them significant questions about patient privacy. Here, we outline the legal and ethical challenges big data brings to patient privacy. We discuss, among other topics, how best to conceive of health privacy; the importance of equity, consent, and patient governance in data collection; discrimination in data uses; and how to handle …

Ancient Worries And Modern Fears: Different Roots And Common Effects Of U.S. And Eu Privacy Regulation, David Thaw, Pierluigi Perri

Articles

Much legal and technical scholarship discusses the differing views of the United States and European Union toward privacy concepts and regulation. A substantial amount of effort in recent years, in both research and policy, focuses on attempting to reconcile these viewpoints searching for a common framework with a common level of protection for citizens from both sides of Atlantic. Reconciliation, we argue, misunderstands the nature of the challenge facing effective cross-border data flows. No such reconciliation can occur without abdication of some sovereign authority of nations, that would require the adoption of an international agreement with typical tools of international …

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Privacy, Vulnerability, And Affordance, Ryan Calo

Articles

This essay begins to unpack the complex, sometimes contradictory relationship between privacy and vulnerability. I begin by exploring how the law conceives of vulnerability — essentially, as a binary status meriting special consideration where present. Recent literature recognizes vulnerability not as a status but as a state — a dynamic and manipulable condition that everyone experiences to different degrees and at different times. I then discuss various ways in which vulnerability and privacy intersect. I introduce an analytic distinction between vulnerability rendering, i.e., making a person more vulnerable, and the exploitation of vulnerability whether manufactured or native. I also describe …

Democratic Surveillance, Mary Anne Franks

Articles

No abstract provided.

Riley V. California And The Beginning Of The End For The Third-Party Search Doctrine, David A. Harris

Articles

In Riley v. California, the Supreme Court decided that when police officers seize a smart phone, they may not search through its contents -- the data found by looking into the call records, calendars, pictures and so forth in the phone -- without a warrant. In the course of the decision, the Court said that the rule applied not just to data that was physically stored on the device, but also to data stored "in the cloud" -- in remote sites -- but accessed through the device. This piece of the decision may, at last, allow a re-examination of …

Intelligence Legalism And The National Security Agency’S Civil Liberties Gap, Margo Schlanger

Articles

Since June 2013, we have seen unprecedented security breaches and disclosures relating to American electronic surveillance. The nearly daily drip, and occasional gush, of once-secret policy and operational information makes it possible to analyze and understand National Security Agency activities, including the organizations and processes inside and outside the NSA that are supposed to safeguard American’s civil liberties as the agency goes about its intelligence gathering business. Some have suggested that what we have learned is that the NSA is running wild, lawlessly flouting legal constraints on its behavior. This assessment is unfair. In fact, the picture that emerges from …

Taxation And Surveillance: An Agenda, Michael Hatfield

Articles

Among government agencies, the IRS likely has the surest legal claim to the most information about the most Americans: their hobbies, religious affiliations, reading activities, travel, and medical information are all potentially tax relevant. Privacy scholars have studied the arrival of Big Data, the internet-of-things, and the cooperation of private companies with the government in surveillance, but neither privacy nor tax scholars have considered how these technological advances should impact the U.S. tax system. As government agencies and private companies increasingly pursue what has been described as the “growing gush of data,” the use of these technologies in tax administration …

Self-Defense Against Robots And Drones, A. Michael Froomkin, P. Zak Colangelo

Articles

Robots can pose-or can appear to pose-a threat to life, property, and privacy. May a landowner legally shoot down a trespassing drone? Can she hold a trespassing autonomous car as security against damage done or further torts? Is the fear that a drone may be operated by a paparazzo or Peeping Tom sufficient grounds to disable or interfere with it? How hard may you shove if the office robot rolls over your foot? This Article addresses all those issues and one more. what rules and standards we could put into place to make the resolution of those questions easier and …

Reasonable Expectations Of Privacy Settings: Social Media And The Stored Communications Act, David Thaw, Christopher Borchert, Fernando Pinguelo

Articles

In 1986, Congress passed the Stored Communications Act (“SCA”) to provide additional protections for individuals’ private communications content held in electronic storage by third parties. Acting out of direct concern for the implications of the Third-Party Records Doctrine — a judicially created doctrine that generally eliminates Fourth Amendment protections for information entrusted to third parties — Congress sought to tailor the SCA to electronic communications sent via and stored by third parties. Yet, because Congress crafted the SCA with language specific to the technology of 1986, courts today have struggled to apply the SCA consistently with regard to similar private …

Can Americans Resist Surveillance?, Ryan Calo

Articles

This Essay analyzes the ability of everyday Americans to resist and alter the conditions of government surveillance. Americans appear to have several avenues of resistance or reform. We can vote for privacy-friendly politicians, challenge surveillance in court, adopt encryption or other technologies, and put market pressure on companies not to cooperate with law enforcement.

In practice, however, many of these avenues are limited. Reform-minded officials lack the capacity for real oversight. Litigants lack standing to invoke the Constitution in court. Encryption is not usable and can turn citizens into targets. Citizens can extract promises from companies to push back against …

Regulating Mass Surveillance As Privacy Pollution: Learning From Environmental Impact Statements, A. Michael Froomkin

Articles

Encroachments on privacy through mass surveillance greatly resemble the pollution crisis in that they can be understood as imposing an externality on the surveilled. This Article argues that this resemblance also suggests a solution: requiring those conducting mass surveillance in and through public spaces to disclose their plans publicly via an updated form of environmental impact statement, thus requiring an impact analysis and triggering a more informed public conversation about privacy. The Article first explains how mass surveillance is polluting public privacy and surveys the limited and inadequate doctrinal tools available to respond to mass surveillance technologies. Then, it provides …

From Anonymity To Identification, A. Michael Froomkin

Articles

This article examines whether anonymity online has a future. In the early days of the Internet, strong cryptography, anonymous remailers, and a relative lack of surveillance created an environment conducive to anonymous communication. Today, the outlook for online anonymity is poor. Several forces combine against it: ideologies that hold that anonymity is dangerous, or that identifying evil-doers is more important than ensuring a safe mechanism for unpopular speech; the profitability of identification in commerce; government surveillance; the influence of intellectual property interests and in requiring hardware and other tools that enforce identification; and the law at both national and supranational …

The 1 Percent Solution: Corporate Tax Returns Should Be Public (And How To Get There), Reuven S. Avi-Yonah, Ariel Siman

Articles

The justification for publishing corporate tax returns is that corporations are given immense benefits by the state that bestows upon them unlimited life and limited liability, and therefore they owe the public the information of how they treat the state that created them. Tax returns, like the financial disclosures that publicly traded corporations must file with the SEC, also provide useful information to shareholders, creditors, and the investing public.

Hands Off Our Fingerprints: State, Local, Andindividual Defiance Of Federal Immigrationenforcement, Christine N. Cimini

Articles

Secure Communities, though little-known outside law-enforcement circles, is one of the most powerful of the federal government’s immigration enforcement programs. Under Secure Communities, fingerprints collected by state and local law enforcement and provided to the Federal Bureau of Investigation for criminal background checks are automatically shared with the Department of Homeland Security, which checks the fingerprints against its immigration database. In the event of a match, an immigration detainer can be issued and an individual held after they would otherwise be entitled to release. Originally designed as a voluntary program in which local governments could choose to participate, the Department …

Privacy Harm Exceptionalism, Ryan Calo

Articles

“Exceptionalism” refers to the belief that a person, place, or thing is qualitatively different from others in the same basic category. Thus, some have spoken of America’s exceptionalism as a nation. Early debates about the Internet focused on the prospect that existing laws and institutions would prove inadequate to govern the new medium of cyberspace. Scholars have made similar claims about other areas of law.

The focus of this short essay is the supposed exceptionalism of privacy. Rather than catalogue all the ways that privacy might differ from other concepts or areas of study, I intend to focus on the …

"Pets Must Be On A Leash": How U.S. Law (And Industry Practice) Often Undermines And Even Forbids Valuable Privacy Enhancing Technology, A. Michael Froomkin

Articles

No abstract provided.

The Fourth Amendment In The Information Age, Ricardo J. Bascuas

Articles

In 2013, the Supreme Court tacitly conceded that the expectations-of-privacy test used since 1967 to assess claims of Fourth Amendment violations was inadequate. It asserted that the previous property-based test for Fourth Amendment violations had never despite widespread agreement to the contrary been overruled. The Court compounded its artfulness by applying a new, significantly weaker trespass test that, like the expectations-of-privacy test, enjoys no legal pedigree. This new trespass test, which is to be applied together with the expectations-of-privacy test, suffers from the same defect as the test it purportedly supplements. It does not require the government to respect private …

Bringing Clarity To Administrative Search Doctrine: Distinguishing Dragnets From Special Subpopulation Searches, Eve Brensike Primus

Articles

Anyone who has been stopped at a sobriety checkpoint, screened at an international border, scanned by a metal detector at an airport or government building, or drug tested for public employment has been subjected to an administrative search or seizure. Searches of public school students, government employees, and probationers are characterized as administrative, as are business inspections and-increasingly-wiretaps and other searches used in the gathering of national security intelligence. In other words, the government conducts thousands of administrative searches every day. None of these searches requires either probable cause or a search warrant. Instead, courts evaluating administrative searches need only …

Disentangling Administrative Searches, Eve Brensike Primus

Articles

Everyone who has been screened at an international border, scanned by an airport metal detector, or drug tested for public employment has been subjected to an administrative search. Since September 11th, the government has increasingly invoked the administrative search exception to justify more checkpoints, unprecedented subway searches, and extensive wiretaps. As science and technology advance, the frequency and scope of administrative searches will only expand. Formulating the boundaries and requirements of administrative search doctrine is therefore a matter of great importance. Yet the rules governing administrative searches are notoriously unclear. This Article seeks to refocus attention on administrative searches and …

Mapping Online Privacy, Jacqueline D. Lipton

Articles

Privacy scholars have recently outlined difficulties in applying existing concepts of personal privacy to the maturing Internet. With Web 2.0 technologies, more people have more opportunities to post information about themselves and others online, often with scant regard for individual privacy. Shifting notions of 'reasonable expectations of privacy' in the context of blogs, wikis, and online social networks create challenges for privacy regulation. Courts and commentators struggle with Web 2.0 privacy incursions without the benefit of a clear regulatory framework. This article offers a map of privacy that might help delineate at least the outer boundaries of Web 2.0 privacy. …

Lost In Translation? Data Mining, National Security And The Adverse Inference Problem, Anita Ramasastry

Articles

To the extent that we permit data mining programs to proceed, they must provide adequate due process and redress mechanisms that permit individuals to clear their names. A crucial criteria for such a mechanism is to allow access to information that was used to make adverse assessments so that errors may be corrected. While some information may have to be kept secret for national security purposes, a degree of transparency is needed when individuals are trying to protect their right to travel or access government services free from suspicion.

Part II of this essay briefly outlines the government's ability to …

Collateralizing Internet Privacy, Xuan-Thao Nguyen

Articles

Collateralizing privacy is a pervasive conduct committed by many on-line companies. Yet most don't even realize that they are engaging in collateralizing privacy. Worse yet, governmental agencies and consumer groups are not even aware of the violation of on-line consumer privacy by the collateralization of privacy. Professor Nguyen argues that collateralizing privacy occurs under the existing privacy regime and the architecture of article 9 of the Uniform Commercial Code. Professor Nguyen critiques the violation of privacy through collateralization dilemmas and proposes a solution involving modifications of the contents of the financing statement and security agreement in secured transactions where consumer …

Brandeis & Warren's 'The Right To Privacy And The Birth Of The Right To Privacy', Ben Bratman

Articles

Privacy law and conceptions of a right to privacy have, of course, evolved considerably since 1890 when future Supreme Court Justice Louis Brandeis and Boston attorney Samuel Warren penned their now ageless article, The Right to Privacy, 4 Harv. L. Rev. 193, in which they argued the law should recognize such a right and impose liability in tort for intrusions on it. But quite apart from any argument about how attenuated the link might be between Brandeis and Warren's specific proposals and the current state of privacy law, is it fair to say, as so many scholars and judges repeatedly …

The Death Of Privacy?, A. Michael Froomkin

Articles

The rapid deployment of privacy-destroying technologies by governments and businesses threatens to make informational privacy obsolete. The first part of this article describes a range of current technologies to which the law has yet to respond effectively. These include: routine collection of transactional data, growing automated surveillance in public places, deployment of facial recognition technology and other biometrics, cell-phone tracking, vehicle tracking, satellite monitoring, workplace surveillance, Internet tracking from cookies to "clicktrails", hardware-based identifiers, intellectual property-protecting "snitchware," and sense-enhanced searches that allow observers to see through everything from walls to clothes. The cumulative and reinforcing effect of these technologies may …