Law Commons^™

Comments Of The Cordell Institute For Policy In Medicine & Law At Washington University In St. Louis, Neil Richards, Woodrow Hartzog, Jordan Francis

Faculty Scholarship

The Federal Trade Commission—with its broad, independent grant of authority and statutory mandate to identify and prevent unfair and deceptive trade practices—is uniquely situated to prevent and remedy unfair and deceptive data privacy and data security practices. In an increasingly digitized world, data collection, processing, and transfer have become integral to market interactions. Our personal and commercial experiences are now mediated by powerful, information-intensive firms who hold the power to shape what consumers see, how they interact, which options are available to them, and how they make decisions. That power imbalance exposes consumers and leaves them all vulnerable. We all …

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Disruptive Platforms, Margot Kaminski

Publications

No abstract provided.

Standing After Snowden: Lessons On Privacy Harm From National Security Surveillance Litigation, Margot E. Kaminski

Publications

Article III standing is difficult to achieve in the context of data security and data privacy claims. Injury in fact must be "concrete," "particularized," and "actual or imminent"--all characteristics that are challenging to meet with information harms. This Article suggests looking to an unusual source for clarification on privacy and standing: recent national security surveillance litigation. There we can find significant discussions of what rises to the level of Article III injury in fact. The answers may be surprising: the interception of sensitive information; the seizure of less sensitive information and housing of it in a database for analysis; and …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.