Privacy Law Commons^™

Shields Up For Software, Derek E. Bambauer, Melanie J. Teplinsky

UF Law Faculty Publications

This Article contends that the National Cybersecurity Strategy's software liability regime should incorporate two safe harbors. The first would shield software creators and vendors from liability for decisions related to design, implementation, and maintenance, as long as those choices follow enumerated best practices. The second—the “inverse safe harbor”—would have the opposite effect: coders and distributors who engaged in defined worst practices would automatically become liable. This Article explains the design, components, and justifications for these twin safe harbors. The software safe harbors are key parts of the overall design of the new liability regime and work in tandem with the …

Securing Patent Law, Charles Duan

Articles in Law Reviews & Other Academic Journals

A vigorous conversation about intellectual property rights and national security has largely focused on the defense role of those rights, as tools for responding to acts of foreign infringement. But intellectual property, and patents in particular, also play an arguably more important offense role. Foreign competitor nations can obtain and assert U.S. patents against U.S. firms and creators. Use of patents as an offense strategy can be strategically coordinated to stymie domestic innovation and technological progress. This Essay considers current and possible future practices of patent exploitation in this offense setting, with a particular focus on China given the nature …

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

Eu Privacy Law And U.S. Surveillance: Solving The Problem Of Transatlantic Data Transfers, Peter Margulies

Law Faculty Scholarship

No abstract provided.

Cybersecurity-The Internet Of Things, Amy J. Ramson

Open Educational Resources

With 38.5 billion smart devices in existence in 2020 and increasing every year, the potential for security breaches in the Internet of things is also escalating at a dramatic pace. The goal of this team activity is to facilitate team work, critical thinking, and presentation skills in the area of cybersecurity and the Internet of Things. Students will be grouped into two teams. As a team, they will analyze cases about security cameras and smart dolls through the questions presented in the activity. They will present their analysis to the class.

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Internet Of Things For Sustainability: Perspectives In Privacy, Cybersecurity, And Future Trends, Abdul Salam

Faculty Publications

In the sustainability IoT, the cybersecurity risks to things, sensors, and monitoring systems are distinct from the conventional networking systems in many aspects. The interaction of sustainability IoT with the physical world phenomena (e.g., weather, climate, water, and oceans) is mostly not found in the modern information technology systems. Accordingly, actuation, the ability of these devices to make changes in real world based on sensing and monitoring, requires special consideration in terms of privacy and security. Moreover, the energy efficiency, safety, power, performance requirements of these device distinguish them from conventional computers systems. In this chapter, the cybersecurity approaches towards …

Introducing The Global Data Privacy Prize, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Dean's Desk: Iu Maurer Programs Supporting Careers In Cybersecurity, Austen L. Parrish

Austen Parrish (2014-2022)

A recent Bureau of Labor Statistics report estimated a near 30 percent growth in coming years for information security professionals, far outpacing most other job types. While Indiana University has long recognized the importance of data security and privacy, multiple new initiatives are ensuring that the next generation of chief information security officers, systems analysts, privacy professionals and others will come from our law school.

One of the ways the law school is leading the way is through the university’s new master of science in cybersecurity risk management. That degree program combines the resources of three of IU’s top-ranked schools …

Risk And Anxiety: A Theory Of Data Breach Harms, Danielle K. Citron, Daniel Solove

Faculty Scholarship

In lawsuits about data breaches, the issue of harm has confounded courts. Harm is central to whether plaintiffs have standing to sue in federal court and whether their claims are viable. Plaintiffs have argued that data breaches create a risk of future injury from identity theft or fraud and that breaches cause them to experience anxiety about this risk. Courts have been reaching wildly inconsistent conclusions on the issue of harm, with most courts dismissing data breach lawsuits for failure to allege harm. A sound and principled approach to harm has yet to emerge, resulting in a lack of consensus …

Expanding The Artificial Intelligence-Data Protection Debate, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Advancing Human Rights-By-Design In The Dual-Use Technology Industry, Jonathon Penney, Sarah Mckune, Lex Gill, Ronald Deibert

Articles, Book Chapters, & Popular Press

It is no secret that technology companies have greased the wheels for human rights abuses around the world — backed by a global web of private sector support and investment that has yielded significant financial returns. For example, the University of Toronto's Citizen Lab recently published research analyzing the use of Internet filtering technology developed by Canadian company Netsweeper in ten countries globally — Afghanistan, Bahrain, India, Kuwait, Pakistan, Qatar, Somalia, Sudan, United Arab Emirates, and Yemen — and concluded these uses likely violated international human rights law. Products like Netsweeper’s Internet filtering systems are often referred to as "dual …

Data Collection And The Regulatory State, Ahmed Ghappour

Faculty Scholarship

The following remarks were given on January 27, 2017 during the Connecticut Law Review’s symposium, “Privacy, Security & Power: The State of Digital Surveillance.” Hillary Greene, the Zephaniah Swift Professor of Law at the University of Connecticut School of Law, offered introductory remarks and moderated the panel. The panel included Dr. Cooper, Associate Professor of Law and Director of the Program on Economics & Privacy at Antonin Scalia Law School at George Mason University, Professor Ghappour, Visiting Assistant Professor at UC Hastings College of the Law, Attorney Lieber, Senior Privacy Policy Counsel at Google, and Dr. Wu, Professor of Law …

Ispy: Threats To Individual And Institutional Privacy In The Digital World, Lori Andrews

All Faculty Scholarship

What type of information is collected, who is viewing it, and what law librarians can do to protect their patrons and institutions.

The Rise Of Cybersecurity And Its Impact On Data Protection, Fred H. Cate, Christopher Kuner, Dan Jerker B. Svantesson, Orla Lynskey, Christopher Millard

Articles by Maurer Faculty

No abstract provided.

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Health Information Equity, Craig Konnoth

Publications

In the last few years, numerous Americans’ health information has been collected and used for follow-on, secondary research. This research studies correlations between medical conditions, genetic or behavioral profiles, and treatments, to customize medical care to specific individuals. Recent federal legislation and regulations make it easier to collect and use the data of the low-income, unwell, and elderly for this purpose. This would impose disproportionate security and autonomy burdens on these individuals. Those who are well-off and pay out of pocket could effectively exempt their data from the publicly available information pot. This presents a problem which modern research ethics …

Standing After Snowden: Lessons On Privacy Harm From National Security Surveillance Litigation, Margot E. Kaminski

Publications

Article III standing is difficult to achieve in the context of data security and data privacy claims. Injury in fact must be "concrete," "particularized," and "actual or imminent"--all characteristics that are challenging to meet with information harms. This Article suggests looking to an unusual source for clarification on privacy and standing: recent national security surveillance litigation. There we can find significant discussions of what rises to the level of Article III injury in fact. The answers may be surprising: the interception of sensitive information; the seizure of less sensitive information and housing of it in a database for analysis; and …

The Data Protection Credibility Crisis, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson, Orla Lynskey

Articles by Maurer Faculty

No abstract provided.

Internet Balkanization Gathers Pace: Is Privacy The Real Driver?, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson, Orla Lynskey

Articles by Maurer Faculty

No abstract provided.

Taking Stock After Four Years, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The Business Of Privacy, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The Extraterritoriality Of Data Privacy Laws -- An Explosive Issue Yet To Detonate, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The End Of The Beginning, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Privacy -- An Elusive Concept, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Moving Forward Together, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Editorial, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Let's Not Kill All The Privacy Laws (And Lawyers), Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.