Privacy Law Commons^™

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

Bad Actors: Authenticity, Inauthenticity, Speech, And Capitalism, Sarah C. Haan

Scholarly Articles

“Authenticity” has evolved into an important value that guides social media companies’ regulation of online speech. It is enforced through rules and practices that include real-name policies, Terms of Service requiring users to present only accurate information about themselves, community guidelines that prohibit “coordinated inauthentic behavior,” verification practices, product features, and more.

This Article critically examines authenticity regulation by the social media industry, including companies’ claims that authenticity is a moral virtue, an expressive value, and a pragmatic necessity for online communication. It explains how authenticity regulation provides economic value to companies engaged in “information capitalism,” “data capitalism,” and “surveillance …

Symposium: The California Consumer Privacy Act, Margot Kaminski, Jacob Snow, Felix Wu, Justin Hughes

Publications

This symposium discussion of the Loyola of Los Angeles Law Review focuses on the newly enacted California Consumer Privacy Act (CPPA), a statute signed into state law by then-Governor Jerry Brown on June 28, 2018 and effective as of January 1, 2020. The panel was held on February 20, 2020.

The panelists discuss how businesses are responding to the new law and obstacles for consumers to make effective use of the law’s protections and rights. Most importantly, the panelists grapple with questions courts are likely to have to address, including the definition of personal information under the CCPA, the application …

Facebook V. Sullivan: Public Figures And Newsworthiness In Online Speech, Thomas E. Kadri, Kate Klonick

Faculty Publications

In the United States, there are now two systems to adjudicate disputes about harmful speech. The first is older and more established: the legal system in which judges apply constitutional law to limit tort claims alleging injuries caused by speech. The second is newer and less familiar: the content-moderation system in which platforms like Facebook implement the rules that govern online speech. These platforms are not bound by the First Amendment. But, as it turns out, they rely on many of the tools used by courts to resolve tensions between regulating harmful speech and preserving free expression—particularly the entangled concepts …

Protecting One's Own Privacy In A Big Data Economy, Anita L. Allen

All Faculty Scholarship

Big Data is the vast quantities of information amenable to large-scale collection, storage, and analysis. Using such data, companies and researchers can deploy complex algorithms and artificial intelligence technologies to reveal otherwise unascertained patterns, links, behaviors, trends, identities, and practical knowledge. The information that comprises Big Data arises from government and business practices, consumer transactions, and the digital applications sometimes referred to as the “Internet of Things.” Individuals invisibly contribute to Big Data whenever they live digital lifestyles or otherwise participate in the digital economy, such as when they shop with a credit card, get treated at a hospital, apply …

Interview On The Black Box Society, Lawrence Joseph, Frank A. Pasquale

Faculty Scholarship

Hidden algorithms drive decisions at major Silicon Valley and Wall Street firms. Thanks to automation, those firms can approve credit, rank websites, and make myriad other decisions instantaneously. But what are the costs of their methods? And what exactly are they doing with their digital profiles of us?

Leaks, whistleblowers, and legal disputes have shed new light on corporate surveillance and the automated judgments it enables. Self-serving and reckless behavior is surprisingly common, and easy to hide in code protected by legal and real secrecy. Even after billions of dollars of fines have been levied, underfunded regulators may have only …

Digital Security In The Expository Society: Spectacle, Surveillance, And Exhibition In The Neoliberal Age Of Big Data, Bernard E. Harcourt

Faculty Scholarship

In 1827, Nicolaus Heinrich Julius, a professor at the University of Berlin, identified an important architectural mutation in nineteenth-century society that reflected a deep disruption in our technologies of knowledge and a profound transformation in relations of power across society: Antiquity, Julius observed, had discovered the architectural form of the spectacle; but modern times had operated a fundamental shift from spectacle to surveillance. Michel Foucault would elaborate this insight in his 1973 Collège de France lectures on The Punitive Society, where he would declare: “[T]his is precisely what happens in the modern era: the reversal of the spectacle into surveillance…. …

An Ethical Duty To Protect One’S Own Information Privacy?, Anita L. Allen

All Faculty Scholarship

People freely disclose vast quantities of personal and personally identifiable information. The central question of this Meador Lecture in Morality is whether they have a moral (or ethical) obligation (or duty) to withhold information about themselves or otherwise to protect information about themselves from disclosure. Moreover, could protecting one’s own information privacy be called for by important moral virtues, as well as obligations or duties? Safeguarding others’ privacy is widely understood to be a responsibility of government, business, and individuals. The “virtue” of fairness and the “duty” or “obligation” of respect for persons arguably ground other-regarding responsibilities of confidentiality and …

Privacy As Product Safety, James Grimmelmann

Cornell Law Faculty Publications

Online social media confound many of our familiar expectations about privacy. Contrary to popular myth, users of social software like Facebook do care about privacy, deserve it, and have trouble securing it for themselves. Moreover, traditional database-focused privacy regulations on the Fair Information Practices model, while often worthwhile, fail to engage with the distinctively social aspects of these online services.

Instead, online privacy law should take inspiration from a perhaps surprising quarter: product-safety law. A web site that directs users' personal information in ways they don't expect is a defectively designed product, and many concepts from products liability law could …

Saving Facebook, James Grimmelmann

Cornell Law Faculty Publications

This Article provides the first comprehensive analysis of the law and policy of privacy on social network sites, using Facebook as its principal example. It explains how Facebook users socialize on the site, why they misunderstand the risks involved, and how their privacy suffers as a result. Facebook offers a socially compelling platform that also facilitates peer-to-peer privacy violations: users harming each others' privacy interests. These two facts are inextricably linked; people use Facebook with the goal of sharing some information about themselves. Policymakers cannot make Facebook completely safe, but they can help people use it safely.

The Article makes …