Privacy Law Commons^™

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

If The Law Can Allow Takebacks, Shouldn't It Also Allow Hackbacks?, Adam Rodrigues

Marquette Intellectual Property Law Review

None.

Legal Risks Of Adversarial Machine Learning Research, Ram Shankar Siva Kumar, Jonathon Penney, Bruce Schneier, Kendra Albert

Articles, Book Chapters, & Popular Press

Adversarial machine learning is the systematic study of how motivated adversaries can compromise the confidentiality, integrity, and availability of machine learning (ML) systems through targeted or blanket attacks. The problem of attacking ML systems is so prevalent that CERT, the federally funded research and development center tasked with studying attacks, issued a broad vulnerability note on how most ML classifiers are vulnerable to adversarial manipulation. Google, IBM, Facebook, and Microsoft have committed to investing in securing machine learning systems. The US and EU are likewise putting security and safety of AI systems as a top priority.

Now, research on adversarial …

Privacy Remedies, Lauren H. Scholz

Indiana Law Journal

When consumers sue companies for privacy-intrusive practices, they are often unsuccessful. Many cases fail in federal court at the motion to dismiss phase because the plaintiff has not shown the privacy infringement has caused her concrete harm. This is a symptom of a broader issue: the failure of courts and commentators to describe the relationship between privacy rights and privacy remedies.

This Article contends that restitution is the normal measure of privacy remedies. Restitution measures relief by economic gain to the defendant. If a plaintiff can show the likely ability to recover in restitution, that should be sufficient to pass …

Data Scraping As A Cause Of Action: Limiting Use Of The Cfaa And Trespass In Online Copying Cases, Kathleen C. Riley

Fordham Intellectual Property, Media and Entertainment Law Journal

In recent years, online platforms have used claims such as the Computer Fraud and Abuse Act (“CFAA”) and trespass to curb data scraping, or copying of web content accomplished using robots or web crawlers. However, as the term “data scraping” implies, the content typically copied is data or information that is not protected by intellectual property law, and the means by which the copying occurs is not considered to be hacking. Trespass and the CFAA are both concerned with authorization, but in data scraping cases, these torts are used in such a way that implies that real property norms exist …

Data Privacy Regulation In The Age Of Smartphones, Matthew Hettrich

Touro Law Review

No abstract provided.

A Cloudy Forecast: Divergence In The Cloud Computing Laws Of The United States, European Union, And China, Tina Cheng

Georgia Journal of International & Comparative Law

No abstract provided.

Identity Theft On Social Networking Sites: Developing Issues Of Internet Impersonation, Maksim Reznik

Touro Law Review

This Comment focuses on the dangers of social media sites when a person gains access to another's online account through two different methods: (1) stealing the third party's password, or (2) creating a completely fake profile and subsequently impersonating that person.