What type of feedback would you like to send?
Abstract: Law is contributing to an information security paradox. Consumers are regularly "consenting" to the installation of computer code that makes them more vulnerable to harms such as identity theft. In particular, digital rights management technology accompanying digital music has recently left a wake of compromised user machines. Using this case study of security-invasive digital rights management technology, this article argues that a fundamental tension exists among intellectual property law, computer intrusion law and contract law regarding meaningful consumer consent in digital contexts. This article proposes to ease this noise in consent doctrine through creating an objective "reasonable digital consumer" standard based on empirical testing of real consumers.
data, information, security, contract, consent, computer, intellectual property, copyright, trademark, identity theft, intrusion, hacking
Abstract: Since the mid 1990's, spam has been legally analyzed primarily as an issue of balancing commercial speech with consumers' privacy. This calculus must now be revised. The possible deleterious consequences of a piece of spam go beyond inconvenient speech and privacy invasion; spam variants such as phishing and "malspam" (spam that exploits security vulnerabilities) now result in large-scale identity theft and remote compromise of user machines. The severity of the spam problem requires analyzing spam foremost as an international security issue, expanding the debate to include the dynamic impact of spam on individual countries' economies and the international system as a whole. Spam creation is becoming a flourishing competitive international industry, generating a new race to the bottom that will continue to escalate. Although the majority of spammers reside in the United States and a majority of spam appears to originate in the U.S., spam production is being increasingly outsourced to other countries by U.S. spammers. Similarly, as U.S. authorities begin to prosecute, spammers are moving offshore to less regulated countries. Therefore, spam presents an international security collective action problem requiring legislative action throughout the international system. A paradigm shift on the national and international level is required to forge an effective international spam regulatory regime. Spam regulation should be contemplated in tandem with the development of computer intrusion legislation and privacy legislation, harmonizing all three simultaneously across the international system to form a coherent international data control regime.
Spam, internet, regulation, security, privacy
Abstract: This article undertakes a normative and empirical legal inquiry into the manner information security vulnerabilities are being addressed through law and in the marketplace. Specifically, this article questions the current legislative paradigm for information security regulation by presenting a critique grounded in information security and cryptography theory. Consequently, this article advocates shifting our regulatory approach to a process-based security paradigm that focuses on improving security of our system as a whole. Finally, this article argues that in order to accomplish this shift with least disruption to current legal and economic processes, expanding an existing set of well-functioning legal structures is preferable to crafting new legal structures. Securities disclosure law is already focused on regulating the most connected points in our economy, publicly traded entities. Public companies provide a good starting point for spreading better information security behaviors because of this connectedness; disclosure of public companies' information security behaviors will assist them in maximizing shareholder value and will assist regulators in finding the inadequately secure points in our economy.
data information, security privacy, law securities
Abstract: This article explores whether a duty to warn should exist in the context of digital products. It argues in favor of creating a "reasonable expectation of code safety." Section I explains the dominant ways that digital products can harm consumers through their code and not their content, focusing on functionality and information security harms. Section II reviews existing regulation of digital products and highlights their focus on improving information parity and consumer control over digital product relationships. Section II then sets forth the scope of the duty to warn and protect from harms in real space owed by possessors of land to their business visitors upon it and argues in favor of importing these concepts into the digital consumer protection context. Finally, Section II proposes a "reasonable expectation of code safety," comprised of a duty of code inspection, a duty to warn of code harms and a duty to repair code promptly. It also proposes a three-tiered framework inspired by systems theory and the land-based duty to warn and repair. Section III considers the primary challenge against the proposed framework - on First Amendment grounds - and finds the framework to fully comport with First Amendment protections.
information security, technology, internet, First Amendment, speech, identity theft, spam, communication
Abstract: This article calls for the revitalization of the legislative, social policy and academic discourse regarding the causes and appropriate remedies for the gender gap among information technology professionals, with two critical differences. First, this article theoretically reframes the issue of women's under-representation among information technology professionals by presenting it as primarily a technology equity issue to be discussed in the policy context of the digital divide discourse - a gendered digital production divide. Second, this article argues for refocusing legislative and educational efforts from more traditional educational approaches to curricular experimentation and technology mentorship initiatives on the junior-high and high school levels.
internet, technology, digital, divide, girls, equity, women, education, gender
Abstract: This foreword notes the importance of considering emerging aggregate patterns of strategic legal and business behavior as a form of regulation that differs from computer code as a method of regulation, on one hand, and law, on the other.
technology, internet, code, emergence, complexity
Abstract: This article uses network theory, a branch of complexity theory, to examine questions of internet jurisdiction in context of intentional torts and intellectual property harms -- the types of internet harms traditional personal jurisdiction frameworks have difficulty addressing. It then proposes a trusted systems approach to these jurisdictional determinations.
internet, jurisdiction, privacy, data, tort, intellectual
Abstract: Existing paradigms in corporate law do not adequately conceptualize today's corporations. Corporate assets have become increasingly intangible, and operational structures have been materially altered in the last two decades by information technology. This article argues in favor of "asset sensitive" governance. Asset sensitivity embodies three important additions to prior corporate law scholarship. First, using developmental psychology theory as its starting point, asset sensitive governance focuses on corporate development using a corporation in a social context as the smallest unit of analysis. Second, because corporations rely on intangible assets that are fragile and relational, asset sensitivity mandates shifting fiduciary duties of good faith and care toward developing and preserving corporate assets ongoing officer and director oversight is needed, not simply oversight of extraordinary transactions. Third, asset sensitive governance considers change across time - in stakeholders, in the economic environment, and in corporate learning.
Delaware, Journal, Corporate, Law, DJCL, intangible, asset, assets, psychology, governance
Abstract: Existing paradigms in corporate law do not adequately conceptualize today's corporations. Corporate assets have become increasingly intangible, and operational structures have been materially altered in the last two decades by information technology. This article argues in favor of "asset sensitive" governance. Asset sensitivity embodies three important additions to prior corporate law scholarship. First, using developmental psychology theory as its starting point, asset sensitive governance focuses on corporate development using a corporation in a social context as the smallest unit of analysis. Second, because corporations rely on intangible assets that are fragile and relational, asset sensitivity mandates shifting fiduciary duties of good faith and care toward developing and preserving corporate assets: ongoing officer and director oversight is needed, not simply oversight of extraordinary transactions. Third, asset sensitive governance considers change across time—in stakeholders, in the economic environment, and in corporate learning.
fiduciary duties, corporate law, governance, intangible assets, technology, intellectual property, trade secrets
Abstract: Traditional paradigms of technology regulation ask how technology-mediated space is different from non-technology mediated space. Regulation rarely focuses on how technology makes a user develop differently than she/he otherwise would and what those differences might mean for regulatory approaches. This article introduces nonlinear developmental paradigms of contextualist and ecological developmental psychology theory to the debate over technology regulation. It argues that technology regulation presents a strong example of the dangers and inefficiencies of blindly adopting an approach to regulating human conduct based solely on linear developmental assumptions. This article specifically explores the legal implications of technology-mediated human development using the technology policy arena of corporate child data security regulation.
technology internet privacy security COPPA
Abstract: Relying heavily on Thomas Dunfee’s work, this article conducts an in-depth analysis of the relationship between law and business ethics in the context of corporate information security. It debunks the two dominant arguments against corporate investment in information security and explains why socially responsible corporate conduct necessitates strong information security practices. This article argues that companies have ethical obligations to improve information security arising out of a duty to avoid knowingly causing harm to others and, potentially, a duty to exercise unique capabilities for the greater social good and to buttress stable functioning of social institutions.
business ethics, law, corporate social responsibility, information security
Abstract: This paper empirically and normatively explores the current data security contracting regime that exists online. Using an analytical lens from complexity theory, this article presents an empirical study of 75 websites of publicly traded companies across time, tracking legal emergence of data security contracting practices. It then argues that a new legal construction for data security contracting is needed to replace the current regime of terms of use and privacy policies; current internet data security contracting structures do not facilitate building of commercial trust.
data, security, privacy, contract
© 2010 Social Science Electronic Publishing, Inc. All Rights Reserved. FAQ Terms of Use Privacy Policy Copyright This page was served by apollo3b in 0.234 seconds.
