Feedback to SSRN (Beta)
What type of feedback would you like to send?
Abstract: In this Article, Professor Schwartz depicts the widespread, silent collection of personal information in cyberspace. At present, it is impossible to know the fate of the personal data that one generates online. Professor Schwartz argues that this state of affairs degrades the health of a deliberative democracy; it cloaks in dark uncertainty the transmutation of Internet activity into personal information that will follow one into other areas and discourage civic participation. This situation also will have a negative impact on individual self-determination by deterring individuals from engaging in the necessary thinking out loud and deliberation with others upon which choice-making depends. In place of the existing privacy horror show on the Internet, Professor Schwartz seeks to develop multidimensional rules that set out fair information practices for personal data in cyberspace. The necessary rules must establish four requirements: (1) defined obligations that limit the use of personal data; (2) transparent processing systems; (3) limited procedural and substantive rights; and (4) external oversight. Under current conditions, a failure exists in the "privacy market." Moreover, despite the Clinton Administration's endorsement of industry self-regulation, this method is an unlikely candidate for success. Industry self-regulation of privacy is a negotiation about "the rules of play" for the use of personal data. In deciding on these rules, industry is likely to be most interested in protecting its stream of revenues. Therefore, it will benefit if it develops norms that preserve the current status quo of maximum information disclosure. This Article advocates a legislative enactment of the four fair information practices. This legal expression of privacy norms is the best first step in promoting democratic deliberation and individual self-determination in cyberspace. It will further the attainment of cyberspace's potential as a new realm for collaboration in political and personal activities. Enactment of such a federal law would be a decisive move to shape technology so it will further- and not harm- democratic self-governance.
Abstract: In this Article, Professor Schwartz depicts the widespread, silent collection of personal information in cyberspace. At present, it is impossible to know the fate of the personal data that one generates online. Professor Schwartz argues that this state of affairs degrades the health of a deliberative democracy; it cloaks in dark uncertainty the transmutation of Internet activity into personal information that will follow one into other areas and discourage civic participation. This situation also will have a negative impact on individual self-determination by deterring individuals from engaging in the necessary thinking out loud and deliberation with others upon which choice-making depends. In place of the existing privacy horror show on the Internet, Professor Schwartz seeks to develop multidimensional rules that set out fair information practices for personal data in cyberspace. The necessary rules must establish four requirements: (1) defined obligations that limit the use of personal data; (2) transparent processing systems; (3) limited procedural and substantive rights; and (4) external oversight. Neither the market nor industry self-regulation are likely, however, to put these four practices in place. Under current conditions, a failure exists in the "privacy market." Moreover, despite the Clinton Administration's endorsement of industry self-regulation, this method is an unlikely candidate for success. Industry self-regulation of privacy is a negotiation about "the rules of play" for the use of personal data. In deciding on these rules, industry is likely to be most interested in protecting its stream of revenues. Therefore, it will benefit if it develops norms that preserve the current status quo of maximum information disclosure. This Article advocates a legislative enactment of the four fair information practices. This legal expression of privacy norms is the best first step in promoting democratic deliberation and individual self-determination in cyberspace. It will further the attainment of cyberspace's potential as a new realm for collaboration in political and personal activities. Enactment of such a federal law would be a decisive move to shape technology so it will further--and not harm--democratic self-governance.
Abstract: In Code, the most influential book yet written about law and cyberspace, Lawrence Lessig makes an intriguing proposal for shaping privacy on the Internet: (1) the legal assignment to every individual of a property interest in her own personal information, and (2) the employment of software transmission protocols, such as P3P, to permit the individual to structure her access to Web sites. In "Beyond Lessig's Code for Internet Privacy: Cyberspace Filters, Privacy Control, and Fair Information Practices," 2000 Wisc. L. Rev. 743, I respond to this approach with a number of criticisms and a competing proposal. My initial criticism of Lessig's proposal for privacy concerns how it contradicts his stand against PICs, a software transmission protocol for filtering Internet content reminiscent of P3P. Once we place privacy in a social context, moreover, P3P seems far less attractive an option. In place of Lessig's underlying paradigm, which seeks to increase personal control of data. I develop a concept of constitutive privacy. In my view, information privacy is a constitutive value that safeguards participation and association in a free society. Rather than simply seeking to allow more and more individual control of personal data, we should view the normative function of information privacy as inhering in its relation to participatory democracy and individual self-determination. A privacy market can play a role in helping information privacy fulfill this constitutive function. Yet, Lessig's propertization of privacy raises a further set of difficulties. In my view, propertization a la Lessig will only heighten flaws in the current market for personal data. This consequence follows from numerous shortcomings in this market and structural difficulties that indicate the unlikelihood of a self-correction in it. Moreover, in revisiting Calabresi and Melamed's work regarding the comparative merits of property and liability regimes, I find that a mixed regime is to be preferred for Internet privacy over Lessig's property regime. Part III of this Article turns from criticism to prescription and develops the mixture of property and liability rules necessary for establishment of information privacy standards in cyberspace. It proposes recourse to Fair Information Practices (FIPs) to establish rules for the fair treatment of personal data on the Internet. Yet, FIPs are not without potential shortcomings if structured only as command-and-control rules. My suggestion therefore is that an American Internet privacy law consisting of FIPs should include both mandatory and default elements.
Abstract: In Internet Privacy and the State, Professor Paul M. Schwartz argues that the dominant rhetoric concerning the use of personal data in cyberspace slights the State's important role in shaping both a privacy market and privacy norms. This Article reaches this conclusion in three steps. In Part I, it first identifies critical shortcomings in the leading paradigm of information privacy, which conceives of privacy as a personal right to control the use of one's data. After discussing and rejecting this model of "privacy-control," the Article in its Part II elaborates information privacy as a constitutive value that helps both to form the society in which we live and to shape our individual identities. This model of "constitutive privacy" indicates that information privacy is necessary to place limits on the power of the state and community alike. Properly devised, information privacy serves to prevent mission-creep by over-zealous norm entrepreneurs in the public and private sectors. Finally, Internet Privacy and the State in its Part III examines how the State can improve the functioning of a privacy market and play a positive role in the development of privacy norms. Regarding the privacy market, the State's first two steps should be to: (1) discourage a default of maximum information disclosure, and (2) encourage a market for privacy-enhancing technology. To overcome more general failings in privacy market efficiency, the State should also: (3) reduce information asymmetries, and (4) seek ways to overcome collective action problems. Regarding privacy norms, the State should: (1) encourage norm circumvention by facilitating attempts to bargain around objectionable norms, (2) provide incentives to groups to modify certain kinds of behavior, and (3) help construct positive bandwagon effects.
Abstract: In Internet Privacy and the State, Professor Paul M. Schwartz argues that the dominant rhetoric concerning the use of personal data in cyberspace slights the State's important role in shaping both a privacy market and privacy norms. This Article reaches this conclusion in three steps. In Part I, it first identifies critical shortcomings in the leading paradigm of information privacy, which conceives of privacy as a personal right to control the use of one's data. After discussing and rejecting this model of "privacy-control," the Article in its Part II elaborates information privacy as a constitutive value that helps both to form the society in which we live and to shape our individual identities. This model of "constitutive privacy" indicates that information privacy is necessary to place limits on the power of the state and community alike. Properly devised, information privacy serves to prevent mission-creep by over-zealous norm entrepreneurs in the public and private sectors. Finally, Internet Privacy and the State in its Part III examines how the State can improve the functioning of a privacy market and play a positive role in the development of privacy norms. Regarding the privacy market, the State's first two steps should be to: (1) discourage a default of maximum information disclosure, and (2) encourage a market for privacy enhancing technology. To overcome more general failings in privacy market efficiency, the State should also: (3) reduce information asymmetries, and (4) seek ways to overcome collective action problems. Regarding privacy norms, the State should: (1) encourage norm circumvention by facilitating attempts to bargain around objectionable norms, (2) provide incentives to groups to modify certain kinds of behavior, and (3) help construct positive bandwagon effects.
Abstract: In 1964, as the welfare state emerged in full force in the United States, Charles Reich published The New Property, one of the most influential articles ever to appear in a law review. Reich argued that in order to protect individual autonomy in an "age of governmental largess," a new property right in governmental benefits had to be recognized. He called this form of property the "new property." In retrospect, Reich, rather than anticipating trends, was swimming against the tide of history. In the past forty years, formal claims to government benefits have become more tenuous rather than more secure. "Overseers of the Poor: Surveillance, Resistance and the Limits of Privacy," by John Gilliom, an associate professor of political science at Ohio State University, demonstrates both the tenuousness of welfare rights today and the costs that this system imposes on individual autonomy. In "Overseers of the Poor," Gilliom uses his case study of welfare recipients as the occasion for an attack on classic notions of privacy rights. Gilliom finds that welfare clients do not engage in "privacy talk" - indeed, he finds the concept to be devoid of value for the welfare recipients. Here, another comparison can be made with Reich's new property. Reich explicitly tied his idea of a new property right in government entitlements to privacy. He felt that the new property was needed to protect privacy, and, in particular, an individual's autonomy. Reich's notion of privacy reaches back to a classic concept of privacy, one that we term the "old privacy." It is precisely this classic idea that Gilliom finds welfare recipients to have rejected. Theoretical work inside and outside of the legal academy has pointed, however, to a "new privacy." The new privacy is centered around Fair Information Practices (FIPs) and is intended to prevent the threats to autonomy. This Review begins by examining Gilliom's methodology and findings. It credits the insights of his look at the inner world of welfare recipients, but finds that he appears to ignore the need for income limits on aid recipients and the concomitant need for at least some personal information to enforce these limits. It also criticizes his failure to explore an interaction of an "ethics of care" among welfare recipients with possible use of retooled privacy rights or interests. In the second part of this Review, we consider the extent to which theoretical work inside and outside of the legal academy points to a new privacy and discuss how Gilliom's empirical research provides support for that scholarship. We will also evaluate the extent to which the new privacy, centered on FIPs, can prevent the threats to personal autonomy so poignantly identified by Gilliom.
Abstract: The law increasingly mandates that private companies disclose information for the benefit of consumers. The latest example of such regulation through disclosure is a requirement that companies notify individuals of data security incidents involving their personal information. In the wake of highly publicized data spills, numerous states have now enacted such legislation, and federal legislation in this area has also been proposed. These statutes seek to punish the breached entity and protect consumers by requiring that a breached entity disclose information about the data spill. There are competing possible approaches, however, to how the law is to mandate release of information about data leaks. This Article finds that a reputational sanction from breach notification can be important, but not for the reasons conventionally discussed. Moreover, a further function of breach notification is mitigation of harm after a data leak. This function requires a multi-institutional coordinated response of the kind that is absent from current policy proposals. To fill this gap, this Article advocates creation of a coordinated response architecture and develops the elements of such an approach.
Abstract: Modern computing technologies and the Internet have generated the capacity to gather, manipulate, and share massive quantities of data; this capacity, in turn, has spawned a booming trade in personal information. Even as it promises new avenues for the creation of wealth, this controversial new market also raises significant concerns for individual privacy-consumers and citizens are often unaware of, or unable to evaluate, the increasingly sophisticated methods devised to collect information about them. This Article develops a model of propertized personal information that responds to these serious concerns about privacy. It begins this task with a description and an analysis of several emerging technologies that illustrate both the promise and peril of the commodification of personal data. This Article also evaluates the arguments for and against a market in personal data, and concludes that while free alienability arguments are insufficient to justify unregulated trade in personal information, concerns about market failure and the public's interest in a protected privacy commons are equally insufficient to justify a ban on the trade. This Article develops the five critical elements of a model for propertized personal information that would help fashion a market that would respect individual privacy and help maintain a democratic order. These five elements are: limitations on an individual's right to alienate personal information; default rules that force disclosure of the terms of trade; a right of exit for participants in the market; the establishment of damages to deter market abuses; and institutions to police the personal information market and punish privacy violations. Finally, this Article returns to examples of technologies already employed in data trade and discusses how this proposed model would apply to them.
Abstract: Free Speech versus Informational Privacy, 52 Stanford Law Review 1559 (2000), discusses and critiques Eugene Volokh's recent article, Freedom of Speech and Information Privacy, 52 Stanford Law Review 1049 (2000). In his article, Volokh contends that the government's safeguarding of information privacy endangers a wide range of speech unrelated to personal data. In response, I propose that a democratic society depends on realms of communication beyond that of public discourse. The difficulty is that the American law of freedom of expression is underdeveloped concerning checks on communication in the name of personal privacy. As a result, the challenge is to demonstrate that information privacy is an integral part of the mission of free speech and not its enemy. This comment argues that information privacy has an important role in protecting individual self-determination and democratic deliberation. Attention to these issues by the legal order is essential to the health of a democracy, which ultimately depends on individual communicative competence.
Abstract: The legal systems of Germany and the United States contain detailed rules that regulate the surveillance of telecommunications by domestic law enforcement agencies. An initial question about this surveillance concerns the relative levels of such activity in Germany and the United States. This Article demonstrates, however, that the available statistics do not permit the drawing of conclusions about the relative amount of surveillance in the two countries. Any comparison based on these data sets proves to be illusory - the official statistics in Germany and the U.S. measure different phenomenon. Despite an absence of a basis for an empirical exploration of relative levels of telecommunications surveillance in Germany and the U.S., it is possible to compare the applicable legal regulations in the two countries. This Article examines both constitutional and statutory regulations. It finds that the U.S. Supreme Court has developed a restrictive vision of the Fourth Amendment that extends its protections only to telecommunications content, but not telecommunications attributes. In contrast, the German Federal Constitutional Court has interpreted Article 10 of the Basic Law, the postwar German constitution, as protecting not only telecommunications content but also telecommunications attributes. This Article also examines the statutory law that governs telecommunications surveillance in Germany and the U.S. It evaluates six categories: (1) legal protection for telecommunications information; (2) legal protection for connection data; (3) legal protection for stored data; (4) legal requirements for data retention or data erasure; (5) legal protection for contents of telecommunications; and (6) the nature of available remedies. In a final section, this Article examines three possible "X factors," beyond the surveillance regulations expressed in legal regulations, that may affect law enforcement behavior in carrying out telecommunications surveillance in the two countries.
Abstract: The Gramm-Leach-Bliley Act (GLB Act) of 1999 sought to provide new rules for financial privacy. Only a few years after the GLB Act's enactment, however, it appears to have failed as far as privacy protection is concerned. The Act has pleased neither privacy advocates nor the financial industry. It may, in fact, be a rare legislative feat to have a single statute create so many diverse critics so quickly. This Article examines the GLB Act and its shortcomings through reference to and refinement of theoretical work regarding the law of incomplete contracts. The key scholarship concerns information sharing and "defaults," or background rules, for filling gaps in agreements. We explore three possible kinds of defaults: majoritarian, information forcing, and norm enforcing. This Article finds that the GLB Act's privacy safeguards are highly problematic as examples of either a majoritarian or information forcing default. The GLB Act also raises difficulties if evaluated as a background rule that seeks to enforce norms. In our judgment, information privacy should be conceptualized as a norm constitutive of a democratic society. The access to personal information and limits on it help form the nature of the society in which we live and shape our individual identities. For example, the structure of access to personal information can have a decisive impact on the extent to which certain actions or expressions of identity are encouraged or discouraged. Our concept of "constitutive privacy" suggests that information privacy is a kind of commons that requires some degree of social control to construct and preserve. Default rules, when viewed from this normative perspective, should have a limited role in norm enforcement because of the current poor functioning of the privacy market between consumers and financial institutions. In particular, the presence of bounded rationality along with coordination problems makes default rules a risky choice in this context of information privacy. Under such conditions, the law should generally seek to minimize harms that flow from reliance on bargaining among consumers and data processors. In this Article's final section, we explore ways in which to make the GLB Act's mandatory rules more flexible, and we propose possible revisions to the existing "notice and opt-out" default in the GLB Act. Finally, we revisit the GLB Act's opt-out requirement. We propose to improve upon this requirement by using social science research concerning the power of "frames." We also discuss the possible merits of a shift to an opt-in requirement.
Abstract: Since the ratification of the constitution, intellectual property law in the United States has always been, in part, constitutional law. Among the enumerated powers that Article I of the Constitution vests in Congress is the power to create certain intellectual property rights. To a remarkable extent, scholars who have examined the Constitution's Copyright Clause have reached a common position. With striking unanimity, these scholars have called for aggressive judicial review of the constitutionality of congressional legislation in this area. The champions of this position - we refer to them as the IP Restrictors - represent a remarkable array of constitutional and intellectual property scholars. In this terms's Eldred v. Aschroft, leading IP Restrictor Lawrence Lessig, representing petitioner Eric Eldred, sought to convince the Supreme Court that the IP Restrictors' view of the Copyright Clause was the correct one. By a vote of 7-2, the Supreme Court rejected Eldred's claim and upheld the statute. But while the Court rejected the IP Restrictors' vision, it did not offer a satisfactory competing conception of the Copyright Clause and how the courts should construe it. Critically, even though the standard of review was of central significance, the Court applied a deferential form of rational basis scrutiny without explaining why this was the appropriate standard. This paper develops the case for deferential review of congressional legislation in the area of intellectual property and, at a deeper level, offers a new paradigm for understanding the Copyright Clause. We propose that from the vantage point of constitutional law, intellectual property should be treated as a form of constitutional property. Deference to congressional judgments is warranted because congressional legislation affecting intellectual property is analytically similar to congressional legislation affecting other forms of property. Courts subject congressional legislation affecting traditional forms of property to deferential review because of concerns about institutional competence and respect for majoritarian decisionmaking. These two concerns in conjunction with proper regard for holistic constitutional interpretation should also lead courts to deferential review of congressional legislation affecting intellectual property. In developing our position, we draw on constitutional history and, in particular, the lessons of Lochner v. New York. In defense of their vision of the Constitution, the IP Restrictors and the dissenters in Eldred make claims about the original understanding that, to an astonishing extent, echo those made by proponents of Lochner-era jurisprudence. We argue, however, that these claims fail for two reasons. First, the IP Restrictors and the dissenters disregard the limited scope of judicial review at the time of the Founding. Additionally, the IP Restrictors and dissenters disregard the range of views among the Founders about monopolies.
Abstract: The 9/11 terrorists, before their deadly attacks, sought invisibility through integration into the society they hoped to destroy. In a similar fashion, the terrorists who carried out subsequent attacks in Madrid and London attempted to blend into their host lands. This strategy has forced governments, including the United States, to rethink counterterrorism strategies and tools. One of the current favored strategies involves data mining. In its pattern-based variant, data mining searches select individuals for scrutiny by analyzing large data sets for suspicious data linkages and patterns. Because terrorists do not stand out, intelligence and law enforcement agents want to do more than rely exclusively on investigations of known suspects. The new goal is to search for a pattern or signature in massive amounts of transaction data. This Article begins by examining governmental data mining. In Part II, this Article reviews widely held views about the necessary safeguards for the use of data mining. In Part III, this Article considers dataveillance by private corporations and how they have compiled rich collections of information gathered online in the absence of a robust legal framework that might help preserve online privacy. This Article then discusses some of the techniques that individuals can employ to mask their online activity as well as existing and emerging technological approaches to preventing the private sector or government from linking their personal information and tracing their activities. This Article concludes by briefly considering three topics: (1) whether and how to regulate the potential impact of identity management systems on counterterrorism efforts; (2) the requirements of transparency and understanding of the underlying models used in either data mining or identity management systems as a necessary prelude to the creation of rules on appropriate access and use; and (3) the need for research in several further areas.
Abstract: A much sought-after political advisor, Dick Morris is also a successful Internet entrepreneur. His popular Web site "vote.com" sponsors informal polls on political issues and hosts discussion of nonpolitical topics such as travel, technology, business, and sports. In Direct Democracy and the Internet, Dick Morris assumes yet another role, that of Internet prophet. His provocative essay demonstrates, however, that even the most politically astute observer faces difficulties in predicting the Internet's impact on the future of American politics. In his essay, as well as in his recently published book vote.com, Morris portrays a dramatically improved post-Internet political landscape, which he develops in three predictions. First, Morris forecasts cheaper elections due to the Internet's influence. Second, he argues that the move of the electoral franchise online will encourage greater voter participation. Third, Morris believes that the general movement of politics from television to the Internet will stimulate an evolution of our system of governance to a more direct form of democracy. In this essay, I examine each of Morris' three predictions in turn and find them contestable. Like Morris, however, I am unable to resist the role of cyberspace seer and throughout this paper speculate on the Internet's likely impact on democratic self-rule in the United States. My conclusions are generally pessimistic. I am skeptical that political use of the Internet in the United States will stimulate cheaper elections or lead to broader-based voter participation. As a normative matter, moreover, I am doubtful as to the glories of greater direct democracy through use of Internet referenda. Finally, I identify one additional point for pessimism, the impact of Internet politics on information privacy. Yet, the Internet, like our political system, is malleable. The question for the future is how we might shape cyberspace and the political process on it to avoid negative and encourage positive results from any move to online politics.
Abstract: Voting Technology and Democracy, 77 N.Y.U. L. Rev. 625 (2002), examines a phenomenon that I term the "voting-technology divide." The "divide" was caused by the deployment of election technology in November 2000 with better and worse levels of feedback to voters. Through an analysis of data from the contested Florida election of November 2000, this article demonstrates the critical importance of feedback in informing voters whether the technology they use to vote will validate their ballots according to their intent -- an advantage I find to have been distributed on unequal terms. In this article, I also examine the various judicial opinions in the litigation following the Florida election and argue that they differed most dramatically in their embrace of competing epistemologies of technology. Finally, I evaluate the ongoing efforts to reform the unequal distribution of voting technology in the United States. Some efforts at litigation and legislation have promise, but in many instances they are stalled, and in many others they exhibit shortcomings that would leave the "voting technology divide" in place for future elections.
Abstract: In Terrorism, Freedom, and Security, Philip B. Heymann undertakes a wide-ranging study of how the United States can - and in his view should - respond to the threat of international terrorism. Heymann makes clear his own policy and legal preferences. First, he firmly rejects the widely used metaphor of the United States engaging in a "war" on terrorism. Second, Heymann advocates the paramount importance of intelligence to identify and disrupt terrorists' plans and to prevent terrorists from attacking their targets. At the same time, however, a heightened reliance on accurate and timely intelligence comes with risks. Heymann is concerned about the creation and consequences of an "intelligence state" in the U.S. In this Review's Part I, we assess the idea of a war on terrorism as policy tool and metaphor. We also examine Heymann's alternative instruments, including diplomacy, intelligence, control over terrorist finances, and law enforcement. As a related topic, we consider the safeguards that Heymann develops for preventing the rise of an American intelligence state. This Review's Part II looks at two additional aspects of Heymann's vision of future uses of intelligence to thwart terrorism. In Part II.A., we describes the contours of data mining, a technique of intelligence analysis that Heymann advocates. Although Heymann notes that data mining is likely to have an adverse effect on privacy, he does not develop detailed safeguards in response. A Pentagon blue ribbon panel, the Technology and Privacy Advisory Committee (TAPAC), has, however, developed a recommended framework for governmental use of data mining techniques, and we assess the TAPAC recommendations. Finally, in this Review's Part II.B., we turn to an important policy discussion related to data mining: how can the USIC better disseminate intelligence within a proposed new intelligence network? We sketch the proposed form of the new intelligence network and analyze four important legal and policy questions that it raises.
Abstract: Consider three questions. How would one decide if there was too much telecommunications surveillance in the United States, or too little? How would one know if law enforcement was using its surveillance capabilities in the most effective fashion? How would one assess the impact of this collection of information on civil liberties?
In answering these questions, a necessary step, the logical first move, would be to examine existing data about governmental surveillance practices and their results. One would also need to examine and understand how the legal system generated these statistics about telecommunications surveillance. Ideally, the information structure would generate data sets that would allow the three questions posed above to be answered. Light might also be shed on other basic issues, such as whether or not the amount of telecommunications surveillance was increasing or decreasing.
Such rational inquiry about telecommunications surveillance is, however, largely precluded by the haphazard and incomplete information that the government collects about it. This Article evaluates the main parts of telecommunications surveillance law and the statistics about their use. The critical statutory regulations are (1) the Wiretap Act, (2) the Pen Register Act, (3) the Stored Communications Act, and, for foreign intelligence, (4) the Foreign Intelligence Surveillance Act, and (5) the different provisions for National Security Letters (NSLs).
Other parts of the surveillance landscape represent an even greater expanse of blank spaces on the legal map. There are a number of "semi-known unknowns" (to coin a phrase); these are kinds of telecommunications surveillance about which only limited public information exists - this surveillance also occurs outside a detailed legal framework.
This Article concludes with the development of the concept of "privacy theater." Currently, the value of the collection of telecommunications statistics is largely ritualistic. It serves to create a myth of oversight. This Article proposes that we go beyond myth and re-dedicate ourselves to the task of creating a telecommunications surveillance law that minimizes the impact of surveillance on civil liberties and maximizes its effectiveness for law enforcement.
Abstract: The publication in 2003 of a long-awaited empirical study of telecommunications surveillance in Germany has opened a window into existing law and practices in that country. Under the sponsorship of the Federal Department of Justice, three researchers at the Max Planck Institute for Foreign and International Criminal Law in Freiburg ("MPI") carried out a detailed examination of relevant German and international developments. The MPI Study of German and international developments in telecommunications surveillance has both weaknesses and strengths. Its weaknesses concern the MPI researchers' reliance on spotty international statistics to reach conclusions about relative amounts of surveillance activity in different countries. More successfully, the MPI researchers trace the similarities and dissimilarities in the regulation of telecommunications surveillance in different countries. To a large extent, this survey indicates a convergence among a core of shared legal approaches: a requirement of judicial approval of surveillance orders; an emergency exception to this requirement; and a use of telecommunications surveillance only as a last resort when other means of law enforcement will not reveal necessary information. Regarding its analysis of Germany, the MPI Study reveals the heavy emphasis of law enforcement agencies on surveillance of mobile telephones. This emphasis is all the more striking due to a relative lack of German law enforcement activity concerning surveillance of e-mail or traditional telephones. The MPI Study proved unable to account for these differences; it also neglected to explore the roots and significance of the disparate rate of surveillance in different German states. Finally, the MPI researchers did explore perhaps the most complex question of all in this area: can one empirically measure the results of telecommunications surveillance?
Abstract: The history of the tax privacy contains a number of surprises. First, the concept of tax privacy has been contested throughout much of the 19th and 20th Century. For a long period, tax returns were considered to be public documents. At times, they were even posted on court room doors or published in newspapers. Nonetheless, voices were also heard for tax privacy and the need for confidentiality of return information. Second, the imposition of a general legal requirement of confidentiality for tax returns and a shift to a statutory regulation of access to tax returns occurred relatively recently in the history of tax law. The change occurred in the Tax Reform Act of 1976. From a historical perspective, the establishment of a concept of tax privacy occurred as part of the enactment of the most important generation of privacy laws in the 1970's. If we move from the past of tax law to the present, tax law looks much like other privacy statutes. The Tax Reform Act of 1976 removed the authority of the President to make rules for release of tax information. Its Section 6103 established a general rule of confidentiality with Congress to set exceptions through this rule by statute. A flood of disclosure exceptions have been enacted since 1976 with requirements based on how difficult Congress thinks it should be for a given party to obtain the tax information for a specific purpose. Disclosure of tax information is now permitted for the purposes such as civil litigation, criminal litigation, child support obligations, and terrorism prevention. Regarding predictions about the future, it is likely that tax privacy as regulated under the Tax Code will be both less and more important in the future. It will be less important because of broad governmental and public access to financial and other information of the kind that taxpayers file. At the same time, one aspect of tax privacy will be more important than before. Threats of data breaches and data leaks make tax return security more significant. For one thing, the IRS increasingly collects tax return information through e-filing. Increasingly, tax returns may also be prepared by U.S. firms that outsource work internationally and send tax information around the globe electronically. Tax preparation software is subject to hacks and virus attacks. Both of these predictions suggest a final point. If we return to the policy arguments for and against tax privacy, there has been a shared assumption of a special status, an exceptional status for tax information. Yet, today, the same information found in tax returns is accessible through other legal statutes. Moreover, tax information in the electronic age is subject to the same vagaries of data security as other data. One can therefore predict that the privacy of tax information will not only be both more and less important in the future. It will also increasingly be subject to the same kind of forces, legal and otherwise, as other personal information.
Abstract: This Essay responds to Stephen Holmes’ Jorde Lecture, which was delivered at Boalt Hall on November 5, 2007. It builds on his model of “public liberty” by discussing how private liberty, and information privacy in particular, is a precondition for public liberty. For Holmes, private liberty is largely a negative right - a right to be free from governmental interference. In contrast, this Essay considers privacy to be an element of public rights. Participation in a democracy requires individuals to have an underlying capacity for self-determination, which requires some personal privacy.
This Essay analyzes a number of Holmesian concepts through the lens of the recent amendment of the Foreign Intelligence Surveillance Act (FISA). In Part I, I describe the background of FISA, the National Security Agency’s (NSA) warrantless surveillance program in violation of this statute, and the amendments to this law in the Protect America Act of 2007, a short term statutory “fix” that has expired, and the FISA Amendments Act of 2008, which remains in effect.
In Part II, I turn to an analysis of the challenges to private and public liberty posed by the NSA’s surveillance. I organize this Part around three topics: (1) past wisdom as codified in law; (2) the impact of secrecy on government behavior; and (3) institutional lessons. As we shall see, a Holmesian search for the wisdom previously collected in law proves quite difficult. FISA regulated some aspects of intelligence gathering and left the intelligence community entirely free to engage in others. Over time, moreover, technological innovations and altered national security concerns transformed the implications of the past policy landscape. As a result, the toughest questions, which concern surveillance of foreign-to-domestic communications, do not receive an easy answer from the past.
Regarding the impact of secrecy on government behavior, the analysis is, at least initially, more straightforward. As Holmes discusses, the Bush administration was adept at keeping secrets not only from the public and other branches of government, but from itself. It is also striking how little Congress knew about NSA activities while amending FISA. The larger lessons, however, prove yet more complicated: strong structural and political factors are likely to limit the involvement of Congress and courts in this area. This Essay concludes by confronting these institutional lessons and evaluating elements of a response that would improve the government’s performance by crafting new informational and deliberative structures for it.
Abstract: A broad coalition, including companies formerly opposed to the enactment of privacy statutes, has now formed behind the idea of a national information privacy law. Among the benefits that proponents attribute to such a law is that it would harmonize the U.S. regulatory approach with that of the European Union (E.U.) and possibly minimize international regulatory conflicts about privacy. This essay argues, however, that it would be a mistake for the United States to enact a comprehensive or omnibus federal privacy law for the private sector that preempts sectoral privacy law. In a sectoral approach, a privacy statute regulates only a specific context of information use.
An omnibus federal privacy law would be a dubious proposition because of its impact on experimentation in federal and state sectoral laws, and the consequences of ossification in the statute itself. In contrast to its skepticism about a federal omnibus statute, this essay views federal sectoral laws as a promising regulatory instrument. The critical question is the optimal nature of a dual federal-state system for information privacy law, and this essay analyzes three aspects of this topic. First, there are general circumstances under which federal sectoral consolidation of state law can bring benefits. Second, the choice between federal ceilings and floors is far from the only preemptive decision that regulators face. Finally, there are second-best solutions that become important should Congress choose to engage in broad sectoral preemption.
Abstract: Genetic science permits, to a previously unimaginable degree, predictions as to the illnesses that a person might confront in the future. At the same time, information technology permits greater transmission, sharing, and storage of personal health care data at ever lower costs on a national and even international basis. Electronic health care records are becoming commonplace in the health care industry. The combination of easy electronic dissemination of highly sensitive data, such as personal genetic information, and use of these data to predict future health risks has already caused significant harm. The critical issue is how the law should structure the use of personal medical data by government and private enterprise alike. Privacy and the Economics of Personal Health Care Information proposes that a strong economic argument can be made in favor of information privacy. In the current marketplace for health care and employment-- and any such markets that we are likely to have in the future-- an economically efficient regulation for health care information requires rules that are tied to and follow these data through various uses. Once identifiable health care information is created, it should remain protected health information that is subject to fair information practices. These norms should take the form of multidimensional standards that create both background terms around which parties can negotiate and a smaller set of mandatory rules that will be binding. Such standards seek both to minimize the costs of contracting in the privacy marketplace and to force the party with superior knowledge about the use of personal information to disgorge it. This Article also develops the essential fair information practices that should be implemented in a federal health care privacy statute.
© 2009 Social Science Electronic Publishing, Inc. All Rights Reserved. Terms of Use Privacy Policy This page was served by apollo3 in 0.187 seconds.
