• Selected
• Entire List

Abstract:
In the spirit of Jurgen Habermas's project of linking sociological observation with legal philosophy, this Article analyses the Internet standards processes - complex nongovernmental international rulemaking discourses. It suggests that the Internet Engineering Task Force (IETF) standards discourse - a small, slightly formalized, set of cooperative procedures that make the other Internet discourses possible - is a concrete example of a rulemaking process that meets Habermas's notoriously demanding procedural conditions for a discourse capable of legitimating its outcomes. As evidence, the Article offers a social and institutional history of the IETF's Internet Standards process; and argues that participants in the IETF are engaged in a very high level of discourse, and are self-consciously documenting it. Identifying a practical discourse that meets Habermas's conditions removes the potentially crushing empirical objection that Habermas's theory of justice is too demanding for real-life application, although it does not prove its truth.

Habermas's work provides a standpoint from which social institutions can be critiqued in the hopes of making them more legitimate and more just. Armed with evidence that Habermasian discourse is achievable, the Article surveys other Internet-based developments that may approach his ideal or, as in the case of the Internet Corporation for Assigned Names and Numbers (ICANN), that already claim a special form of legitimacy. This Article finds most of these other procedures wanting and argues that the existence of even one example of a functioning Habermasian discourse should inspire attempts to make other decisions in as legitimate and participatory a manner as possible.

Habermas seeks not only to define when a rulemaking system can claim legitimacy for its outputs, but also to describe tendencies that affect a modern society's ability to realize his theory. Speaking more as a sociologist than a philosopher, Habermas has also suggested that the forces needed to push public decisionmaking in the directions advocated by his philosophy are likely to come from a re-energized, activist, engaged citizenry working together to create new small-scale communicative institutions that over time either merge into larger ones or at least join forces. Like Habermas's idea of a practical discourse, this may sound fine in theory but is difficult to put into practice. New technology may, however, increase the likelihood of achieving the Habermasian scenario of diverse citizens' groups engaging in practical discourses of their own. Technology may not compel outcomes, but it certainly can make difficult things easier.

A number of new tools such as slash servers, blogs, wiki webs, community filtering tools and e-government initiatives show a potential for enabling not just discourse, but good discourse. While it is far too soon to claim that the widespread diffusion and use of these tools, or their successors, might actualize the best practical discourse in an ever-wider section of society, it is not too soon to hope - and perhaps to install some software.

Abstract:
These proceedings represent the perspectives and views of several experts and participants in the Internet Governance and ICANN process of the late 1990s and early 2000s.

internet, naming, governance, ICANN, DNS

Abstract:
The Internet Corporation for Assigned Names and Numbers (ICANN) is a private non-profit company which, pursuant to contracts with the US government, acts as the de facto regulator for DNS policy. ICANN decides what TLDs will be made available to users, and which registrars will be permitted to offer those TLDs for sale. In this article we focus on a hitherto-neglected implication of ICANN's assertion that it is a private rather than a public actor: its potential liability under the U.S. antitrust laws, and the liability of those who transact with it. ICANN argues that it is not as closely tied to the government as NSI and IANA were in the days before ICANN was created. If this is correct, it seems likely that ICANN will not benefit from the antitrust immunity those actors enjoyed. Some of ICANN's regulatory actions may restrain competition, e.g. its requirement that applicants for new gTLDs demonstrate that their proposals would not enable competitive (alternate) roots and ICANN's preventing certain types of non-price competition among registrars (requiring the UDRP). ICANN's rule adoption process might be characterized as anticompetitive collusion by existing registrars, who are likely not be subject to the Noerr-Pennington lobbying exemption. Whether ICANN has in fact violated the antitrust laws depends on whether it is an antitrust state actor, whether the DNS is an essential facility, and on whether it can shelter under precedents that protect standard-setting bodies. If (as seems likely) a private ICANN and those who petition it are subject to antitrust law, everyone involved in the process needs to review their conduct with an eye towards legal liability. ICANN should act very differently with respect to both the UDRP and the competitive roots if it is to avoid restraining trade.

Abstract:
This book chapter for "Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society" (New York: Oxford University Press, 2009) - a forthcoming comparative examination of approaches to the regulation of anonymity edited by Ian Kerr - discusses the sources of hostility to National ID Cards in common law countries. It traces that hostility in the United States to a romantic vision of free movement and in England to an equally romantic vision of the 'rights of Englishmen'.

Governments in the United Kingdom, United States, Australia, and other countries are responding to perceived security threats by introducing various forms of mandatory or nearly mandatory domestic civilian national identity documents. This chapter argues that these ID cards pose threats to privacy and freedom, especially in countries without strong data protection rules. The threats created by weak data protection in these new identification schemes differ significantly from previous threats, making the romantic vision a poor basis from which to critique (highly flawed) contemporary proposals.

Anonymity, Privacy, Identity, Free Speech

Abstract:
This book chapter for "Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society" (New York: Oxford University Press, 2009) - a forthcoming comparative examination of approaches to the regulation of anonymity edited by Ian Kerr - surveys the patchwork of U.S. laws regulating anonymity and concludes the overall U.S. policy towards anonymity remains primarily situational, largely reactive, and slowly evolving.

Anonymous speech, particularly on political or religious matters, enjoys a privileged position under the U.S. Constitution. Regulation of anonymous speech requires a particularly strong justification to survive judicial review but no form of speech is completely immune from regulation. Anonymity is presumptively disfavored for witnesses, defendants, and jurors during criminal trials; the regulation of anonymity in civil cases is more complex. Plaintiffs demonstrating sufficiently good cause may proceed anonymously; conversely, defendants with legitimate reasons may be able to shield their identities from discovery.

Despite growing public concern about privacy issues, the United States federal government has developed a number of post 9/11 initiatives designed to limit the scope of anonymous behavior and communication. Even so, the background norm that the government should not be able to compel individuals to reveal their identity without real cause retains force. On the other hand, legislatures and regulators seem reluctant to intervene to protect privacy, much less anonymity, from what are seen as market forces. Although the law imposes few if any legal obstacles to the domestic use of privacy-enhancing technology such as encryption it also requires little more than truth in advertising for most privacy destroying technologies.

Anonymity, Privacy, Identity, Constitutional Law, Freedom of Speech, privacy enhancing technology

Abstract:
The Internet relies on an underlying centralized hierarchy built into the domain name system (DNS) to control the routing for the vast majority of Internet traffic. At its heart is a single data file, known as the "root." Control of the root provides singular power in cyberspace.

This Article first describes how the United States government found itself in control of the root. It then describes how, in an attempt to meet concerns that the United States could so dominate an Internet chokepoint, the U.S. Department of Commerce (DoC) summoned into being the Internet Corporation for Assigned Names and Numbers (ICANN), a formally private nonprofit California corporation. DoC then signed contracts with ICANN in order to clothe it with most of the U.S. government's power over the DNS, and convinced other parties to recognize ICANN's authority. ICANN then took regulatory actions that the U.S. Department of Commerce was unable or unwilling to make itself, including the imposition on all registrants of Internet addresses of an idiosyncratic set of arbitration rules and procedures that benefit third-party trademark holders.

Professor Froomkin then argues that the use of ICANN to regulate in the stead of an executive agency violates fundamental values and policies designed to ensure democratic control over the use of government power, and sets a precedent that risks being expanded into other regulatory activities. He argues that DoC's use of ICANN to make rules either violates the APA's requirement for notice and comment in rulemaking and judicial review, or it violates the Constitution's nondelegation doctrine. Professor Froomkin reviews possible alternatives to ICANN, and ultimately proposes a decentralized structure in which the namespace of the DNS is spread out over a transnational group of "policy partners" with DoC.

Abstract:
Increased legal harmonization reinforces the need for a new way to test legal rules. As legal diversity decreases, there are fewer alternate rules to draw from, and thus potentially useful de facto experimentation with alternative rules becomes rarer and more difficult. This article argues that the ability to test legal rules in virtual worlds could help to solve a long-running, and worsening problem in the design of legal rules - the barriers to experimentation caused by an increasing tendency to the harmonization of law. In a world where real world experimentation with legal rules is likely to be useful, but also difficult and expensive, experimentation with legal rules in Virtual Worlds may be a valuable substitute. Large numbers of enthusiastic players in Virtual Worlds could test legal rules in an environment closer to the real world than many of the experiments that behavioral economists run to test economic behavior.

Abstract:
Bottom up governance. Self-organization. These are among the most talismanic virtue-words of modern political discourse. Yet the reality is that in politics, self-organization is rare, being hard to initiate and even harder to sustain. As Oscar Wilde once complained about socialism, it requires too many evenings. Governance as we tend to know it depends primarily on hierarchical institutions, or on close coordination within small groups. True partnerships, conversations among engaged equals, do not seem to scale. Indeed, whether one believes the fundamental problem to be something about the economics of group formation, the iron law of oligarchy, or something in between, experience demonstrates repeatedly that the problem of group self-organization, not to mention self-governance, is all too real both in politics and other walks of life. Enthusiasts of modern communications have not been slow to point out the ways in which the Internet (and the cell phone) change the ways in which all types of groups form and communicate. For example, Internet-based 'social software' drastically lowers the cost of group formation and offers at least the potential of tools that may make group self-governance more practicable.

While this optimism is valuable and may some day be realized, the current reality falls far short of the ideal and seems likely to do so for the foreseeable future. This paper suggests that existing institutions could be harnessed to grow the tools and nurture the conditions that promote self-organization of groups and democratic decentralized self-governance. I identify eight specific governmental policies that could usefully be adopted in any relatively wealthy liberal democracy to promote the formation of groups and assist them once they are formed:

(1) Democratizing access to communication by ensuring that the communications infrastructure is widely deployed, inexpensive, and of suitable quality.

(2) Enact legal reform (if not already in place) to prevent cyber-SLAPP lawsuits.

(3) Apply competition law aggressively to markets for communications technologies in order to ensure that no software or hardware maker can exert control over citizens' means of communication.

(4) Provide reliable data, and act as honest archivist.

(5) Assist those who desire aid (but only them) to fight spam and other forms of discursive sabotage.

(6) Ensure that Meetup-like services are available at low (or no) cost (if demand for these key services proves to be elastic as to price) and subsidize facilitative technologies, such as group decision-making software.

(7) Enact a digital workers rights policy including a component that encourages digital or even physical meetings.

(8) Provide a corps of subsidized online neutrals to settle non-commercial disputes among members of virtual communities.

Abstract:
This paper addresses the legal response to data breaches in the US public sector. Private data held by the government is often the result of legally required disclosures or of participation in formally optional licensing or benefit schemes where the government is as a practical matter the only game in town. These coercive or unbargained-for disclosures impute a heightened moral duty on the part of the government to exercise careful stewardship over private data. But the moral duty to safeguard the data and to deal fully and honestly with the consequences of failing to safeguard them is at best only partly reflected in current state and federal statute law and regulations. The paper begins with an illustrative survey of federal data holdings, known breach cases, and the extent to which the government’s moral duty to safeguard our data is currently instantiated in statute law and, increasingly, in regulation.

I then argue that the government’s duty to safeguard private data has a Constitutional foundation, either free-standing or based in Due Process, at least in cases where the government failed to take reasonable precautions to safeguard the data. This right is separate from any informational privacy rights that constrain the government's ability to acquire personal or corporate information. The key is Chief Justice Rhenquist’s opinion in DeShaney.

Under the DeShaney logic, victims of many governmental privacy breaches should have a claim against states under § 1983. Similar constitutional claims against the federal government would require a Bivens action but this is unlikely to work under current doctrine. As a result, persons injured by federal data breaches will have substantially inferior remedies available to them than will victims of state errors. And even when suing a state, however, the provision of effective remedies may be hampered by arguments based on governmental immunity, and the problem of valuing the harms caused by a breach.

Abstract:
The proposed draft of Article 2B of the Uniform Commercial Code can be thought of as akin to a complex computer software suite which seeks to dominate a market by offering all things to all people. In this article I suggest, however, that Article 2B's electronic contracting rules interoperate poorly with existing digital signature laws, and with some forms of electronic commerce. I also question whether Article 2B is the proper means to enact controversial rules that ordinarily would make consumers liable for fraudulent uses of their digital signatures by third parties. After considering Article 2B's potential interaction with existing digital signature laws, state consumer laws and liability rules, and the practices of Certificate Authorities, I suggest that Article 2B still contains several bugs in its code and is therefore still not ready for adoption.

NOTE: The article relies on the August 1, 1998 draft of 2B.

Abstract:
This article argues that the coming tide of electronic commerce will bring with it unprecedented opportunities for profiling of individual habits. Most consumers may find that their only practicable defense against profiling and data mining is to transact anonymously; as a result, the legal status of anonymous communication will become increasingly important. The article thus discusses the legal status of anonymous speech and anonymous digital cash. It also describes several of the most popular varieties of digital cash, including Mondex and DigiCash, and compares their differing implications for the user's personal privacy.

Abstract:
The article describes the role of "Certification Authorities" (CAs) in the emerging field of electronic commerce. CAs issue certificates to participants in electronic commerce that provide indicia of identity or authority, or supply a transactional timestamp. Several states, including California, Utah, Washington, Florida, Georgia, and New Mexico, have passed ,or are considering, legislation to regulate CAs; the article seeks to inform this process by examining the law applicable to the issuance of digital certificates absent specific legislation. As part of an effort to identify legal problems CAs are likely to engender, the article examines a CA's potential liability if a customer tricks a CA into issuing a false identity credential. Among the issues discussed are the size of the class of foreseeable relying parties and whether the CA produces a "good" or a "service" or a hybrid of the two under Article 2 of the U.C.C. The article concludes with a survey of the major arguments for and against regulation of CAs, and cautions against over-hasty grants of blanket immunity of CAs against liability for their own negligence.