Legally Cognizable Manipulation

54 Pages Posted: 18 Aug 2018 Last revised: 9 Jan 2020

See all articles by Ido Kilovaty

Ido Kilovaty

University of Arkansas - School of Law; Yale University - Law School

Date Written: August 1, 2018


Swaths of personal and nonpersonal information collected online about Internet users are increasingly being used in sophisticated ways for online political manipulation. This represents a new trend in the exploitation of data, where instead of pursuing direct financial gain based on the face value of the data, actors engage in data analytics using advanced artificial intelligence technologies that allow them to more easily access individuals’ cognition and future behavior. Although in recent years the concept of online manipulation has received some academic and policy attention, the desirable relationship between cybersecurity law and online manipulation is not yet fully explored. In other words, regulators and courts have yet to realize the importance of linking cybersecurity law to individual autonomy, privacy, and democracy.

This Article provides an account of the desirable relationship between cybersecurity law and other values, such as autonomy, privacy, and democracy, by looking at the phenomenon of online manipulation achieved through psychographic profiling. It argues that the volume, efficacy, and sophistication of present online manipulation techniques pose a considerable and immediate danger to autonomy, privacy, and democracy. Internet actors, political entities, and foreign adversaries carefully study the personality traits and vulnerabilities of Internet users and, increasingly, target each such user with an individually tailored stream of information or misinformation with the intent of exploiting the weaknesses of these individuals. This Article makes a broader argument about cybersecurity law and its narrow focus on identity theft and financial fraud. Primarily, this Article looks at data-breach notification law, a subset of cybersecurity law, as reflective of that limited scope. It argues that data-breach notification law could provide a much-needed backdrop for the challenges presented by online manipulation, while alleviating the sense of lawlessness engulfing current misuses of personal and nonpersonal data. At the heart of this Article is an inquiry into the expansion of dated notions of cybersecurity law.

Presently, cybersecurity law’s narrow approach seeks to remedy materialized harms such as identity theft or fraud. This approach contravenes the purpose of cybersecurity law—to create legal norms protecting the confidentiality, integrity, and availability of computer systems and networks. If cybersecurity law seeks to protect individuals from the externalities of certain cyber risks, it needs to recognize emerging threats targeting computer systems and networks, and subsequently, individual autonomy, privacy, and democracy.

Keywords: cybersecurity law, data breach notification law, Cambridge Analytica, social media, online manipulation, political manipulation, internet law, law and technology, technology law, artificial intelligence

Suggested Citation

Kilovaty, Ido, Legally Cognizable Manipulation (August 1, 2018). Berkeley Technology Law Journal, Vol. 34, No. 2, 2019, Available at SSRN: or

Ido Kilovaty (Contact Author)

University of Arkansas - School of Law ( email )

260 Waterman Hall
Fayetteville, AR 72701
United States

Yale University - Law School ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics