Author: Danielle Citron


An Important Resource for Combating Online Fraud: State Attorneys General

96px-Honor%C3%A9_Daumier_018.jpgThe Center for Democracy and Technology and the Center for American Progress have published a report entitled Online Consumers at Risk and the Role of State Attorneys General. According to the Report, the FTC received over 200,000 Internet-related fraud complaints this year, up from 16,000 in 2006 and 24,000 in 2005. And such numbers may be under-inclusive as consumers often do not know when they are victimized by malware.

The Report argues that state attorneys general need to devote more resources to combating online fraud as state consumer protection laws often offer greater protection to consumers than federal laws. To date, state action against online fraudsters has been limited—for example, in the past three years, state attorney generals have brought only 11 cases against spyware distributors, the same number as the Federal Trade Commission. The Report offers a number of strategies to assist a state attorney general’s office, such as additional training of investigators and prosecutors on how to identify online fraud and abuse, enhanced computer forensic capabilities to trace and catch Internet fraudsters, and expanded partnerships with commercial and public-interest coalitions to fight online fraud. More aggressive action by a state attorney general’s office would combat the notion that online fraud is an easy and cost-free way to make serious money.


E-voting Machine Glitches: Depressingly Reliable

Today’s New York Times blog reports that early voters in West Virginia have found that e-voting machines manufactured by ES&S recorded their votes for Democratic candidates as Republican candidates. For instance, Calvin Thomas of Ripley, West Virginia explained that when he tried to vote for Senator Barack Obama, it registered the vote for Senator John McCain. He noted that his daughter had the same problem. ES&S voting machines in Tennessee reportedly have similar troubles, but in reverse: at least three voters compained that their machine registered votes for McCain as votes for Obama.

Such “vote switching” is a well-known problem and has occurred in prior elections. Indeed, a July 2007 investigative report revealed that 30 to 40 percent of ES&S’s e-voting machines under review changed voters’ selections. And Colorado’s Secretary of State decertified e-voting systems manufactured by ES&S because tests demonstrated that the machines could not accurately count votes. Now we can add another certainty in life aside from death and taxes: e-voting machine glitches.


Skepticism About Fighting Terrorists With Data Mining

According to the New York TImes, the British government is considering setting up a database of all phone, email, and Internet traffic in the country to assist in efforts to fight terrorism and crime. Officials suggested that a database could store all phone numbers dailed, web sites visited, and email addresses contacted by everyone in Britain without storing the content of the phone calls or email messages.

To be sure, such a database would raise serious privacy concerns. But it also provokes a first-order question of whether such databases are even useful in spotting terrorists. The answer to that question appears to be “no.” Recent reports suggest that “data mining is not the silver bullet that that architects of programs such as Total Information Awareness believe them to be.” The National Research Council recently produced a 376-report on data mining, counter-terrorism, and American democracy, which explains that “[a]utomated identification of terrorists through data mining (or any other known methodology) is neither feasible as an objective nor desirable as a goal of technology development efforts.” Although data mining has remarkable success in predicting consumer behavior for advertising and credit card reporting agencies, it has much less success predicting the behavior of terrorists. As ars technica reporter Jon Stokes explains, unlike a computer program’s ability to compare a consumer’s credit history with the history of millions of consumers to predict a person’s likelihood of delinquency, no large dataset of terrorist behavior exists that “can be used to train a data mining application to predict an individual’s intention to commit an act of terror with any degree of confidence.” The NRC report also explains that not only is the training data lacking but the data that the program would be mining has been purposefully corrupted by the terrorists themselves. Terrorists disguise their activities using operational security measures such as code words and encryption, rendering the data that would be mined suspect. In much the same way that credit scores would be worthless if borrowers could manipulate their credit history, data mining for terrorist activities may be a non-starter as terrorists no doubt manipulate the data trails that they leave as they make phone calls and surf the Internet.


The Wild West of Genetic Testing for Consumers

As Deven blogged about yesterday, the Personal Genome Project (PGP) hopes to convince 100,000 people to post their genetic information online in an effort to widen the available data set and expertise for research. (Although the current participants in the study are entrepreneurs in the biomedical industry and academics, 5,000 other individuals have signed on to take part in it). Businesses also are getting into the act, providing information to consumers about possible medical risks encoded in their DNA for as little as $399.

Consumers should note that the emerging market for genetic information is largely unregulated. As this week’s CQ Weekly reports, the FDA usually does not review the tests for approval and has no explicit regulations on what companies can tell consumers about their likelihood of disease. Companies also are not obliged to adhere to the privacy protections of HIPAA because they fall outside the definition of health care providers, even though some say that they follow HIPAA’s privacy guidelines. Federal law prohibiting discrimination on the basis of genetic data applies only to employers and health insurers, not life insurance companies. On the state level, limited protections exist regarding the collection and use of genetic information to consumers purchasing information about their DNA. State laws regulating genetic testing typically do not apply to genetic information providers. Like federal law, they prohibit employers and insurers from discriminating against individuals on the basis of their genetic information. A number of states, however, do require explicit consent for sample storage, or demand the destruction of samples after the purpose of their collection has been achieved. But, on the main, state laws addressing DNA collection and banking activities do not generally apply to companies that sell genetic testing services directly to consumers.

In an article for the New England Journal of Medicine, Patricia Roche and George Annas explain that absent a comprehensive federal law addressing genetic privacy “those who do relinquish their DNA, assuming that they have control over its uses, may discover that they have given it all away.” As Deven warns, consumers signing up for studies or purchasing information about their genetic data may not appreciate the practical and psychological risks of disclosing genetic information, both for themselves and their families. Although Roche and Annas urge individuals to only “utilize testing services that guarantee to destroy the DNA sample on completion of the specified test,” many may not do so as the popularity of the PGP suggests.


Is the Net Impeding Our Intellectual Life (or Something Else)?

Computerkids.jpgRecent books and articles contend that the Internet has made us narcissistic, shallow, and uncreative. See here, here, and here. According to critics, search engines produce easy answers, discouraging independent and critical thinking. They also provide access to bogus information, confirming prejudices and fostering stupidity and extremism. These arguments seemingly build on the work of many thoughtful scholars, such as Neil Postman who authored Amusing Ourselves to Death and Benjamin Barber who wrote Consumed.

In Wired, David Wolman takes this argument to task, characterizing these critics as modern-day Chicken Littles. Just as the telephone did not extinguish letter writing and modern transportation did not ruin community life, the Internet will not stunt intellectual life in the twenty-first century. Wolman argues that digital technologies, in fact, give us more opportunity to become engaged in the world of ideas. Wikipedia and Wiktionary demonstrate a bona fide hunger for learning and accurate information. And irrationality and prejudice cannot be blamed on technology—it was there long before the emergence of the Internet and will remain long after we have moved on to another communications medium.

The Internet’s overall impact on our intellectual life is surely debatable. But recent reports suggest that it is having a positive effect on our family lives, bringing us in closer contact with our loved ones than ever before. As the Washington Post notes today, the Pew Internet and American Life Project released a report, described as the first of its kind, that finds our families lives richer as a result of Information Age technologies. The report notes that 25 percent of adults said that cellphone calls, emails and text messages, and other forms of online communications made their families closer. 60 percent of responding adults said that the technologies had no impact on their family lives, and only 11 percent said the technology had a negative effect. 47 percent of the adults said cellphones and the Internet had improved family communication. Barry Wellman, an author of the report and sociology professor at the University of Toronto, explained that the communication innovations allow families to “know what each other is doing during the day” and does not “cut back on their physical presence with each other.” The findings were based on a nationally representative poll of 2,252 people, which explored technology use and profiled a group of 482 adults with children.


Political Transitions and Agency Rulemaking

According to The New York Times, Attorney General Michael Mukasey has issued new guidelines that allow FBI agents to use intrusive investigative techniques, even if there is no clear reason for suspecting an individual or group of wrongdoing. Under the new rules, agents may engage in lengthy physical surveillance, covertly infiltrate lawful groups (much in the way that the Maryland state police were recently chastised for doing, see this post), and conduct pretext interviews where agents lie about their identities while questioning a subject’s associates and friends based merely on a generalized “threat.” The new rules permit the FBI to use these techniques on people “identified in part by their race or religion and without requiring even minimal evidence of criminal activity.” AG Mukasey promises that these investigations will not violate the Constitution. This “trust us” approach will no doubt provoke concern about further erosions of civil liberties, especially in light of the FBI’s long history of abusing its power to spy on civil rights groups over the ages.

These new rules will no doubt be a part of a flurry of regulatory activity in the final months of the Bush Presidency. Anne Joseph O’Connell has written a terrific article entitled Political Cycles of Rulemaking: An Empirical Portrait of the Modern Administrative State in the Virginia Law Review that highlights the uptick in agency policymaking in the period just before and after Presidential transitions. In a study that is a first of its kind, O’Connell surveyed a database of agency rulemaking from 1983 to 2003 and found that agency rulemaking is not as ossified as has been previously believed, particularly during political transitions. As the end of the Bush Presidency nears and a new Presidential administration approaches, we will likely see more rules like the ones recently adopted by AG Mukasey.


Decisions About Ohio Voters Left to State’s Secretary of State (For Now)

120px-FreedmenVotingInNewOrleans1867.jpgSection 303 of the 2002 Help America Vote Act requires states to verify voter registration applications with government databases like those for driver’s licenses or Social Security cards. Recently, Ohio election officials found that although 200,000 out of the 600,000 applicants did not match the names in Social Security databases, most of the nonmatches involved new voters, not duplicate registrations, whose failure to match resulted from problems with the databases. Republican GOP officials responded to this finding by seeking a temporary restraining order that would require Ohio Secretary of State Jennifer Brunner to provide those names to local election officials who would then insist that the identified voters cast provisional ballots, rather than regular ones, and ask partisan poll workers to challenge their votes on Election Day. On Tuesday, the Sixth Circuit affirmed a district court’s TRO granting the relief sought by GOP officials. But yesterday the Supreme Court, in a per curiam order, reversed the Sixth Circuit, finding that the district court likely lacked jurisdiction in actions to enforce Section 303 of HAVA brought by private litigants. The Court declined to address “whether HAVA is being properly implemented.”

These developments raise a number of important questions. First, can a public actor, such as Attorney General Michael Mukasey, enlist the courts to answer the question of whether Ohio’s Secretary of State correctly implemented HAVA? Orin Kerr at the Volokh Conspiracy thoughtfully suggests that such an actor should not be permitted to do so as the Supreme Court’s per curiam decision follows the logic of Bush v. Gore that “[w]hen elections are close, or a winner must be named in a recount, courts should stay out and let the state election boards function without judicial inteference.” Second, if a court addresses the issue on the merits, does Section 303 of HAVA support the district court’s original TRO? Daniel Tokaji answers in the negative, explaining that HAVA’s matching requirement aimed to accelerate procedures at the polls, somewhat like an E-Z pass lane at highway poll plazas, to allow voters to avoid showing identification if they had already been screened using database checks, not to determine eligibility, deter voter fraud or raise added barriers for voters by forcing some to vote provisionally. Richard Hasen further explains that “any effort to use the list to purge the rolls at this point could vioate the federal provision that prohibits systematic voter removal purges within 90 days of a federal election. Third, are the automated decisions flagging individuals as failing to match Social Security and DMV records reliable? The answer there is unquestionably no. As Wendy Weiser of the Brennan Center for Justice at NYU Law School explains, nonmatches result from faulty information in databases and typographical errors by government officials, not voter ineligibility.

A final concern about voter registration that the Ohio case does not directly raise, but is no less important, is the erroneous removal of voters from the rolls by automated matching programs that cannot distinguish between similar names. As I highlighted in my article Technological Due Process recently published by the Washington University Law Review, data matching systems employ crude algorithms that can lead to mistaken results. Unfortunately, individuals who show up to the polls on November 4 may find their names removed from the voting rolls because their name is similar to someone who is in fact ineligible due to a move, death, or criminal conviction.

Wikimedia Commons Images


Sometimes You Just Cannot Sue

According to BBC News, the suit entitled Ernie Chambers v. God has met its maker. Nebraska state senator Ernie Chambers sued God in federal district court, seeking a permanent injunction to prevent “death, destruction and terrorisation.” The complaint alleged that God had threatened the plaintiff and the people of Nebraska and had inflicted widespread death and destruction “upon millions of the Earth’s inhabitants.” The court dismissed the case on the grounds of insufficient process: because the defendant has no address, legal papers cannot be served. The court apparently rejected the plaintiff’s argument that “since God knows everything, God has notice of the lawsuit.”


Want to See My Rhinoplasty?

120px-Heermann.jpgDoctors are increasingly offering discounts on elective surgeries or free Botox injections in exchange for a patient’s agreement to post videos of the surgery or a before-and-after shot along with an endorsement of the treating physician. You Tube is littered with videos of Lasek surgeries, breast augmentations, and nose jobs. According to The New York Times, patients have taken the discounts on the belief that sharing videos of their transformed eyes or noses tell others nothing about them and thus cannot hurt them. But that assumption is certainly worth rethinking. An employer may be less than thrilled that a Google search of a potential or current employee produces the chronicles of that employee’s plastic surgery. And some suggest that our irises can reveal certain medical conditions, such as hypertension. The grocery store bonus card that tracks the groceries you buy seems quaint by comparison to this trend.


Sentence Reduction: A New Remedy for Prosecutorial Misconduct

Typically, remedies for prosecutorial misconduct are all or nothing–convictions and pleas are reversed or dismissed, on the one hand, or the abusive behavior is viewed as harmless error and nothing is done about it, on the other. But, on September 24, 2008, Judge Bennett in the N.D. of Iowa eschewed this binary choice in United States v. David Dicus, reducing the defendant’s sentence for the prosecutor’s breach of the plea agreement regarding a sentence enhancement instead of viewing a withdrawal of the guilty plea (or specific performance of the breach provision) or no response as the only available options. The court refused to ignore the misconduct, even though the sentencing court did not in fact impose the sentence enhancement, because “it would do nothing to deter prosecutorial misconduct or to give defendants an incentive to raise prosecutorial misconduct claims.” In making the decision to remedy prosecutorial misconduct with a reduction of the defendant’s sentence to the low end of the advisory sentencing guidelines range, the court relied on Sonja Starr’s compelling new piece, Sentence Reduction as a Remedy for Prosecutorial Misconduct (which will be coming out in the Georgetown Law Journal in 2009). Starr’s article is ground-breaking and makes an important contribution to the law development’s in this area. In it, she argues that sentence reduction would be both an effective deterrent to prosecutorial misconduct and an important corrective and expressive remedy.

Read More