Category: Privacy

0

Surveillance and Our Addiction to Exposure

Bernard Harcourt ExposedBernard Harcourt’s Exposed: Desire and Disobedience in the Digital Age (Harvard University Press 2015) is an indictment of  our contemporary age of surveillance and exposure — what Harcourt calls “the expository society.” Harcourt passionately deconstructs modern technology-infused society and explains its dark implications with an almost poetic eloquence.

Harcourt begins by critiquing the metaphor of George Orwell’s 1984 to describe the ills of our world today.  In my own previous work, I critiqued this metaphor, arguing that Kafka’s The Trial was a more apt metaphor to capture the powerlessness and vulnerability that people experience as government and businesses construct and use “digital dossiers” about their lives.  Harcourt critiques Orwell in a different manner, arguing that Orwell’s dystopian vision is inapt because it is too drab and gray:

No, we do not live in a drab Orwellian world.  We live in a beautiful, colorful, stimulating, digital world that is online, plugged in, wired, and Wi-Fi enabled.  A rich, bright, vibrant world full of passion and jouissance–and by means of which we reveal ourselves and make ourselves virtually transparent to surveillance.  In the end, Orwell’s novel is indeed prescient in many ways, but jarringly off on this one key point.  (pp. 52-53)

City wet-868078_960_720 pixabay b

Orwell’s Vision

City NYC new-117018_960_720 pixabay b

Life Today

Neil Postman Amusing Ourselves to DeathHarcourt notes that the “technologies that end up facilitating surveillance are the very technologies we crave.”  We desire them, but “we have become, slowly but surely, enslaved to them.” (p. 52).

Harcourt’s book reminds me of Neil Postman’s Amusing Ourselves to Death, originally published about 30 years ago — back in 1985.  Postman also critiqued Orwell’s metaphor and argued that Aldous Huxley’s Brave New World was a more apt metaphor to capture the problematic effects new media technologies were having on society.

Read More

0

Symposium on Exposed: Desire and Disobedience in the Digital Age

Frank Pasquale and I are delighted to introduce Professor Bernard Harcourt and the participants of our online symposium on his provocative new book Exposed: Desire and Disobedience in the Digital Age (Harvard University Press 2015).  Here is the description of the book from HUP’s webpage:

Social media compile data on users, retailers mine information on consumers, Internet giants create dossiers of who we know and what we do, and intelligence agencies collect all this plus billions of communications daily. Exploiting our boundless desire to access everything all the time, digital technology is breaking down whatever boundaries still exist between the state, the market, and the private realm. Exposed offers a powerful critique of our new virtual transparence, revealing just how unfree we are becoming and how little we seem to care.

Bernard Harcourt guides us through our new digital landscape, one that makes it so easy for others to monitor, profile, and shape our every desire. We are building what he calls the expository society—a platform for unprecedented levels of exhibition, watching, and influence that is reconfiguring our political relations and reshaping our notions of what it means to be an individual.

We are not scandalized by this. To the contrary: we crave exposure and knowingly surrender our privacy and anonymity in order to tap into social networks and consumer convenience—or we give in ambivalently, despite our reservations. But we have arrived at a moment of reckoning. If we do not wish to be trapped in a steel mesh of wireless digits, we have a responsibility to do whatever we can to resist. Disobedience to a regime that relies on massive data mining can take many forms, from aggressively encrypting personal information to leaking government secrets, but all will require conviction and courage.

We are thrilled to be joined by an amazing group of scholars to discuss this groundbreaking work, including Concurring Opinions co-founder Daniel Solove, Frank Pasquale (the co-organizer of this symposium), Lisa Austin, Ann Bartow, Mary Anne Franks, David Pozen, Olivier Sylvain, and, of course, Bernard Harcourt.   They will be posting throughout the week so check in daily and as always, we encourage you to join the discussion.

0

The 5 Things Every Privacy Lawyer Needs to Know about the FTC: An Interview with Chris Hoofnagle

The Federal Trade Commission (FTC) has become the leading federal agency to regulate privacy and data security. The scope of its power is vast – it covers the majority of commercial activity – and it has been enforcing these issues for decades. An FTC civil investigative demand (CID) will send shivers down the spine of even the largest of companies, as the FTC requires a 20-year period of assessments to settle the score.

To many, the FTC remains opaque and somewhat enigmatic. The reason, ironically, might not be because there is too little information about the FTC but because there is so much. The FTC has been around for 100 years!

In a landmark new book, Professor Chris Hoofnagle of Berkeley Law School synthesizes an enormous volume of information about the FTC and sheds tremendous light on the FTC’s privacy activities. His book is called Federal Trade Commission Privacy Law and Policy (Cambridge University Press, Feb. 2016).

This is a book that all privacy and cybersecurity lawyers should have on their shelves. The book is the most comprehensive scholarly discussion of the FTC’s activities in these areas, and it also delves deep in the FTC’s history and activities in other areas to provide much-needed context to understand how it functions and reasons in privacy and security cases.

Read More

1

The Ultimate Unifying Approach to Complying with All Laws and Regulations

Professor Woodrow Hartzog and I have just published our new article, The Ultimate Unifying Approach to Complying with All Laws and Regulations19 Green Bag 2d 223 (2016)  Our article took years of research and analysis, intensive writing, countless drafts, and endless laboring over every word. But we hope we achieved a monumental breakthrough in the law.  Here’s the abstract:

There are countless laws and regulations that must be complied with, and the task of figuring out what to do to satisfy all of them seems nearly impossible. In this article, Professors Daniel Solove and Woodrow Hartzog develop a unified approach to doing so. This approach (patent pending) was developed over the course of several decades of extensive analysis of every relevant law and regulation.

 

The Emerging Law of Algorithms, Robots, and Predictive Analytics

In 1897, Holmes famously pronounced, “For the rational study of the law the blackletter man may be the man of the present, but the man of the future is the man of statistics and the master of economics.” He could scarcely envision at the time the rise of cost-benefit analysis, and comparative devaluation of legal process and non-economic values, in the administrative state. Nor could he have foreseen the surveillance-driven tools of today’s predictive policing and homeland security apparatus. Nevertheless, I think Holmes’s empiricism and pragmatism still animate dominant legal responses to new technologies. Three conferences this Spring show the importance of “statistics and economics” in future tools of social order, and the fundamental public values that must constrain those tools.

Tyranny of the Algorithm? Predictive Analytics and Human Rights

As the conference call states

Advances in information and communications technology and the “datafication” of broadening fields of human endeavor are generating unparalleled quantities and kinds of data about individual and group behavior, much of which is now being deployed to assess risk by governments worldwide. For example, law enforcement personnel are expected to prevent terrorism through data-informed policing aimed at curbing extremism before it expresses itself as violence. And police are deployed to predicted “hot spots” based on data related to past crime. Judges are turning to data-driven metrics to help them assess the risk that an individual will act violently and should be detained before trial. 


Where some analysts celebrate these developments as advancing “evidence-based” policing and objective decision-making, others decry the discriminatory impact of reliance on data sets tainted by disproportionate policing in communities of color. Still others insist on a bright line between policing for community safety in countries with democratic traditions and credible institutions, and policing for social control in authoritarian settings. The 2016 annual conference will . . . consider the human rights implications of the varied uses of predictive analytics by state actors. As a core part of this endeavor, the conference will examine—and seek to advance—the capacity of human rights practitioners to access, evaluate, and challenge risk assessments made through predictive analytics by governments worldwide. 

This focus on the violence targeted and legitimated by algorithmic tools is a welcome chance to discuss the future of law enforcement. As Dan McQuillan has argued, these “crime-fighting” tools are both logical extensions of extant technologies of ranking, sorting, and evaluating, and raise fundamental challenges to the rule of law: 

According to Agamben, the signature of a state of exception is ‘force-of’; actions that have the force of law even when not of the law. Software is being used to predict which people on parole or probation are most likely to commit murder or other crimes. The algorithms developed by university researchers uses a dataset of 60,000 crimes and some dozens of variables about the individuals to help determine how much supervision the parolees should have. While having discriminatory potential, this algorithm is being invoked within a legal context. 

[T]he steep rise in the rate of drone attacks during the Obama administration has been ascribed to the algorithmic identification of ‘risky subjects’ via the disposition matrix. According to interviews with US national security officials the disposition matrix contains the names of terrorism suspects arrayed against other factors derived from data in ‘a single, continually evolving database in which biographies, locations, known associates and affiliated organizations are all catalogued.’ Seen through the lens of states of exception, we cannot assume that the impact of algorithmic force-of will be constrained because we do not live in a dictatorship. . . .What we need to be alert for, according to Agamben, is not a confusion of legislative and executive powers but separation of law and force of law. . . [P]redictive algorithms increasingly manifest as a force-of which cannot be restrained by invoking privacy or data protection. 

The ultimate logic of the algorithmic state of exception may be a homeland of “smart cities,” and force projection against an external world divided into “kill boxes.” 


We Robot 2016: Conference on Legal and Policy Issues Relating to Robotics

As the “kill box” example suggests above, software is not just an important tool for humans planning interventions. It is also animating features of our environment, ranging from drones to vending machines. Ryan Calo has argued that the increasing role of robotics in our lives merits “systematic changes to law, institutions, and the legal academy,” and has proposed a Federal Robotics Commission. (I hope it gets further than proposals for a Federal Search Commission have so far!)


Calo, Michael Froomkin, and other luminaries of robotics law will be at We Robot 2016 this April at the University of Miami. Panels like “Will #BlackLivesMatter to RoboCop?” and “How to Engage the Public on the Ethics and Governance of Lethal Autonomous Weapons” raise fascinating, difficult issues for the future management of violence, power, and force.


Unlocking the Black Box: The Promise and Limits of Algorithmic Accountability in the Professions


Finally, I want to highlight a conference I am co-organizing with Valerie Belair-Gagnon and Caitlin Petre at the Yale ISP. As Jack Balkin observed in his response to Calo’s “Robotics and the Lessons of Cyberlaw,” technology concerns not only “the relationship of persons to things but rather the social relationships between people that are mediated by things.” Social relationships are also mediated by professionals: doctors and nurses in the medical field, journalists in the media, attorneys in disputes and transactions.


For many techno-utopians, the professions are quaint, an organizational form to be flattened by the rapid advance of software. But if there is anything the examples above (and my book) illustrate, it is the repeated, even disastrous failures of many computational systems to respect basic norms of due process, anti-discrimination, transparency, and accountability. These systems need professional guidance as much as professionals need these systems. We will explore how professionals–both within and outside the technology sector–can contribute to a community of inquiry devoted to accountability as a principle of research, investigation, and action. 


Some may claim that software-driven business and government practices are too complex to regulate. Others will question the value of the professions in responding to this technological change. I hope that the three conferences discussed above will help assuage those concerns, continuing the dialogue started at NYU in 2013 about “accountable algorithms,” and building new communities of inquiry. 


And one final reflection on Holmes: the repetition of “man” in his quote above should not go unremarked. Nicole Dewandre has observed the following regarding modern concerns about life online: 

To some extent, the fears of men in a hyperconnected era reflect all-too-familiar experiences of women. Being objects of surveillance and control, exhausting laboring without rewards and being lost through the holes of the meritocracy net, being constrained in a specular posture of other’s deeds: all these stances have been the fate of women’s lives for centuries, if not millennia. What men fear from the State or from “Big (br)Other”, they have experienced with men. So, welcome to world of women….

Dewandre’s voice complements that of US scholars (like Danielle Citron and Mary Ann Franks) on systematic disadvantages to women posed by opaque or distant technological infrastructure. I think one of the many valuable goals of the conferences above will be to promote truly inclusive technologies, permeable to input from all of society, not just top investors and managers.

X-Posted: Balkinization.

0

Holiday Cheer – Creations for Good

A sister notices that her sister’s monitor for her blood sugar level has a weak alarm and does not work well to wake someone up at night, when the alert is critical. Sister decides maybe she can do something, and she does. Who is this mystery girl? Our own Danielle Citron shared with me (and let me share more) that her daughter, JJ, has been designing a new monitor to help diabetics (which her sister has).

JJ applied to a program to help high schoolers with STEM projects and was paired with folks at Northrup Grumman where she spent a day a month developing her idea. Along the way, JJ had to figure out what alarm noise worked best to wake someone up, program a code to link the monitor and bracelet devices, and then wired them. As her school reports

This year, Citron will continue to test and refine the design, creating the bracelet with the help of a 3D printer. When she’s finished, the bracelet will change color to let the user know immediately if their blood sugar is getting too high or too low. The detailed information from the monitor will also be linked to a smartphone app.

3D printing! Color coding! And JJ seems poised to go into computer science.

Although I am friends with Dani and have met JJ, the real point for me is that a teenager saw a problem and felt she had the room to try and fix it. Then she worked on it. Her success is lovely, but the fact of the chance is downright excellent and puts me in a great holiday mood. Of course, with Danielle as her mom, JJ may have to look forward to law professors wondering about patents, privacy, and data ownership, but those are what a good friend of mine once called “high quality problems.” Well done, JJ.

0

MLAT – Not a Muscle Group Nonetheless Potentially Powerful

MLAT. I encountered this somewhat obscure thing (Mutual Legal Assistance Treaty) when I was in practice and needed to serve someone in Europe. I recall it was a cumbersome process and thinking that I was happy we did not seem to have to use it often (in fact the one time). Today, however, as my colleagues Peter Swire and Justin Hemmings argue in their paper, Stakeholders in Reform of the Global System for Mutual Legal Assistance, the MLAT process is quite important.

In simplest terms, if a criminal investigation in say France needs an email and it is stored in the U.S.A., the French authorities ask the U.S. ones for aid. If the U.S. agency that processes the request agrees there is a legal basis for the request, it and other groups seek a court order. If that is granted, the order would be presented to the company. Once records are obtained, there is further review to ensure “compliance U.S. law.” Then the records would go to France. As Swire and Hemmings note, the process averages 10 months. For a civil case that is long, but for criminal cases that is not workable. And as the authors put it, “the once-unusual need for an MLAT request becomes routine for records that are stored in the cloud and are encrypted in transit.”

Believe it or not, this issue touches on major Internet governance issues. The slowness and the new needs are fueling calls for having the ITU govern the Internet and access to evidence issues (a model according to the paper favored by Russia and others). Simpler but important ideas such as increased calls for data localization also flow from the difficulties the paper identifies. As the paper details, the players–non-U.S. governments, the U.S. government, tech companies, and civil society groups–each have goals and perspectives on the issue.

So for those interested in Internet governance, privacy, law enforcement, and multi-stakeholder processes, the MLAT process and this paper on it offer a great high-level view of the many factors at play in those issues for both a specific topic and larger, related ones as well.

0

A Darn Good Read – Paul Schwartz on Data Processing

Almost twenty-five years ago, Paul Schwartz wrote Data Processing and Government Administration: The Failure of the American Legal Response to the Computer, 43 HASTINGS L.J. 1321 (1991) (pdf), and I must say it is worth a read today. Paul identified the problems with government’s and especially the administrative state’s use of computation to do their duties. As he opened:

Computers are now an integral part of government administration. They put a tremendous amount of personal data in the hands of government officials, who base a wide range of decisions on this information. Yet the attention paid to the government’s use of data processing has not been equal to the potential dangers that this application presents. Personal information, when disclosed to family and friends, helps form the basis of trust; in the hands of strangers, this information can have a corrosive effect on individual autonomy. The human race’s rapid development of computer technology has not been matched by a requisite growth in the ability to control these new machines.

That passage may seem familiar, but recall when it was written and note the next point Paul made:

This Article’s goal is to formulate a constructive response to computer processing of personal data. The destruction of computers is no more an answer to informatization than the destruction of earlier machines would have been an answer to industrialization. Accordingly, this Article seeks to understand the results of the government’s processing of
personal data and to develop appropriate legal principles to guide this application of computer technology.

That goal seems to be missing in some discussions, but I think it is a good one. To be clear, I don’t necessarily agree with some of Paul’s prescriptions. But the point of this post is not about that. I recommend the paper despite disagreeing with some of the ideas. I do so because it helped me with the history of the topic, explained issues, presented a structure and jurisprudence to drill into the topic, offered ways to address them, and pushed me to think more on my views. It is a well-written, worthwhile read both for substance and style.

In short, thank you Professor Schwartz.

0

China, the Internet, and Sovereignty

China’s World Internet Conference is, according to its organizers, about:

“An Interconnected World Shared and Governed by All—Building a Cyberspace Community of Shared Destiny”. This year’s Conference will further facilitate strategic-level discussions on global Internet governance, cyber security, the Internet industry as the engine of economic growth and social development, technological innovation and philosophy of the Internet. It is expected that 1200 leading figures from governments, international organizations, enterprises, science & technology communities, and civil societies all around the world will participate the Conference.

As the Economist points out, “The grand title is misleading: the gathering will not celebrate the joys of a borderless internet but promote “internet sovereignty”, a web made up of sovereign fiefs, gagged by official censors. Political leaders attending are from such bastions of freedom as Russia, Pakistan, Kazakhstan, Kyrgyzstan and Tajikistan.”

One of the great things about being at GA Tech is the community of scholars from a wide range of backgrounds. This year colleagues in Public Policy hired Milton Mueller, a leader in telecommunication and Internet policy. I have known his work for some time, but it has been great getting to hang out and talk with Milton. Not surprising, but Milton has a take on the idea of sovereignty and the Internet. I can’t share it, as it is in the works. But as a teaser, keep your eye out for it.

As a general matter, it seems to me that sovereignty will be a keyword in coming Internet governance debates across all sectors. Whether the term works from a political science perspective or others should be interesting. Thinking of jurisdiction, privacy, surveillance, telecommunication, cyberwar, and intellectual property, I can see sovereignty being asserted, perverted, and converted to serve a range of interests. Revisiting the core international relations theories to be clear about what sovereignty is and should be seems a good project for a law scholar or student as these areas evolve.

A Review of The Black Box Society

I just learned of this very insightful and generous review of my book, by Raizel Liebler:

The Black Box Society: The Secret Algorithms that Control Money and Information (Harvard University Press 2015) is an important book, not only for those interested in privacy and data, but also anyone with larger concerns about the growing tension between transparency and trade secrets, and the deceptiveness of pulling information from the ostensibly objective “Big Data.” . . .

One of the most important aspects of The Black Box Society builds on the work of Siva Vaidhyanathan and others to write about how relying on the algorithms of search impact people’s lives. Through our inability to see how Google, Facebook, Twitter, and other companies display information, it makes it seem like these displays are in some way “objective.” But they are not. Between various stories about blocking pictures of breastfeeding moms, blocking links to competing sites, obscurity sources, and not creating tools to prevent harassment, companies are making choices. As Pasquale puts it: “at what point does a platform have to start taking responsibility for what its algorithms go, and how their results are used? These new technologies affect not only how we are understood, but also how we understand. Shouldn’t we know when they’re working for us, against us, or for unseen interests with undisclosed motives?”

I was honored to be mentioned on the TLF blog–a highly recommended venue! Here’s a list of some other reviews in English (I have yet to compile the ones in other languages, but was very happy to see the French edition get some attention earlier this Fall). And here’s an interesting take on one of those oft-black-boxed systems: Google Maps.