Site Meter

Author: Daniel Solove

0

Introducing the Legal Roundup Project

I’m pleased to announce the launch of our Legal Roundup Project.  The goal of the Legal Roundup Project is for Concurring Opinions to become a central hub where people can learn about the highlights of different fields.

We have invited academics in a variety of fields to post roundups of key scholarship, cases, events, news, and developments in their fields.  Far too often, we can get so immersed in our own fields that we might miss out on useful ideas, debates, developments, cases, and scholarship in other fields.

We have asked participating scholars to focus on the developments and scholarship in their field that would be most relevant and interesting for everyone, not just to write primarily for others in their field.

Over the next few months, we plan to expand the project to cover more fields.  We hope that you will find the Legal Roundup Project to be useful and interesting.

0

Welcome to Ron Collins

Collins-Ron 02I’m delighted to announce that Ron Collins will be posting here on a regular basis.  Ron is the Harold S. Shefelman scholar at the University of Washington Law School and a senior fellow at the Newseum’s First Amendment Center in Washington, D.C. He was a Supreme Court Fellow in 1982-83 under Chief Justice Warren Burger and a law clerk to Oregon Supreme Court Justice Hans Linde. He is the book editor at SCOTUSblog.

Collins is the author, co-author, or editor of several books including: When Money Speaks: The McCutcheon Case, Campaign Financing Laws, and The First Amendment (e-book, Spring, 2014) Ÿ On Dissent: Its Meaning in America (Cambridge, 2013) Ÿ Mania: The Story of the Outraged & Outrageous Lives that Launched a Cultural Revolution (Top-Five Books, 2013) Ÿ Nuance Absolutism: Floyd Abrams & the First Amendment (Carolina Academic Press, 2013) Ÿ We Must not be Afraid to be Free (Oxford, 2011) Ÿ The Fundamental Holmes (Cambridge, 2010) Ÿ The Trials of Lenny Bruce (Sourcebooks, 2002, 2012) Ÿ and  Constitutional Government in America (Carolina Academic Press, 1980). He has authored over 60 scholarly articles including publications in Harvard Law Review Ÿ Stanford Law Review Ÿ Supreme Court Review Ÿ Michigan Law Review Ÿ Texas Law Review Ÿ Duke Law Journal Ÿ and the Southern California Law Review. He has also authored over 250 articles in the popular press including articles in the New York Times Ÿ Washington Post Ÿ Los Angeles Times Ÿ and The Nation.

In 2003, Collins and others successfully petitioned the governor of New York to posthumously pardon Lenny Bruce. In 2010, Collins was a fellow in residence at the Norman Mailer Writers Colony in Provincetown, Massachusetts. In 2011 he received the Supreme Court Fellow’s Administration of Justice award “in recognition of his scholarly and professional achievements in advancing the rule of law.” And in 2012, the American Society of Legal Writers awarded him a Scribes Book Award (bronze) for We Must not be Afraid to be Free.

His areas of interest are First Amendment law, constitutional law, legal history, and jurisprudence.

I
0

4 Points About the Target Breach and Data Security

There seems to be a surge in data security attacks lately. First came news of the Target attack. Then Neiman Marcus. Then the U.S Courts. Then Michael’s. Here are four points to consider about data security:

1. Beware of fraudsters engaging in post-breach fraud.

After the Target breach, fraudsters sent out fake emails purporting to be from Target about the breach and trying to trick people into providing personal data. It can be hard to distinguish the real email from an organization having a data breach from a fake one by fraudsters. People are more likely to fall prey to a phishing scheme because they are anxious and want to take steps to protect themselves. Post-breach trickery is now a growing technique of fraudsters, and people must be educated about it and be on guard.

2. Credit card fraud and identity theft are not the same.

The news media often conflates credit card fraud with identity theft. Although there is one point of overlap, for the most part they are very different. Credit card fraud involving the improper use of credit card data can be stopped when the card is cancelled and replaced. An identity theft differs because it involves the use of personal information such as Social Security number, birth date, and other data that cannot readily be changed. It is thus much harder to stop identity theft. The point of overlap is when an identity thief uses a person’s data to obtain a credit card. But when a credit card is lost or stolen, or when credit card data is leaked or improperly accessed, this is credit card fraud, and not identity theft.

3. Data breaches cause harm.

What’s the harm when data is leaked? This question has confounded courts, which often don’t recognize a harm. If your credit card is just cancelled and replaced, and you don’t pay anything, are you harmed? If your data is leaked, but you don’t suffer from identity theft, are you harmed? I believe that there is a harm. The harm of credit card fraud is that it can take a long time to replace all the credit card information in various accounts. People have card data on file with countless businesses and organizations for automatic charges and other transactions. Replacing all this data can be a major chore. People’s time has a price. That price will vary, but it rarely is zero.

Read More

Surveillance Man 02
0

10 Reasons Why Privacy Matters

Why does privacy matter? Often courts and commentators struggle to articulate why privacy is valuable. They see privacy violations as often slight annoyances. But privacy matters a lot more than that. Here are 10 reasons why privacy matters.

1. Limit on Power

Privacy is a limit on government power, as well as the power of private sector companies. The more someone knows about us, the more power they can have over us. Personal data is used to make very important decisions in our lives. Personal data can be used to affect our reputations; and it can be used to influence our decisions and shape our behavior. It can be used as a tool to exercise control over us. And in the wrong hands, personal data can be used to cause us great harm.

2. Respect for Individuals

Privacy is about respecting individuals. If a person has a reasonable desire to keep something private, it is disrespectful to ignore that person’s wishes without a compelling reason to do so. Of course, the desire for privacy can conflict with important values, so privacy may not always win out in the balance. Sometimes people’s desires for privacy are just brushed aside because of a view that the harm in doing so is trivial. Even if this doesn’t cause major injury, it demonstrates a lack of respect for that person. In a sense it is saying: “I care about my interests, but I don’t care about yours.”

3. Reputation Management

Privacy enables people to manage their reputations. How we are judged by others affects our opportunities, friendships, and overall well-being. Although we can’t have complete control over our reputations, we must have some ability to protect our reputations from being unfairly harmed. Protecting reputation depends on protecting against not only falsehoods but also certain truths. Knowing private details about people’s lives doesn’t necessarily lead to more accurate judgment about people. People judge badly, they judge in haste, they judge out of context, they judge without hearing the whole story, and they judge with hypocrisy. Privacy helps people protect themselves from these troublesome judgments.

Read More

0

NSA Metadata Surveillance and the Fourth Amendment

Phone NSA 01

 

A U.S. District Court recently held that the NSA surveillance of telephone metadata likely violates the Fourth Amendment. The case is Klayman v. Obama.

The NSA surveillance program involves an incredibly broad gathering of metadata about people’s conversations. Metadata doesn’t include the conversations themselves, just data about when and to whom they are made — i.e., not the content of the phone conversations but the phone numbers of the people having the conversations.

The key Fourth Amendment case at issue is Smith v. Maryland, 442 U.S. 745 (1979), which held that a pen register device capturing the phone numbers a person dialed wasn’t protected by the Fourth Amendment partly because the phone company had access to the phone numbers and partly because phone numbers weren’t viewed to be as sensitive as the phone conversations themselves.

The court in Klayman has an interesting view of why Smith v. Maryland is no longer applicable. Essentially, the court argues that the pen register information the government could gather when Smith was decided is much different from the very broad systematic gathering of phone records today.

The Klayman court relies on the U.S. Supreme Court’s fairly recent decision in United States v. Jones, 132 S.Ct. 945 (2012), where five justices in concurrences noted that wide-scale extensive surveillance technologies have different implications than there older more limited counterparts. Jones involved GPS, and the Court there distinguished an earlier case involving a beeper device that tracked a car. In a concurring opinion, Justice Alito wrote that “relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable. But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy. For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.”

I find much merit to the Klayman court’s analysis. I have long argued that Smith was wrongly decided, and not too long ago, I wrote here about why there are strong privacy interests in metadata.

Read More

2

The NSA’s Santa Surveillance Program

I was able to obtain the latest National Security Agency (NSA) memo leaked by Edward Snowden.  I reprint it in full below.

TOP SECRET AND CLASSIFIED

THE NATIONAL SECURITY AGENCY

SANTA SURVEILLANCE PROGRAM (SSP)

 

Intelligence reports have indicated an alarming amount of chatter between citizens of the United States and a foreign organization with unknown whereabouts somewhere near the North Pole.  The organization is led by an elderly bearded cleric with the alias, “Santa.”

We have probable cause to believe that this “Santa” organization is providing material support to terrorist cells in the United States.  On numerous occasions, “Santa” has reportedly entered the country illegally by flying across the border in a stealth aircraft.  He delivers contraband to various enemy combatants who request weapons and other military vehicles and aircraft.

For example, the intercepted letter below is from an enemy combatant by the name of “Johnny Smith”:

NSA Santa 01

Another letter, written by enemy combatant “Mikey Brown” – an alias for Michael Brown – indicates a desire for a weapon of mass destruction called “the Death Star.”   Mikey is now being questioned at an unidentified secure location.

Santa has an army of followers who call themselves “elves” and who train in Santa’s camp.  We fear that these elves are highly radicalized.

Based upon a recent dramatic increase in chatter between the Santa organization and enemy combatants in the U.S., we will initiate a new surveillance program caked the “Santa Surveillance Program” (SSP).

We will monitor all communications by all people everywhere.  For minimization standards, we will limit our surveillance to human beings only and not include other life forms.

The SSP will be ongoing until “Santa” is terminated by a drone attack.

Cross-posted at LinkedIn

11

In Defense of Law Reviews

Criticizing law reviews has been in fashion for quite a while, and in the New York Times there’s a new article with a similar refrain of attacks on law reviews.  In essence, the criticisms boil down to: (1) law reviews should be peer review and articles not selected by law students; (2) many law review articles aren’t cited; (3) practitioners don’t read law review articles.  We’ve heard all these before, and I’m growing very tired of these stale arguments.

Although law reviews are on odd system for publishing, I think that the model is actually not as crazy as it might seem.

1. Is the grass really greener with peer review?

For all their imperfections, students do a fairly decent job. I don’t think that articles in other academic disciplines in the social sciences are any less obscure or are cited more. Peer review is filled with cronyism and with way too much “I don’t like this article because I disagree with it” or “I don’t like this article because I’m not cited enough.”

Although law review editors can get bogged down in silly footnote citation formalities, for the most part, I’ve been pleased with my editing and have received some really excellent editing that has sometimes been more extensive than the editing I’ve received when publishing with academic book publishers.

2. Do we really want to bother with peer review?  Is it still needed in today’s age where there’s no longer a scarcity in publishing opportunities?

Peer review is a “front end” evaluation (prior to publication).  It is designed to determine which scholarship is worthy of publication.  That made sense when there was a scarcity of publishing opportunities.  We wanted good scholarship to be published because being published was something not anyone could do, and it distributed and publicized scholarship.

Today, there isn’t a scarcity of publishing opportunities.  Anyone can publish.  Most articles make it on Westlaw.  Hardly anyone reads the print journals anymore.

Peer review can readily occur on the “back end,” with professors evaluating articles post-publication.

Of course, professors will use law review placement as a proxy rather than read the article and decide its merits for themselves. But this is laziness that professors should blame themselves for. If we want to make things more fair, then professors can be more fair in how they evaluate scholarship and stop using law review placement as a proxy if it isn’t a good proxy.

One reason why professors use law review placement as a proxy is that despite a number of misplaced articles, law review placement isn’t completely random.  It’s not a perfect proxy, but for the most part, the top law reviews publish more articles I that I find to be of quality than lower ranked ones.  Not always, but I don’t need a perfect proxy in today’s age where it is so easy to search for and find scholarship.   It’s a kind of weak proxy that can sometimes be helpful, but it shouldn’t replace making one’s own evaluation.

In the end, if we don’t think law reviews do a good job evaluating scholarship, nothing is stopping us from reading it and deciding for ourselves!

3. Should we be alarmed that so few articles are cited?

Read More

0

The FTC and the New Common Law of Privacy

I recently posted a draft of my new article, The FTC and the New Common Law of Privacy (with Professor Woodrow Hartzog).

One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite more than fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States – more so than nearly any privacy statute and any common law tort.

In this article, we contend that the FTC’s privacy jurisprudence is the functional equivalent to a body of common law, and we examine it as such. The article explores the following issues:

  • Why did the FTC, and not contract law, come to dominate the enforcement of privacy policies?
  • Why, despite more than 15 years of FTC enforcement, have there been hardly any resulting judicial decisions?
  • Why has FTC enforcement had such a profound effect on company behavior given the very small penalties?
  • Can FTC jurisprudence evolve into a comprehensive regulatory regime for privacy?

 

 

The claims we make in this article include:

  • The common view of FTC jurisprudence as thin — as merely enforcing privacy promises — is misguided. The FTC’s privacy jurisprudence is actually quite thick, and it has come to serve as the functional equivalent to a body of common law.
  • The foundations exist in FTC jurisprudence to develop a robust privacy regulatory regime, one that focuses on consumer expectations of privacy, that extends far beyond privacy policies, and that involves substantive rules that exist independently from a company’s privacy representations.

 

You can download the article draft here on SSRN.

0

New Titles from NYU Press

Here are some recent titles from NYU Press:

Those Damned Immigrants: America’s Hysteria over Undocumented Immigration
by Ediberto Román, with a foreword by Michael A. Olivas

Legal Pluralism and Empires, 1500-1850
Edited by Lauren Benton and Richard J. Ross

Hate Thy Neighbor: Move-In Violence and the Persistence of Racial Segregation in American Housing
by Jeannine Bell

Breaking Women: Gender, Race, and the New Politics of Imprisonment
by Jill A. McCorkel

Ghosts of Jim Crow: Ending Racism in Post-Racial America
by F. Michael Higginbotham

The Embattled Constitution
Edited by Norman Dorsen, with Catharine DeJulio

Disabled Education: A Critical Analysis of the Individuals with Disabilities Education Act
by Ruth Colker

Please check out the above books. You can propose a review of one of these books or another recent title not on the list. We’re aiming for reviews between 500 – 1500 words, ideally about 1000 words. Please email your proposals to me.

0

What Is Personally Identifiable Information (PII)? Finding Common Ground in the EU and US

This post was co-authored by Professor Paul Schwartz.

We recently released a draft of our new essay, Reconciling Personal Information in the European Union and the United States, and we want to highlight some of its main points here.

The privacy law of the United States (US) and European Union (EU) differs in many fundamental ways, greatly complicating commerce between the US and EU.  At the broadest level, US privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions.  In the EU, privacy is hailed as a fundamental right that trumps other interests.  The result is that EU privacy protections are much more restrictive on the use and transfer of personal data than US privacy law.

Numerous attempts have been made to bridge the gap between US and EU privacy law, but a very large initial hurdle stands in the way.  The two bodies of law can’t even agree on the scope of protection let alone the substance of the protections.  The scope of protection of privacy laws turns on the definition of “personally identifiable information” (PII).  If there is PII, privacy laws apply.  If PII is absent, privacy laws do not apply.

In the US, the law provides multiple definitions of PII, most focusing on whether the information pertains to an identified person.  In contrast, in the EU, there is a single definition of personal data to encompass all information identifiable to a person.  Even if the data alone cannot be linked to a specific individual, if it is reasonably possible to use the data in combination with other information to identify a person, then the data is PII.

In our essay, Reconciling Personal Information in the European Union and the United States, we argue that both the US and EU approaches to defining PII are flawed.  We also contend that a tiered approach to the concept of PII can bridge the differences between the US and EU approaches.

Read More