Archives

Stephen Henderson, Government Access to Private Records

By privacylaw | Posted on

Stephen Henderson, Government Access to Private Records

Comment by: Chris Slobogin

PLSC 2009

Workshop draft abstract:

Although there is room for debate regarding whether the rule is truly monolithic, so far as the provider of information is concerned, there is little to no Fourth Amendment protection for information provided to a third party.  But of course there remain significant legal protections for certain types of third-party information.  A good number of states have constitutionally rejected the federal doctrine, and are working out a more protective constitutional jurisprudence.  And all fifty states and the federal government provide statutory restrictions on government access to certain information in the hands of third parties.  So, the question is not whether the law should provide such restriction, but instead when and how it should do so.  These Standards seek to bring needed uniformity and clarity to the law by providing aspirational “best practices” standards regulating government access to private information in the hands of institutional third parties.  Although very significant decisions are still being made, this includes creating a “privacy hierarchy” of third party information, including articulating how to populate that hierarchy, and then assigning restraints to the various types of information.  While “more private” information is obviously generally deserving of greater restriction upon access, there are difficult decisions to be made regarding how best to enable effective investigations: if there is no way to differentiate different stages of law enforcement activity in an administrable manner, then only relatively light restrictions will be possible.  Moreover, given that law enforcement is increasingly creating databases of information it obtains, it is necessary to craft restrictions on the dissemination and use of third party information previously gathered.  The Standards will address these, and possibly other, concerns.

Eric Goldman, Reputational Information: A Research Agenda

By privacylaw | Posted on

Eric Goldman, Reputational Information: A Research Agenda

Comment by: Jens Grossklags

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1754628

Workshop draft abstract:

This paper looks at the supply, demand and regulation of reputational information.  I define “reputational information” as information about an individual or company’s past performance that helps a decision-maker predict the individual or company’s future performance.  Reputational information plays a critical role in marketplaces because it can help reward good producers and punish poor performers.  As a result, any defect in the supply or demand of reputational information can seriously distort the marketplace generally.

My first observation is that consumers know lots of valuable reputational information but that information does not help other consumers make marketplace decisions so long as it remains private information.  Consumers do “communicate” their views through their marketplace decisions (such as continuing as a repeat customer, or switching to a new option), but each individual consumer’s decision is often not readily observable by other consumers, and the rationales for consumer decision-making (such as why the consumer chose one product or competitor over others) is rarely publicly available either.  The marketplace mechanism might improve with better supply of this private information.

My second observation is that many reputational systems exist, but they are regulated quite differently.  For example, compare credit scores, where both supply and demand are heavily regulated, with recommendation letters, which are virtually unregulated.  This heterogeneity of regulatory structures for reputational systems raises some questions.  Why the differences?  Can we use our experiences with one reputational system to craft better regulations of other reputational systems?

Expanding on these two observations, this paper will have four parts.  The first part will inventory the various types of reputational systems and describe their similarities and differences.  The second part will consider supply factors of reputational information, including how financial incentives can stimulate production, how disincentives (such as the threat of legal action for providing negative comments) may suppress supply, the credibility of reputational information (including pay-for-play and how supplying reputational information affect the supplier’s reputation), the role of intermediaries and the role of anonymity.

The third part will consider demand factors of reputational information, including credibility concerns of consumers of reputational information (and how consumers reduce transaction costs by “outsourcing” reputational assessments), privacy concerns and the potential for consumers to misinterpret aggregated reputational information.

The final part will develop policy guidelines for regulatory intervention into the supply and demand of reputational information.  This part will conclude by identifying situations where the heterogeneity of current regulatory structures might be suboptimal.

Kenneth Farrall, Production or Collection? Towards an Alternate Framing of the Problem of Information Privacy

By privacylaw | Posted on

Kenneth Farrall, Production or Collection? Towards an Alternate Framing of the Problem of Information Privacy

Comment by: Colin Bennett

PLSC 2009

Workshop draft abstract:

Bennett (2008) recently demonstrated that for privacy advocates to be effective in resisting the growth of surveillance systems in the 21st century, framing, or the specific language constructs used to articulate a social problem, is a crucial determinant of success or failure. This paper explores the benefits of framing the problem of digital dossiers (Solove, 2004) not in terms of the “collection and use” of personal data, but in terms of their production. Drawing on the theoretical tradition of the “social construction of reality” (Berger & Luckmann, 1966) and Foucault’s (1974) early work on discursive formations, the paper takes the position that personal information does not simply exist “out there” but is always first produced.  Latour & Woolgar (1986), for example, have shown that seemingly objective scientific facts are not discovered but are in fact thoroughly constituted by the material setting of the laboratory. Similarly, the totality of personally identifiable information (PII) comprising an individual dossier is always produced within, and is ultimately contingent upon, specific social, institutional, and technological contexts. Dossier information is not merely an abstract, formless reduction of uncertainty, but an object of discourse with a specific material embodiment — a pattern of ink on parchment or an electromagnetic disturbance on the surface of a metal disk—that may or may not manifest at a specific space-time location.

Using data from government documents, NGO reports, investigative journalism and extant academic research, the paper explores  distinct moments of production within historical and contemporary dossier systems in China and the United States, including the production of paper-based, highly localized “dangan” (dossiers) in mid 80s China and the accelerating production of Suspicious Activity Reports (SARs) within the United States today. Drawing from these and other examples, the paper will identify key factors – legal, economic, technological – driving the production of PII and explore emerging strategies of resistance.

David Flaherty, Reflections on Reform of the Federal Privacy Act

By privacylaw | Posted on

David Flaherty, Reflections on Reform of the Federal Privacy Act

Comment by: Michael Geist

PLSC 2009

Workshop draft abstract:

While the Privacy Act was accurately regarded as a progressive privacy statement in the early 1980s, it must now be considered an outdated Act that no longer properly regulates how federal institutions collect, use, retain and disclose personal information. Reform of the Privacy Act should be made to appeal unanimously to the media, public servants, the political elite, the government of the day, and Members of Parliament. A primary goal of this article is to advance thinking about how to motivate such necessary change and to advance the cause of reform of the Privacy Act on the basis that such analysis and transformation is long overdue. And, in order to have robust implementation of such a reformed law, Parliament also has to mandate a structure for privacy risk management in each federal institution, including, inter alia, the establishment of Chief Privacy Officers, Privacy Impact Assessments, and on-line privacy training.

Mary Fan, Quasi-Privacy and Redemption in a World of Ubiquitous Checking-Up

By privacylaw | Posted on

Mary Fan, Quasi-Privacy and Redemption in a World of Ubiquitous Checking-Up

Comment by: Deven Desai

PLSC 2009

Workshop draft abstract:

The solace of those who stumble or free-fall after making a mistake or enduring misfortune is the ability to remake oneself.  The possibility of remaking oneself is one of the casualties of the rampant and insufficiently regulated proliferation of private-sector databases that ossify and construct identity — and impede recovery and self-remaking after traumas like foreclosure, bankruptcy or lesser mistakes and mishaps such as an long-unpaid or mislaid bill scarring a credit score.  Classically, one who suffered a substantial setback might hope that time and effort would expunge or alter natural memory or a geographical move might permit a fresh start beyond the reach of localized memory.  The difficulty with the proliferation of private-sector databases is that memory is artificially prolonged, bureaucratically ossified, and extended in geographical reach, severely circumscribing the ability to remake or rehabilitate oneself.

This article conceptualizes privacy as protecting the plasticity—in the sense of ability to recover from injury—of identity and personhood and the life consequences that flow from identity.  Our understanding of what privacy entails has been crucially updated for the information age by Dan Solove as more than just safeguard against intrusion on what is secret, but also “the ability to avoid the powerlessness of having others control information” affecting critical life consequences like loans, jobs and licensing, and further humanized by Anita Allen to include protection against perpetually dredging up the past so that one can move forward and rehabilitate. The conception of privacy as self-plasticity builds on these understanding.  The article argues that conceptualized thus, privacy as principle and right requires the regulation of memory in the context of private-sector databases to permit attempts at self-remaking and rehabilitation.  Memory regulation would translate into protections like mandatory expungement of records or circumscribing the geographical scope of database information to permit the possibility of self-remaking and rehabilitation.

Raphael Cohen-Almagor, Net Responsibility in Democracies

By privacylaw | Posted on

Raphael Cohen-Almagor, Net Responsibility in Democracies

Comment by: Christopher Wolf

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1650702

Workshop draft abstract

The Internet’s design and raison d’être are complete freedom, but soon enough people began to exploit the Net’s massive potential to enhance partisan interests, some of which are harmful and anti-social. As can be expected, given that the Internet has been a part of our lives for a relatively short time, the discussions concentrate on the social production, technological, architectural, geographical aspects of the Net. The discussions about the costs and harms of the Internet, and how to address them, are – on the other hand – in their infancy. The transnational nature of the World-Wide-Web and its vast content make regulation very difficult, some say virtually impossible.

In this paper I wish to address the ethical, social and legal problems rooted in technology in response to potential risks on the Internet. The Internet is not the problem. The problem arises where it is utilized to undermine our well-being as autonomous beings living in free societies. This study focuses on articulating possible solutions to specific problems and on providing a framework within which these problems can be addressed and resolved. It strives to suggest an approach informed by the experiences of democratic societies with different norms and legal cultures; one that harnesses the capacities of the public and private sectors in reaching viable, practical solutions.

In the focus of my discussion are the neglected concepts of moral responsibility and of social responsibility, adopting them to the Internet realm. I will discuss and explain the concepts and their implications on people and society. I then address the issue of moral and social responsibilities of Net users (agents), focusing, inter alia, on the tragic story of Megan Meier. Next I move on to discuss the responsibilities of ISPs and web-host companies. Should they take effort to monitor their sites for such information or are they relieved of any responsibility? This is arguably the most intriguing and complex issue of Net responsibility. I argue that ISPs and web-hosting companies should aspire to take responsibility for content, and that they should respect and abide by the laws of the countries in which they operate. The dream of a medium that transcends geographical borders and facilitates unlimited and inexpensive access to consumers without any regulatory restrictions is over.  A case in point is LICRA v. Yahoo! Inc. and Yahoo! France (Tribunal de Grande Instance de Paris, 22 May 2000). Next I turn to the issue of readers’ moral and social responsibilities: Responsibility of people who encounter malicious postings on the Internet, some of which might be damaging and harmful. Should they simply read the postings and move on or do something about it? Then I discuss state responsibility and finally reflect on the responsibility of the international community. I argue for international cooperation to address international concerns.:

 

Anupam Chander, Youthful Indiscretion in an Internet Age

By privacylaw | Posted on

Anupam Chander, Youthful Indiscretion in an Internet Age

Comment by: Ian Kerr

PLSC 2009

Workshop draft abstract:

Youth are allowed mistakes in greater measure than adults.  Today, however, because of the digital medium, youthful exuberance and  experiment, intellectual curiosity, and teenage rebellion may be subject to the prying eyes of authorities, both governmental and private, both contemporaneously and far into the future.  The disciplinary effects of such possible future ramifications may be graver today than ever before. The consequences may be particularly severe for women, given societal practices related to sexuality. What might the law do to protect youthfulness in youth?

Lisa Campbell, Relational Surveillance: Aboriginal experience, scopaethesia and nanotechnology

By privacylaw | Posted on

Lisa Campbell, Relational Surveillance: Aboriginal experience, scopaethesia and nanotechnology

Comment by: Annie Anton

PLSC 2009

Workshop draft abstract:

This article will examine privacy as a collective right, and consider the relevance of anonymity in the public sphere.

It will explore the work of biologists who have done research on the sense of being watched, and in particular experiments that have shown that group behavior is modified when surveillance mechanisms are put in place.

Using the example of Aboriginal groups in Canada, the article will consider who the collection and use of personal information is affecting this population.

The article will analyze developments in technology that are altering the divide between public and private spheres, and focus on two in particular: 1) increasing access to the www via interactive handheld devices, and 2) data collection and creation via molecular computing.

Ryan Calo, People Can Be So Fake: On the Limitations of Privacy and Technology Scholarship

By privacylaw | Posted on

Ryan Calo, People Can Be So Fake: On the Limitations of Privacy and Technology Scholarship

Comment by: Andrea Matwyshyn

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1458637

Workshop draft abstract:

Scholarship around privacy often reacts to and contextualizes advances in technology.  Scholars disagree about whether and how particular technologies implicate privacy, however, and certain technologies with potentially serious ramifications for privacy can avoid scrutiny entirely.

Consider a growing trend in user interface design, that of building “social” interfaces with natural language capabilities and other anthropomorphic signifiers.  An extensive literature in communications and psychology demonstrates that artificial social agents elicit strong subconscious reactions, including the feeling of being observed or evaluated. Adding a social layer to the technologies we use to investigate or navigate the world, or introducing apparent agents into spaces historically reserved for solitude, has important implications for privacy.  These techniques need not entail any collection, processing, or dissemination of information, however, and hence fall outside even the broadest and most meticulous contemporary accounts of privacy harm.

This paper argues for a new master test for privacy invasive technology.  Specifically, I argue that for any given technology, we should look to three interrelated factors: perception of observation, actual observation, and independent consequence.  Dissecting the effects of technology along these three lines will help clarify why, and to what extent, a given technology or technique implicates privacy.  This approach differs from the standard discussion of privacy invasive technology in terms of the collection, processing, and dissemination of information.  It has the advantage of capturing certain conservative intuitions espoused by courts and commentators, such as the view that the mere collection or processing of data by a computer can at most “threaten” privacy, and uncovers situations wherein notice itself triggers a violation.  Yet the approach is not reductionist overall: the proposed test elevates the importance of victim perspective and captures a previously undertheorized category of privacy harm.

Ann Bartow, Virtual Women

By privacylaw | Posted on

Ann Bartow, Virtual Women

Comment by: Danielle Citron

PLSC 2009

Workshop draft abstract:

In most contexts, women are less visible and less present than men in the performing arts, and in any commercial enterprise that exploits creative copyrightable endeavors.  Female creative output commands less attention and less money than the creative works of men, and women are less visible, and receive less compensation than male counterparts when they collaborate in the production of creative works with men. Male writers, male singers, male visual artists, male actors, male directors and producers, male composers, male architects, and other male authors of almost any form of copyrightable work dominate the cultural terrain, and acquire and control a substantial majority of the financial resources that creative works accrue.   This gendered phenomenon is observable in real space, and mirrored in cyberspace. The only exceptions are contexts in which women function as commodities for consumption. This paper will focus on one of them: Online periodicals that chronicle on the lives of celebrities. It will then chart the consequences that the norms created by these periodicals have for all women.