Archives

Ryan Calo, Digital Market Manipulation

By privacylaw | Posted on

Ryan Calo, Digital Market Manipulation

Comment by: Randal Picker

PLSC 2013

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2309703

Abstract:

Jon Hanson and Douglas Kysar coined the term “market manipulation” in 1999 to describe how companies exploit the cognitive limitations of consumers. Everything costs $9.99 because consumers see the price as closer to $9 than $10. Although widely cited by academics, the concept of market manipulation has had only a modest impact on consumer protection law.

This Article demonstrates that the concept of market manipulation is descriptively and theoretically incomplete, and updates the framework for the realities of a marketplace that is mediated by technology. Today’s firms fastidiously study consumers and, increasingly, personalize every aspect of their experience. They can also reach consumers anytime and anywhere, rather than waiting for the consumer to approach the marketplace. These and related trends mean that firms can not only take advantage of a general understanding of cognitive limitations, but can uncover and even trigger consumer frailty at an individual level.

A new theory of digital market manipulation reveals the limits of consumer protection law and exposes concrete economic and privacy harms that regulators will be hard-pressed to ignore. This Article thus both meaningfully advances the behavioral law and economics literature and harnesses that literature to explore and address an impending sea change in the way firms use data to persuade.

Margot E. Kaminski, Real masks and anonymity: Comparing state anti-mask laws to the Doe anonymous online speech standard

By privacylaw | Posted on

Margot E. Kaminski, Real masks and anonymity: Comparing state anti-mask laws to the Doe anonymous online speech standard

Comment by: Ryan Calo

PLSC 2012

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2250054

Workshop draft abstract:

This paper will comprehensively compare treatment of state anti-mask laws to the Doe standard of protection for anonymous online speech.

Numerous states prohibit mask-wearing in public. Many of these laws were enacted as an attempt to regulate Ku Klux Klan activity. Some states criminalize wearing a mask while performing or intending to perform some bad act, while others criminalize mask-wearing more generally, with exceptions for permissible behavior.

The more recent model anti-mask law dates from 1992, three years before the Supreme Court’s decision on anonymous speech on McIntyre v. Ohio. Since McIntyre, a much-discussed line of caselaw has developed concerning the creation of a balancing test for protecting anonymous speech online, in cases such as Dendrite v. Doe and Doe v. Cahill.

This paper will explore the possible compliments and tensions between state punishment of physical mask-wearing on the one hand, and the developing protection of virtual mask-wearing on the other. It will look at the standard statutory exceptions to prohibitions on physical mask-wearing in order to define larger categories of accepted anonymous activity, when mask-wearing has been seen as beneficial and deserving of protection. These categories include private acts such as purchasing pornography or obtaining an abortion, but also include dressing up for entertainment’s sake. The value of the content of a real mask as symbolic speech or self-expression has been underdiscussed in the context of virtual anonymity, in part because it comes up in light of the O’Brien symbolic speech test, which hasn’t been reached in the online context.

This paper will also investigate whether First Amendment arguments can be imported across contexts. For example, the First Amendment right of association features prominently in physical mask-wearing cases, but not in the Doe line of cases. And because many of the mask-wearing laws are categorized as public disorder statutes, this paper will compare the rhetorical treatment of physical mobs with that of perceived virtual mobs, or “cyber-bullying” activity.

While a number of articles on the Doe standard have discussed cases arising from anti-mask laws, none appears to have done an overview comparison of all state anti-mask laws to Doe. This paper will attempt to unite these two directly related fields.

Victoria Groom & M. Ryan Calo, User Experience As A Form Of Privacy Notice: An Experimental Study

By privacylaw | Posted on

Victoria Groom & M. Ryan Calo, User Experience As A Form Of Privacy Notice: An Experimental Study

Comment by: Lauren Willis

PLSC 2011

Published version available here:

Workshop draft abstract:

This study and paper represent a collaboration between a privacy scholar and a PhD in human-computer interaction aimed at testing the efficacy of user experience as a form of privacy notice.  Notice is among the only affirmative requirements websites face with respect to privacy.  Yet few consumers read or understand privacy policies.  Indeed, studies show that the presence of a link labeled “privacy” leads consumers to assume that the website has specific privacy practices that may or may not actually exist.

One alternative to requiring consumers to read lengthy prose or decipher complex symbols is to influence a user’s mental model of the website directly by adjusting the user interface.  Use of particular design elements influences users’ cognitive and affective perceptions of websites and can affect behaviors relevant to privacy.

We intend to present the results of an ongoing, experimental study designed to determine how strategies of “visceral notice” compare to traditional notice.   Drawing on a rich literature in human-computer interaction, social psychology, and cognitive psychology, we examine whether anthropomorphism, formality, self-awareness, and other website features can instill in people a more accurate understanding of information practice than a privacy policy.

Lior Strahilevitz, Reunifying Privacy Law

By privacylaw | Posted on

Lior Strahilevitz, Reunifying Privacy Law

Comment by: Ryan Calo

PLSC 2010

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1615101

Workshop draft abstract:

In 1890 Samuel Warren and Louis Brandies proposed a unified theory of invasion of privacy tort liability.  Over the subsequent decades, information privacy law became increasingly fragmented and decreasingly coherent.  William Prosser’s 1960 article, Privacy, which heavily influenced the Restatement of Torts, endorsed and hastened this trend toward fragmentation, which spread from tort law to the various statutory branches of information privacy law.  This article argues for the reunification of privacy law in two connected ways.  First, Prosser’s fragmented privacy tort should be replaced with a unitary tort for invasion of privacy that looks to the private or public nature of the information, the degree to which a defendant’s conduct violates existing social norms, and the social welfare implications of the defendant’s conduct.  Second, the reunified common law of torts should become the model for judicial interpretation of various other branches of information privacy law, such as the Freedom of Information Act’s privacy provisions, the Privacy Act, and the constitutional right of information privacy.  The Article explains how this can be done and why it is desirable.  Indeed, in its most recent Freedom of Information Act and Privacy Act cases, the United States Supreme Court has suggested that drawing on common law tort principles is the appropriate methodology for interpreting privacy-related federal statutes.

The final section of the article argues that the pending United States Supreme Court case of Nelson v. NASA is an ideal vehicle for pushing the law of information privacy back towards its relatively coherent and unified origins.  Nelson will be the first Supreme Court privacy case in thirty-three years to confront the question of whether the Constitution protects a right to information privacy apart from the Fourth Amendment context.  Because the common law tort cause of action and constitutional action involve similar harms and considerations, it is appropriate to reconcile the presently divergent doctrines, but this could be done in one of two ways.  The most sensible approach to reunification is to conclude, as the Sixth Circuit has, that there is no such thing as a constitutional right to information privacy, and that such rights are appropriately vindicated via tort remedies.  An alternative approach would be to recognize the existence of a constitutional right, as most circuit courts have, but to hold that the elements of a constitutional violation mimic those associated with the reunified privacy tort.

Ryan M. Calo, A Hybrid Conception of Privacy Harm

By privacylaw | Posted on

Ryan M. Calo, A Hybrid Conception of Privacy Harm

Comment by: Siva Vaidhynathan

PLSC 2010

Workshop draft abstract:

What counts as a “privacy harm,” particularly?  Today’s thought leaders offer two popular but widely disparate accounts.  On one view—espoused by Richard Parker, Richard Posner, and many others—a privacy harm must involve the literal unwanted sensing of visual or other information by a human being.  Although in respects attractive, this account could exclude everything from the notorious Panopticon (which works precisely because mere uncertainty of observation modifies behavior) to the bulk of contemporary data-mining.

Another leading view, however, may go too far: Dan Solove’s influential “taxonomy of privacy” admits of sixteen, loosely related subcategories of privacy-implicating conduct.  These are selected on the basis of what practices any of the right sorts of authorities—“laws, cases, constitutions, guidelines, and other sources”—have chosen over the years to associate with the term “privacy.”  Solove’s framework includes Jeremy Bentham’s design, but arguably covers a broad range of activities better described in terms of coercion or nuisance.

This essay proposes a third way to think about privacy harm that incorporates the most promising elements of two influential accounts.  Specifically, the essay argues that privacy harm involves either (1) the unwanted perception of observation or (2) the use of information without the subject’s consent to justify an adverse action.  This approach captures the intuition that privacy is basically about observation, but also embraces the many situations in which no actual observation by a person need occur in order to cause a privacy harm.  The essay then walks through a series of thought experiments to defend its approach from anticipated critiques.

Ryan Calo, People Can Be So Fake: On the Limitations of Privacy and Technology Scholarship

By privacylaw | Posted on

Ryan Calo, People Can Be So Fake: On the Limitations of Privacy and Technology Scholarship

Comment by: Andrea Matwyshyn

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1458637

Workshop draft abstract:

Scholarship around privacy often reacts to and contextualizes advances in technology.  Scholars disagree about whether and how particular technologies implicate privacy, however, and certain technologies with potentially serious ramifications for privacy can avoid scrutiny entirely.

Consider a growing trend in user interface design, that of building “social” interfaces with natural language capabilities and other anthropomorphic signifiers.  An extensive literature in communications and psychology demonstrates that artificial social agents elicit strong subconscious reactions, including the feeling of being observed or evaluated. Adding a social layer to the technologies we use to investigate or navigate the world, or introducing apparent agents into spaces historically reserved for solitude, has important implications for privacy.  These techniques need not entail any collection, processing, or dissemination of information, however, and hence fall outside even the broadest and most meticulous contemporary accounts of privacy harm.

This paper argues for a new master test for privacy invasive technology.  Specifically, I argue that for any given technology, we should look to three interrelated factors: perception of observation, actual observation, and independent consequence.  Dissecting the effects of technology along these three lines will help clarify why, and to what extent, a given technology or technique implicates privacy.  This approach differs from the standard discussion of privacy invasive technology in terms of the collection, processing, and dissemination of information.  It has the advantage of capturing certain conservative intuitions espoused by courts and commentators, such as the view that the mere collection or processing of data by a computer can at most “threaten” privacy, and uncovers situations wherein notice itself triggers a violation.  Yet the approach is not reductionist overall: the proposed test elevates the importance of victim perspective and captures a previously undertheorized category of privacy harm.