Category Archives: Administrative Law

Faculti Video on ‘Safety as Privacy’ Posted

An outfit called Faculti, which presents as a sort of (anti?-)TED talk for nerdier, more detail-oriented people, recently did an interview with me about Safety as Privacy, a paper (co-authored with Phillip Arencibia & P. Zak Colangelo-Trenner), that should be published soon in the Arizona Law Journal. There’s a near-final version of Safety as Privacy at SSRN.

Faculti published the video interview and you are invited to enjoy it. I probably won’t: I don’t much like to listen to myself, much less watch myself, and I can’t shake the idea that I have an ideal face for radio. But the questions they set me in advance were substantive, and I hope the answers were too.

Here’s the paper’s abstract:

New technologies, such as internet-connected home devices we have come to call the Internet of Things (IoT), connected cars, sensors, drones, internet-connected medical devices, and workplace monitoring of every sort, create privacy gaps that can cause danger to people. In prior work [New technologies, such as internet-connected home devices we have come to call the Internet of Things (IoT), connected cars, sensors, drones, internet-connected medical devices, and workplace monitoring of every sort, create privacy gaps that can cause danger to people. In prior work1, two of us sought to emphasize the deep connection between privacy and safety to lay a foundation for arguing that U.S. administrative agencies with a safety mission can and should make privacy protection one of their goals. This Article builds on that foundation with a detailed look at the safety missions of several agencies. In each case, we argue that the agency has the discretion, if not necessarily the duty, to demand enhanced privacy practices from those within its jurisdiction, and that the agency should make use of that discretion.

Armed with the understanding that privacy is or causes safety, several U.S. agencies tasked with protecting safety could achieve substantial gains to personal privacy under their existing statutory authority. Examples of agencies with untapped potential include the Federal Trade Commission (“FTC”), the Consumer Product Safety Commission (“CPSC”), the Food and Drug Administration (“FDA”), the National Highway Traffic Safety Administration (“NHTSA”), the Federal Aviation Administration (“FAA”), and the Occupational Safety and Health Administration (“OSHA”). Five of these agencies have an explicit duty to protect the public against threats to safety (or against risk of injury) and thus—as we have argued previously—should protect the public’s privacy when the absence of privacy can create a danger. The FTC’s general authority to fight unfair practices in commerce enables it to regulate commercial practices threatening consumer privacy. The FAA’s duty to ensure air safety could extend beyond airworthiness to regulating spying via drones.

The CPSC’s authority to protect against unsafe products authorizes it to regulate products putting consumers’ physical and financial privacy at risk, thus sweeping in many products associated with the IoT. NHTSA’s authority to regulate dangerous practices on the road encompasses authority to require smart car manufacturers to include precautions protecting drivers from misuses of connected car data due to the carmaker’s intention and due to security lapses caused by its inattention. Lastly, OSHA’s authority to require safe work environments encompasses protecting workers from privacy risks that threaten their physical and financial safety on the job.

Arguably, an omnibus federal statute regulating data privacy would be preferable to doubling down on the United States’s notoriously sectoral approach to privacy regulation. Here, however, we say only that until the political stars align for some future omnibus proposal, there is value in exploring methods that are within our current means. It may be only second best, but it is also much easier to implement. Thus, we offer reasonable legal constructions of certain extant federal statutes that would justify more extensive privacy regulation in the name of providing enhanced safety, a regime that we argue would be a substantial improvement over the status quo yet not require any new legislation, just a better understanding of certain agencies’ current powers and authorities. Agencies with suitably capacious safety missions should take the opportunity to regulate to protect relevant aspects of personal privacy without delay.


  1. A. Michael Froomkin & Zak Colangelo, Privacy as Safety, 95 Wash. L. Rev. 141 (2020). []
Posted in Administrative Law, Law: Privacy, Talks & Conferences | Comments Off on Faculti Video on ‘Safety as Privacy’ Posted

Just Uploaded–Big Data: Destroyer of Informed Consent (Final Text)

I’ve just uploaded the final text of Big Data: Destroyer of Informed Consent which is due to appear Real Soon Now in a special joint issue of the Yale Journal of Health Policy, Law, and Ethics and the Yale Journal of Law and Technology. This pre-publication version has everything the final version will have except the correct page numbers. Here’s the abstract:

The ‘Revised Common Rule’ took effect on January 21, 2019, marking the first change since 2005 to the federal regulation that governs human subjects research conducted with federal support or in federally supported institutions. The Common Rule had required informed consent before researchers could collect and use identifiable personal health information. While informed consent is far from perfect, it is and was the gold standard for data collection and use policies; the standard in the old Common Rule served an important function as the exemplar for data collection in other contexts.

Unfortunately, true informed consent seems incompatible with modern analytics and ‘Big Data’. Modern analytics hold out the promise of finding unexpected correlations in data; it follows that neither the researcher nor the subject may know what the data collected will be used to discover. In such cases, traditional informed consent in which the researcher fully and carefully explains study goals to subjects is inherently impossible. In response, the Revised Common Rule introduces a new, and less onerous, form of “broad consent” in which human subjects agree to as varied forms of data use and re-use as researchers’ lawyers can squeeze into a consent form. Broad consent paves the way for using identifiable personal health information in modern analytics. But these gains for users of modern analytics come with side-effects, not least a substantial lowering of the aspirational ceiling for other types of information collection, such as in commercial genomic testing.

Continuing improvements in data science also cause a related problem, in that data thought by experimenters to have been de-identified (and thus subject to more relaxed rules about use and re-use) sometimes proves to be re-identifiable after all. The Revised Common Rule fails to take due account of real re-identification risks, especially when DNA is collected. In particular, the Revised Common Rule contemplates storage and re-use of so-called de-identified biospecimens even though these contain DNA that might be re-identifiable with current or foreseeable technology.

Defenders of these aspects of the Revised Common Rule argue that ‘data saves lives.’ But even if that claim is as applicable as its proponents assert, the effects of the Revised Common Rule will not be limited to publicly funded health sciences, and its effects will be harmful elsewhere.

An earlier version, presented at the Yale symposium which the conference volume memorializes, engendered significant controversy — the polite form of howls of rage in a few cases — from medical professionals looking forward to working with Big Data. Since even the longer final version is shorter, and if only for that reason clearer, than much of what I write I wouldn’t be surprised if the final version causes some fuss too.

Posted in Administrative Law, AI, Science/Medicine, Writings | Comments Off on Just Uploaded–Big Data: Destroyer of Informed Consent (Final Text)

Your AG Scorecard

Trump fired Acting Attorney General Sally Yates this evening–as the President has the right to do–and issued a statement:

The acting Attorney General, Sally Yates, has betrayed the Department of Justice by refusing to enforce a legal order designed to protect the citizens of the United States. This order was approved as to form and legality by the Department of Justice Office of Legal Counsel.

Ms. Yates is an Obama Administration appointee who is weak on borders and very weak on illegal immigration.

It is time to get serious about protecting our country. Calling for tougher vetting for individuals travelling from seven dangerous places is not extreme. It is reasonable and necessary to protect our country.

Tonight, President Trump relieved Ms. Yates of her duties and subsequently named Dana Boente, U.S. Attorney for the Eastern District of Virginia, to serve as Acting Attorney General until Senator Jeff Sessions is finally confirmed by the Senate, where he is being wrongly held up by Democrat senators for strictly political reasons.

“I am honored to serve President Trump in this role until Senator Sessions is confirmed. I will defend and enforce the laws of our country to ensure that our people and our nation are protected,” said Dana Boente, Acting Attorney General.

In appointing Dana Boente, Trump exercised authority under the Federal Vacancies Act Reform Act of 1998, 5 U.S.C. 3345. In so doing, he (quite legally) bypassed the default line of succession otherwise provided for in Executive Order 13762 (Jan. 13, 2017) signed by President Obama, which had the next three people eligible to be acting AG as (a) United States Attorney for the District of Columbia; (b) United States Attorney for the Northern District of Illinois; and (c) United States Attorney for the Central District of California.

Yates had angered Trump by instructing Justice Department lawyers not to defend his executive order banning travel for people from seven Muslim-majority countries. Various parts of the order have already been enjoined by district courts around the country. Presumably the Trump people shopped for someone willing to overturn Sally Yates’s order, and found one: New acting attorney general says he will enforce order.

Dana Boene was sworn in this evening in order to ensure that there would be someone with legal authority to sign foreign surveillance warrants.

[edited shortly after publication for clarity]

Update1: Spencer Ackerman says it is unclear if the new acting attorney general can sign national security surveillance requests.

Update2: Josh Blackman makes two interesting points. First, one might theoretically question whether firing is a qualifying reason under the Vacancies Act that the incumbent is “otherwise unable to perform the functions and duties of the office” and, more significantly, (2) this action might have precedential value if and when Trump fires and replaces Richard Cordray.

Posted in Administrative Law, Immigration, Trump | Comments Off on Your AG Scorecard

Incompetence

Today’s Presidential Executive Order on Reducing Regulation and Controlling Regulatory Costs is the sort of dumb thing we law profs write up for final exams.

Here are key bits:

[Sec 2.] (a) Unless prohibited by law, whenever an executive department or agency (agency) publicly proposes for notice and comment or otherwise promulgates a new regulation, it shall identify at least two existing regulations to be repealed.

(b) For fiscal year 2017, which is in progress, the heads of all agencies are directed that the total incremental cost of all new regulations, including repealed regulations, to be finalized this year shall be no greater than zero, unless otherwise required by law or consistent with advice provided in writing by the Director of the Office of Management and Budget (Director).

(c) In furtherance of the requirement of subsection (a) of this section, any new incremental costs associated with new regulations shall, to the extent permitted by law, be offset by the elimination of existing costs associated with at least two prior regulations. Any agency eliminating existing costs associated with prior regulations under this subsection shall do so in accordance with the Administrative Procedure Act and other applicable law.

[Sec. 3] (c) Unless otherwise required by law, no regulation shall be issued by an agency if it was not included on the most recent version or update of the published Unified Regulatory Agenda as required under Executive Order 12866, as amended, or any successor order, unless the issuance of such regulation was approved in advance in writing by the Director.

Sec. 4. Definition. For purposes of this order the term “regulation” or “rule” means an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or to describe the procedure or practice requirements of an agency, but does not include:

(a) regulations issued with respect to a military, national security, or foreign affairs function of the United States;

(b) regulations related to agency organization, management, or personnel; or

(c) any other category of regulations exempted by the Director.

Spot the issues. (Hints: “Unless prohibited by law” “Unless otherwise required by law”, “Regulation’)

Posted in Administrative Law, Trump | Comments Off on Incompetence

A ‘Reform’ Much Worse than the Problem

I’ve signed a law professors’ letter opposing HR 3010, the so-called “Regulatory Accountability Act of 2011.” Even by DC standards, this bill is unusually bad. The following summary, from Regulatory reform good for multinationals, yet bad for you, isn’t actually as alarmist as it sounds:

However, a thorough reading of the RAA leads to three conclusions. First, the bill will likely to dramatically drive up the cost of almost every rule-making process and budget of a federal agency. Second, federally elected officials will be stripped of their ability to responsibly lead our country. And third, the RAA is a highway to never-ending lawsuits by special interests against the federal government.

The RAA is designed to micromanage every federal agency in its efforts to create rules necessary to carry out legislation passed by Congress.

By doing so, it turns over 60 years of effective regulation promulgation under the Administration Procedures Act into a protracted process that will stretch the time needed for rule-making into decades. Federal agency budgets will need to be expanded by hundreds of billions of dollars to comply with the RAA and perform their usual functions of protecting the public and small businesses from unsafe products and practices.

… the legislation is a corporate lobbyist dream. It appears to have been written by corporate attorneys for corporate attorneys

Posted in Administrative Law | Comments Off on A ‘Reform’ Much Worse than the Problem

This Looks Good

Rachel E. Barkow, Institutional Design And The Policing Of Prosecutors: Lessons From Administrative Law, 61 Stan. L. Rev. 869 (2009).

Federal prosecutors wield enormous power. They have the authority to make charging decisions, enter cooperation agreements, accept pleas, and often dictate sentences or sentencing ranges. There are currently no effective legal checks in place to police the manner in which prosecutors exercise their discretion. As a result, in the current era dominated by pleas instead of trials, federal prosecutors are not merely law enforcers. They are the final adjudicators in the 95% of cases that are not tried before a federal judge or jury. In a government whose hallmark is supposed to be the separation of powers, federal prosecutors are a glaring and dangerous exception. They have the authority to take away liberty, yet they are often the final judges in their own cases. One need not be an expert in separation-of-powers theory to know that combining these powers in a single actor can lead to gross abuses. Indeed, the combination of law enforcement and adjudicative power in a single prosecutor is the most significant design flaw in the federal criminal system. Although scholars have made persuasive cases for greater external controls on prosecutors, these calls for reform are unrealistic in the current political climate. The solution must be sought elsewhere.

This Article looks within the prosecutor’s office itself to identify a viable corrective on prosecutorial overreaching. In particular, by heeding lessons of institutional design from administrative law, this Article considers how federal prosecutors’ offices could be designed to curb abuses of power through separation-of-functions requirements and greater attention to supervision. The problems posed by federal prosecutors’ combination of adjudicative and enforcement functions are the very same issues raised by the administrative state—and the solutions fit equally well in both settings. In both instances, individuals who make investigative and advocacy decisions should be separated from those who make adjudicative decisions, the latter of which should be defined to include some of the most important prosecutorial decisions today, including charging, the acceptance of pleas, and the decision whether or not to file substantial assistance motions. Using this model from administrative law would not only be effective, it would also be more politically viable than the leading alternative proposals for curbing prosecutorial discretion.

Administrative law values are not inevitably good, but they are often good.

Posted in Administrative Law, Law: Criminal Law | Comments Off on This Looks Good