Category Archives: Writings

New Paper: “Safety as Privacy”

Posted on January 30, 2022 by Michael Froomkin

Three or four years ago I sat down to write a paper about how, even without any new privacy legislation, there was a lot that U.S. administrative agencies could do under existing powers to enhance personal privacy if they were so minded. As I started writing the introduction to that piece, I went looking for a citation for a proposition that I thought was obvious, and that many other people also take for granted: that often privacy enhances safety. To my amazement, I couldn’t find a clear statement of the proposition anywhere, although there were plenty of people willing to explain why they thought anonymity made people unsafe, as it let the bad guys toil in the darkness. Which is undoubtedly true sometimes, but far from the whole story.

So, back then, instead of writing the paper I wanted to write, I wrote what I thought of as the prequel, which became Privacy as Safety, 95 Wash. L. Rev. 141 (2020), (with Zak Colangelo).

Now, finally, I, along with co-authors Phillip Arencibia and P. Zak Colangelo-Trenner, have a draft of the paper I originally wanted to write. We’ve just put it up on SSRN as Safety as Privacy.

Here’s the abstract:

New technologies, such as internet-connected home devices we have come to call ‘the Internet of Things (IoT)’, connected cars, sensors, drones, internet-connected medical devices, and workplace monitoring of every sort, create privacy gaps that can cause danger to people. In Privacy as Safety, 95 Wash. L. Rev. 141 (2020), two of us sought to emphasize the deep connection between privacy and safety, in order to lay a foundation for arguing that U.S. administrative agencies with a safety mission can and should make privacy protection one of their goals. This article builds on that foundation with a detailed look at the safety missions of several agencies. In each case, we argue that the agency has the discretion, if not necessarily the duty, to demand enhanced privacy practices from those within its jurisdiction, and that the agency should make use of that discretion.

This is the first article in the legal literature to identify the substantial gains to personal privacy that several U.S. agencies tasked with protecting safety could achieve under their existing statutory authority. Examples of agencies with untapped potential include the Federal Trade Commission (FTC), the Consumer Product Safety Commission (CPSC), the Food and Drug Administration (FDA), the National Highway Traffic Safety Administration (NHTSA), the Federal Aviation Administration (FAA), and the Occupational Safety and Health Administration (OSHA). Five of these agencies have an explicit duty to protect the public against threats to safety (or against risk of injury) and thus – as we have argued previously – should protect the public’s privacy when the absence of privacy can create a danger. The FTC’s general authority to fight unfair practices in commerce enables it to regulate commercial practices threatening consumer privacy. The FAA’s duty to ensure air safety could extend beyond airworthiness to regulating spying via drones. The CPSC’s authority to protect against unsafe products authorizes it to regulate products putting consumers’ physical and financial privacy at risk, thus sweeping in many products associated with the IoT. NHTSA’s authority to regulate dangerous practices on the road encompasses authority to require smart car manufacturers include precautions protecting drivers from misuses of connected car data due to the car-maker’s intention and due to security lapses caused by its inattention. Lastly, OSHA’s authority to require safe work environments encompasses protecting workers from privacy risks that threaten their physical and financial safety on the job.

Arguably an omnibus, federal statute regulating data privacy would be preferable to doubling down on the U.S.’s notoriously sectoral approach to privacy regulation. Here, however, we say only that until the political stars align for some future omnibus proposal, there is value in exploring methods that are within our current means. It may be only second best, but it is also much easier to implement. Thus, we offer reasonable legal constructions of certain extant federal statutes that would justify more extensive privacy regulation in the name of providing enhanced safety, a regime that would we argue would be a substantial improvement over the status quo yet not require any new legislation, just a better understanding of certain agencies’ current powers and authorities. Agencies with suitably capacious safety missions should take the opportunity to regulate to protect relevant personal privacy without delay.

And here’s the table of contents:

It’s just a draft so comments (and offers to publish in a law review) are welcome!

Posted in Law: Privacy, Writings | Comments Off on New Paper: “Safety as Privacy”

Revised Draft of ‘Fixing the Senate’

Posted on August 3, 2021 by Michael Froomkin

We’ve posted a revised draft of Fixing the Senate: A User’s Guide to SSRN. Comments are welcomed.

Here, again, is the abstract:

The Senate is the most undemocratic part of the U.S. Constitution – worse even than the Electoral College, although the two are related, and some versions of fixing the Senate would ameliorate the Electoral College also. Unfortunately, each state’s “equal Suffrage” in the Senate is protected by a unique constitutional entrenchment clause. The Entrenchment Clause creates a genuine bar to reform, but that bar is not insurmountable. We argue first that the constitutional proscription on abolishing the Senate has been overstated, but that in any case there are constitutional reform options that range from abolishing the Senate to various degrees of disempowering it. We then argue that there are several promising reforms that could move in the direction of democratizing the Senate without constitutional amendment. In particular: admitting new states, breaking up the largest states, and a new Constitutional Convention. This paper canvasses benefits, costs, effectiveness, and likely feasibility of each of these methods by which one might seek to make the Senate more representative despite the entrenchment clause. Several of the proposals create an opportunity for Supreme Court review and perhaps obstruction, raising questions about the relationship between Senate reform and Supreme Court reform.

Posted in Writings | 14 Comments

Draft of Virtual Law School, 2.0 Now at SSRN

Posted on November 25, 2020 by Michael Froomkin

I recently uploaded a draft of my paper The Virtual Law School, 2.0 to SSRN. (It will need a little updating in light of the development of vaccines for COVID.) Here’s the abstract and table of contents:

Just over twenty years ago I gave a talk to the AALS called The Virtual Law School? Or, How the Internet Will De-skill the Professoriate, and Turn Your Law School Into a Conference Center. I came to the subject because I had been working on Internet law, learning about virtual worlds and e-commerce, and about the power of one-to-many communications. It seemed to me that a lot of what I had learned applied to education in general and to legal education in particular.

It didn’t happen. Or at least, it has not happened yet. In this essay I want to revisit my predictions from twenty years ago in order to see why so little has changed (so far). The massive convulsion now being forced on law teaching due to the social distancing required to prevent COVID-19 transmission presents an occasion in which we are all forced to rethink how we deliver law teaching. After discussing why my predictions failed to manifest before 2020, I will argue that unless this pandemic is brought under control quickly, the market for legal education may force some radical changes on us—whether we like it or not, and that in the main my earlier predictions were not wrong, just premature.

    1.  That Was Then (Virtual Law School 1.0)
    2.  Why We Do Not Have Serious Virtual Law Schools (Yet)
      1. ABA Rules
      2. Bad Software
      3. Concerns About Bad Pedagogy and Lost Opportunities for Skills Training and Networking
      4. Reputational and Branding Concerns
      5. Bad Economics
    3. Law Teaching in a Time of COVID
      1. The Old is New Again
      2. Spring’s Scrambling: Opening the Door to Online Learning
        1. ABA (and ICE) Actions
        2. Law School Actions
        3. Student and Other Reactions
      3. The Longer Term: Teaching in the ‘New Normal’
        1. COVID-19 Scenarios
        2. What the Scenarios Mean for the Virtual Law School
    4. Conclusion: Winners and Losers, 2.0

This a true draft, not a finished product, and I would very much welcome any comments readers might have.

Posted in Writings | 17 Comments

Something Cheerful

Posted on April 10, 2020 by Michael Froomkin

I was very happy to learn that Larry Solumn — a one-man Jotwell — has blogged my latest article, Privacy as Safety (written with Zak Colangelo), and tagged it “highly recommended.”

Thank you Larry!

Posted in Writings | Comments Off on Something Cheerful

New Article: Privacy as Safety

Posted on March 17, 2020 by Michael Froomkin

Fresh up on SSRN, a pre-publication draft text of Privacy as Safety, co-authored with Zak Colangelo and forthcoming in the Washington Law Review.  Here’s the abstract and TOC:

The idea that privacy makes you safer is unjustly neglected: public officials emphasize the dangers of privacy while contemporary privacy theorists acknowledge that privacy may have safety implications but hardly dwell on the point. We argue that this lack of emphasis is a substantive and strategic error, and seek to rectify it. This refocusing is particularly timely given the proliferation of new and invasive technologies for the home and for consumer use more generally, not to mention surveillance technologies such as so-called smart cities.

Indeed, we argue—perhaps for the first time in modern conversations about privacy—that in many cases privacy is safety, and that, in practice, United States law already recognizes this fact. Although the connection rarely figures in contemporary conversations about privacy, the relationship is implicitly recognized in a substantial but diverse body of U.S. law that protects privacy as a direct means of protecting safety. As evidence we offer a survey of the ways in which U.S. law already recognizes that privacy is safety, or at least that privacy enhances safety. Following modern reformulations of Alan Westin’s four zones of privacy, we explore the safety-enhancing privacy protections within the personal, intimate, semi-private, and public zones of life, and find examples in each zone, although cases in which privacy protects physical safety seem particularly frequent. We close by noting that new technologies such as the Internet of Things and connected cars create privacy gaps that can endanger their users’ safety, suggesting the need for new safety-enhancing privacy rules in these areas.

By emphasizing the deep connection between privacy and safety, we seek to lay a foundation for planned future work arguing that U.S. administrative agencies with a safety mission should make privacy protection one of their goals.


Enjoy!

Posted in Law: Privacy, Writings | 1 Comment

Just Uploaded–Big Data: Destroyer of Informed Consent (Final Text)

Posted on November 4, 2019 by Michael Froomkin

I’ve just uploaded the final text of Big Data: Destroyer of Informed Consent which is due to appear Real Soon Now in a special joint issue of the Yale Journal of Health Policy, Law, and Ethics and the Yale Journal of Law and Technology. This pre-publication version has everything the final version will have except the correct page numbers. Here’s the abstract:

The ‘Revised Common Rule’ took effect on January 21, 2019, marking the first change since 2005 to the federal regulation that governs human subjects research conducted with federal support or in federally supported institutions. The Common Rule had required informed consent before researchers could collect and use identifiable personal health information. While informed consent is far from perfect, it is and was the gold standard for data collection and use policies; the standard in the old Common Rule served an important function as the exemplar for data collection in other contexts.

Unfortunately, true informed consent seems incompatible with modern analytics and ‘Big Data’. Modern analytics hold out the promise of finding unexpected correlations in data; it follows that neither the researcher nor the subject may know what the data collected will be used to discover. In such cases, traditional informed consent in which the researcher fully and carefully explains study goals to subjects is inherently impossible. In response, the Revised Common Rule introduces a new, and less onerous, form of “broad consent” in which human subjects agree to as varied forms of data use and re-use as researchers’ lawyers can squeeze into a consent form. Broad consent paves the way for using identifiable personal health information in modern analytics. But these gains for users of modern analytics come with side-effects, not least a substantial lowering of the aspirational ceiling for other types of information collection, such as in commercial genomic testing.

Continuing improvements in data science also cause a related problem, in that data thought by experimenters to have been de-identified (and thus subject to more relaxed rules about use and re-use) sometimes proves to be re-identifiable after all. The Revised Common Rule fails to take due account of real re-identification risks, especially when DNA is collected. In particular, the Revised Common Rule contemplates storage and re-use of so-called de-identified biospecimens even though these contain DNA that might be re-identifiable with current or foreseeable technology.

Defenders of these aspects of the Revised Common Rule argue that ‘data saves lives.’ But even if that claim is as applicable as its proponents assert, the effects of the Revised Common Rule will not be limited to publicly funded health sciences, and its effects will be harmful elsewhere.

An earlier version, presented at the Yale symposium which the conference volume memorializes, engendered significant controversy — the polite form of howls of rage in a few cases — from medical professionals looking forward to working with Big Data. Since even the longer final version is shorter, and if only for that reason clearer, than much of what I write I wouldn’t be surprised if the final version causes some fuss too.

Posted in Administrative Law, AI, Science/Medicine, Writings | Comments Off on Just Uploaded–Big Data: Destroyer of Informed Consent (Final Text)