Category Archives: Writings

New Privacy Paper Posted

Posted on November 4, 2013 by Michael Froomkin

“PETs Must Be on a Leash”: How U.S. Law (and Industry Practice) Often Undermines and Even Forbids Valuable Privacy Enhancing Technology, forthcoming in the Ohio State Law Journal, just posted to SSRN.

Abstract:

U.S. law puts the onus on the individual to protect his or her own privacy with only a small number of exceptions (e.g. attorney-client privilege). In order to protect privacy, one usually has three possible strategies: to change daily behavior to avoid privacy-destroying cameras or online surveillance; to contract for privacy; or to employ Privacy Enhancing Technologies (PETs) and other privacy-protective technologies. The first two options are very frequently unrealistic in large swaths of modern life. One would thus expect great demand for, and widespread deployment of, PETs and other privacy-protective technologies. But in fact that does not appear to be the case. This paper argues that part of the reason is a set of government and corporate policies which discourage the deployment of privacy technology. This paper describes some of those polices, notably: (1) requiring that communications facilities be wiretap-ready and engage in customer data retention; (2) mandatory identification both online and off; (3) technology-limiting rules; and also (4) various other rules that have anti-privacy side effects.

The paper argues that a government concerned with protecting personal privacy and enhancing user security against ID theft and other fraud should support and advocate for the widespread use of PETs. In fact, however, whatever official policy may be, by its actions the prevailing attitude of the U.S. government amounts to saying that PETs and other privacy protecting technology, must be kept on a leash.

A last-minute update reconsiders the argument in light of the Snowden revelations about the widespread dragnet surveillance conducted by the NSA.

Comments welcome!

Posted in Civil Liberties, Law: Internet Law, Writings | 2 Comments

New Paper on the Regulation of Online Anonymity

Posted on September 18, 2011 by Michael Froomkin

I’ve posted a first draft of my new paper, Lessons Learned Too Well, on SSRN. The paper, which is about the regulation of online anonymity, was written for a conference being held next later this week to celebrate the 10th anniversary of the Oxford Internet Institute, A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society.

I’m the sort of person who prefers to post only more polished drafts — this one has a couple holes I know about and no doubt many I don’t know about too. But the symposium organizers asked us to post our papers on SSRN, and so there it is.

Comments very welcome, either below or in email.

I’m leaving for the UK tomorrow in order to give myself a bit of time to recover from jet lag before it begins, this being my first solo international journey since all my medical excitement. Posting may be light for a few days.

Below I post the introduction, which I thinks gives you some idea of what it’s all about:
Continue reading

Posted in Internet, Law: Internet Law, Law: Privacy, Talks & Conferences, Writings | Comments Off on New Paper on the Regulation of Online Anonymity

Jotwell: The Journal of Things We Like (Lots)

Posted on August 31, 2009 by Michael Froomkin

jotwell.pngA good chunk of my time currently is dedicated to JOTWELL — a new online law journal I dreamed up that I hope will go live in October. Jotwell will be 'The Journal of Things We Like (Lots)' — reviews of recent legal scholarship designed to help people figure out what they should read.

Here's the Jotwell mission statement:

The Journal of Things We Like (Lots)–JOTWELL–invites you to join us in filling a telling gap in legal scholarship by creating a space where legal academics will go to identify, celebrate, and discuss the best new legal scholarship. Currently there are about 350 law reviews in North America, not to mention relevant journals in related disciplines, foreign publications, and new online pre-print services such as SSRN and BePress. Never in legal publishing have so many written so much, and never has it been harder to figure out what to read, both inside and especially outside one’s own specialization. Perhaps if legal academics were more given to writing (and valuing) review essays, this problem would be less serious. But that is not, in the main, our style.

We in the legal academy value originality. We celebrate the new. And, whether we admit it or not, we also value incisiveness. An essay deconstructing, distinguishing, or even dismembering another’s theory is much more likely to be published, not to mention valued, than one which focuses mainly on praising the work of others. Books may be reviewed, but articles are responded to; and any writer of a response understands that his job is to do more than simply agree.

Most of us are able to keep abreast of our fields, but it is increasingly hard to know what we should be reading in related areas. It is nearly impossible to situate oneself in other fields that may be of interest but cannot be the major focus of our attention.

A small number of major law journals once served as the gatekeepers of legitimacy and, in so doing, signaled what was important. To be published in Harvard or Yale or other comparable journals was to enjoy an imprimatur that commanded attention; to read, or at least scan, those journals was due diligence that one was keeping up with developments in legal thinking and theory. The elite journals still have importance – something in Harvard is likely to get it and its author noticed. However, a focus on those few most-cited journals alone was never enough, and it certainly is not adequate today. Great articles appear in relatively obscure places. (And odd things sometimes find their way into major journals.) Plus, legal publishing has been both fragmented and democratized: specialty journals, faculty peer reviewed journals, interdisciplinary journals, all now play important roles in the intellectual ecology.

The Michigan Law Review publishes a useful annual review of new law books, but there’s nothing comparable for legal articles, some of which are almost as long as books (or are future books). Today, new intermediaries, notably subject-oriented legal blogs, provide useful if sometimes erratic notices and observations regarding the very latest scholarship. But there’s still a gap: other than asking the right person, there’s no easy and obvious way to find out what’s new, important, and interesting in most areas of the law.

Jotwell will help fill that gap. We will not be afraid to be laudatory, nor will we give points for scoring them. Rather, we will challenge ourselves and our colleagues to share their wisdom and be generous with their praise. We will be positive without apology.

Tell us what we ought to read!

How It Works

Jotwell will be organized in sections, each reflecting a subject area of legal specialization. Each section, with its own url of the form sectionname.jotwell.com, will be managed by a pair of Section Editors who will have independent editorial control over that section. The Section Editors will also be responsible for selecting a team of ten or more Contributing Editors. Each of these editors will commit to writing at least one Jotwell essay of 500-1000 words per year in which they identify and explain the significance of one or more significant recent works – preferably an article accessible online, but we won’t be doctrinaire about it. Our aim is to have at least one contribution appear in each section on a fixed day every month, although we won’t object to more. Section Editors will also be responsible for approving unsolicited essays for publication. Our initial sections will cover administrative law, constitutional law, corporate law, criminal law, cyberlaw, intellectual property law, the legal profession, and tax law — and we intend to add new sections when there is interest in doing so.

For the legal omnivore, the ‘front page’ at Jotwell.com will contain the first part of every essay appearing elsewhere on the site. Links will take you to the full version in the individual sections. There, articles will be open to comments from readers.

Currently I've gotten a number of subject areas off the ground, with the help of some superb section editors, each of whom is helping recruit additional contributing editors.

  • Administrative Law
    • Paul Verkuil
  • Constitutional Law
    • Patrick Gudridge
  • Corporate Law
    • Caroline Bradley
    • William Wilson Bratton
  • Criminal Law
    • Donna Coker
    • Jonathan Simon
  • Cyberlaw
    • A. Michael Froomkin
    • James Grimmelmann
  • Intellectual Property
    • Pam Samuelson
    • Christopher Sprigman
  • Professional Responsibility
    • John Flood
    • Tanina Rostain
  • Tax
    • Allison Christians
    • George Mundstock

Section and contributing editor will write at least one short review per year; we'll also welcome unsolicited contributions that fit our guidelines (mostly, brevity and praise).

In the long run I hope to have many more, with coverage of at least all the major subject areas. If you'd like to write for Jotwell, or help organize a section of the journal, please let me know by e-mail.

The Jotwell site is still under construction, so although the main graphical outlines are there, there's no actual content, and you should be prepared for some weirdness in the details if you go peek at it now. We're currently doing a last round of testing of the template and the integrated posting system which allows the main page to interact with the various sections, while maintaining each section's editorial independence.

The current plan is to go live in early October and it may go dark for a while before that happens.

If you'd like to be notified of Jotwell's official inauguration, please join the ultra-low-traffic announcement list.









Name:

E-mail:


Posted in Writings | Comments Off on Jotwell: The Journal of Things We Like (Lots)

Government Data Breaches

Posted on August 19, 2009 by Michael Froomkin

I've posted a draft of my latest paper, Government Data Breaches to SSRN.

This paper addresses the legal response to data breaches in the US public sector. Private data held by the government is often the result of legally required disclosures or of participation in formally optional licensing or benefit schemes where the government is as a practical matter the only game in town. These coercive or unbargained-for disclosures impute a heightened moral duty on the part of the government to exercise careful stewardship over private data. But the moral duty to safeguard the data and to deal fully and honestly with the consequences of failing to safeguard them is at best only partly reflected in current state and federal statute law and regulations. The paper begins with an illustrative survey of federal data holdings, known breach cases, and the extent to which the government’s moral duty to safeguard our data is currently instantiated in statute law and, increasingly, in regulation.

I then argue that the government’s duty to safeguard private data has a Constitutional foundation, either free-standing or based in Due Process, at least in cases where the government failed to take reasonable precautions to safeguard the data. This right is separate from any informational privacy rights that constrain the government's ability to acquire personal or corporate information. The key is Chief Justice Rhenquist’s opinion in DeShaney.

Under the DeShaney logic, victims of many governmental privacy breaches should have a claim against states under § 1983. Similar constitutional claims against the federal government would require a Bivens action but this is unlikely to work under current doctrine. As a result, persons injured by federal data breaches will have substantially inferior remedies available to them than will victims of state errors. And even when suing a state, however, the provision of effective remedies may be hampered by arguments based on governmental immunity, and the problem of valuing the harms caused by a breach.

It's forthcoming in the Berkeley Technology Law Journal

Posted in Writings | Comments Off on Government Data Breaches

Motivational Post-Its

Posted on June 22, 2009 by Michael Froomkin

The perfect video while I finish my proofs — which are due tomorrow: DEADLINE post-it stop motion

Via SFDB Viral Video.

Posted in Writings | 1 Comment

Lessons from the Identity Trail Published Today

Posted on April 8, 2009 by Michael Froomkin

ID-trail-med.pngLessons from the Identity Trail (Ian Kerr, Valerie Steeves & Carole Lucock, eds.), a whale of a book, is being published today.

During the past decade, rapid developments in information and communications technology have transformed key social, commercial, and political realities. Within that same time period, working at something less than Internet speed, much of the academic and policy debate arising from these new and emerging technologies has been fragmented. There have been few examples of interdisciplinary dialogue about the importance and impact of anonymity and privacy in a networked society. Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society fills that gap, and examines key questions about anonymity, privacy, and identity in an environment that increasingly automates the collection of personal information and relies upon surveillance to promote private and public sector goals.

This book has been informed by the results of a multi-million dollar research project that has brought together a distinguished array of philosophers, ethicists, feminists, cognitive scientists, lawyers, cryptographers, engineers, policy analysts, government policy makers, and privacy experts. Working collaboratively over a four-year period and participating in an iterative process designed to maximize the potential for interdisciplinary discussion and feedback through a series of workshops and peer review, the authors have integrated crucial public policy themes with the most recent research outcomes.

The book is available for download under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Canada License by chapter. Hard copies are available for purchase at Amazon & at Oxford University Press.

I've got two chapters in it, Identity Cards and Identity Romanticism and Anonymity and the Law in the United States. And I'm very pleased to be in such wonderful company — it was a valuable conference full of interesting people and the materials collected here are going to be of interest to people in many of the cross-cutting fields around the world. And the chapters are (painfully) short.

The full Table of Contents, with links to the online versions of the chapters is below. Some chapters won't be released for a few weeks, so keep an eye on the main site for updates.

Continue reading

Posted in ID Cards and Identification, Law: Constitutional Law, Law: International Law, Writings | 14 Comments