Research Programs
More
What are you looking for?
Showing 9 of 184 Publications in Data Security & Privacy
TOTM “Data is the new oil,” said Jaron Lanier in a recent op-ed for The New York Times. Lanier’s use of this metaphor is only the latest instance of what has become the dumbest meme in tech policy.
“Data is the new oil,” said Jaron Lanier in a recent op-ed for The New York Times. Lanier’s use of this metaphor is only the latest instance of what has become the dumbest meme in tech policy. As the digital economy becomes more prominent in our lives, it is not unreasonable to seek to understand one of its most important inputs. But this analogy to the physical economy is fundamentally flawed. Worse, introducing regulations premised upon faulty assumptions like this will likely do far more harm than good.
Read the full piece here.
TOTM Despite its tone and ominous presentation style, The Great Hack fails to muster any support for its extreme claims. The truth is much more mundane: the Facebook-Cambridge Analytica data scandal was neither a “hack” nor was it “great” in historical importance.
This excerpt from the beginning of Netflix’s The Great Hack shows the goal of the documentary: to provide one easy explanation for Brexit and the election of Trump, two of the most surprising electoral outcomes in recent history.
TOTM In a remarkable ruling issued earlier this month, the Third Circuit Court of Appeals held in Oberdorf v. Amazon that, under Pennsylvania products liability law, Amazon could be found liable for a third party vendor’s sale of a defective product via Amazon Marketplace.
In a remarkable ruling issued earlier this month, the Third Circuit Court of Appeals held in Oberdorf v. Amazon that, under Pennsylvania products liability law, Amazon could be found liable for a third party vendor’s sale of a defective product via Amazon Marketplace. This ruling comes in the context of Section 230 of the Communications Decency Act, which is broadly understood as immunizing platforms against liability for harmful conduct posted to their platforms by third parties (Section 230 purists may object to myu use of “platform” as approximation for the statute’s term of “interactive computer services”; I address this concern by acknowledging it with this parenthetical). This immunity has long been a bedrock principle of Internet law; it has also long been controversial; and those controversies are very much at the fore of discussion today.
TOTM Despite the simplistic narrative tying President Trump’s vision of the world to conservatism, there is nothing conservative about his views on the First Amendment and how it applies to social media companies.
Yesterday was President Trump’s big “Social Media Summit” where he got together with a number of right-wing firebrands to decry the power of Big Tech to censor conservatives online. According to the Wall Street Journal…
TOTM This morning a diverse group of more than 75 academics, scholars, and civil society organizations — including ICLE and several of its academic affiliates — published a set of seven “Principles for Lawmakers” on liability for user-generated content online, aimed at guiding discussions around potential amendments to Section 230 of the Communications Decency Act of 1996.
This morning a diverse group of more than 75 academics, scholars, and civil society organizations — including ICLE and several of its academic affiliates — published a set of seven “Principles for Lawmakers” on liability for user-generated content online, aimed at guiding discussions around potential amendments to Section 230 of the Communications Decency Act of 1996.
TOTM Last year, real estate developer Alastair Mactaggart spent nearly $3.5 million to put a privacy law on the ballot in California’s November election. He then negotiated a deal with state lawmakers to withdraw the ballot initiative if they passed their own privacy bill. That law — the California Consumer Privacy Act (CCPA) — was enacted after only seven days of drafting and amending.
Last year, real estate developer Alastair Mactaggart spent nearly $3.5 million to put a privacy law on the ballot in California’s November election. He then negotiated a deal with state lawmakers to withdraw the ballot initiative if they passed their own privacy bill. That law — the California Consumer Privacy Act (CCPA) — was enacted after only seven days of drafting and amending. CCPA will go into effect six months from today.
Written Testimonies & Filings FTC Hearings on Competition & Consumer Protection in the 21st Century. Comments of the International Center for Law & Economics: Summing Up the FTC Hearings: Advocates for Increased Antitrust Intervention Failed to Make Their Case. Submitted Jun 30, 2019.
These comments represent ICLE’s review and commentary of the detailed record set forth during the FTC’s Hearings on Competition and Consumer Protection in the 21st Century. The hearings — and these comments — covered a wide range of topics from data security and privacy, to horizontal and vertical merger policy, anticompetitive unilateral behavior, and a host of contemporary issues that have arisen around the question of whether antitrust law is capable of dealing with potential harms to competition from modern firms.
Specifically, the summary comments deal with the following topics.
Opponents of the consumer welfare standard seek to return antitrust to the bygone era of courts arbitrarily punishing firms for successfully outcompeting their rivals or simply growing “too large.” The Commission should tread carefully before incorporating these ideas, which, during the course of its evolution in the 20th century, antitrust law carefully and correctly selected out.
Based on the testimony heard during the hearings, there is no need to change the non-horizontal merger guidelines. If anything, vertical merger review should be pared back out of a recognition that the failure to account for dynamic effects (and the inherent difficulty of doing so) means it is likely that pro-competitive mergers are being deterred.
Concerns regarding vertical discrimination are predicated on the erroneous assumption that big tech platforms might be harming competition by favoring their content over that of their complementors. Not only is this fear overblown, but even the harms alleged are frequently ambiguous and provide benefits to some consumers.
Much of the analysis of popular technology companies is predicated on traditional market definition analysis, which infers future substitution possibilities from existing or past market conditions. This leads to overly-narrow market definitions and erroneous market power determinations. Thus, Amazon, Facebook, and Google are assumed — erroneously — to be unassailable monopolies.
Data is a valuable input for companies competing in the digital economy. It is not, however, a magic bullet or holy grail, as some commenters suggested. As with other assets, companies can use data in both pro-competitive and anti-competitive ways. “Big data” may be a new term, but it does not pose unique problems for competition policy.
Click here to read the full concluding comments.
Presentations & Interviews In the “News Roundup” of episode 269. A McLaughlin Group for Cybersecurity, Gus Hurwitz covers the Supreme Court’s ruling on when a forum is subject . . .
In the “News Roundup” of episode 269. A McLaughlin Group for Cybersecurity, Gus Hurwitz covers the Supreme Court’s ruling on when a forum is subject to First Amendment limits. The full episode is embedded below.
https://www.steptoe.com/podcasts/TheCyberlawPodcast-269.mp3
Scholarship This response argues that in his efforts to locate a clear duty in existing data security law he has identified a standard that, in all meaningful ways, is one of subjective (not objective) reasonableness – and therefore offers no clarity at all.
William McGeveran’s recent article, The Duty of Data Security, is a significant contribution to ongoing debates about what duty firms holding electronic information about consumers owe in ensuring the security of that data. It also supports the opposite conclusion from that which McGeveran articulates. McGeveran frames the article as identifying a clear duty of data security. This response argues that in his efforts to locate a clear duty in existing data security law he has identified a standard that, in all meaningful ways, is one of subjective (not objective) reasonableness – and therefore offers no clarity at all. There is likely room for disagreement on both sides of this argument – both that which McGeveran makes and my response to it. The ultimate purpose of this response, however, is to recognize this aspect of the duty that McGeveran has identified and to reframe it in the familiar terms of objective vs. subjective reasonableness. This distinction is both useful and important, and has gone unremarked upon in two decades of discussions about the data security obligations.
Read the full response here.
