This Article seeks to clarify the relationship between contract law and promises of privacy and information security. It challenges three commonly held misconceptions in privacy literature regarding the relationship between contract and data protection—the propertization fatalism, the economic value fatalism, and the displacement fatalism—and argues in favor of embracing contract law as a way to enhance consumer privacy. Using analysis from Sorrell v. IMS Health Inc., marketing theory, and the work of Pierre Bourdieu, it argues that the value in information contracts is inherently relational: consumers provide “things of value”—rights of access to valuable informational constructs of identity and context—in exchange for access to certain services provided by the data aggregator. This Article presents a contract-based consumer protection approach to privacy and information security. Modeled on trade secret law and landlord-tenant law, it advocates for courts and legislatures to adopt a “reasonable data stewardship” approach that relies on a set of implied promises—nonwaivable contract warranties and remedies—to maintain contextual integrity of information and improve consumer privacy.
Consumer contracts are pervasive. Yet, the promises that make up these contracts are becoming increasingly empty, as sellers reserve the power to modify their contracts unilaterally. While some modifications benefit both sellers and consumers, others increase seller profits at the consumer’s expense. The law’s goal should be to facilitate good modifications, while preventing bad ones. Currently this goal is not met. The problem is twofold. First, consumers fail to appreciate the risk of unilateral modification and thus fail to demand a commitment by sellers to avoid inefficient modifications. Second, and more important, even if consumers demand a commitment to make only mutually beneficial modifications, existing commitment mechanisms—consumer assent to modifications, judicial review of modifications, and seller reputation—are inadequate. We propose a novel commitment mechanism: adding Change Approval Boards (“CABs”) as parties to consumer contracts. These CABs would selectively assent to, or withhold assent from, contractual changes that sellers wish to make, according to each CAB’s modification policy. We envision a market for CABs—multiple CABs, each striking a different balance between flexibility and security, offering a range of modification policies from which consumers can choose. The market-based CAB system promises to deter abusive term changes while retaining the flexibility to change consumer contracts when change is justified.
In January 2003, the Slammer worm hit the Internet. Five of the Internet’s thirteen root-name servers shut down. Three hundred thousand cable modems in Portugal went offline, all of South Korea’s cell phone and Internet services went down, and Continental Airlines cancelled flights from its Newark hub due to its inability to process tickets. It took only six months after the disclosure of a security flaw for a virus writer to write the 376 byte virus. When it unleashed, it took ten minutes to infect ninety percent of vulnerable systems.
The flaw was a buffer overflow in the Microsoft SQL Server 2000 software. Because the code is embedded in other Microsoft products, not all users were even aware that their systems were running a version of SQL Server. Unfortunately, this was a well-known, preventable security flaw. Moreover, Microsoft had released a patch for the flaw exploited by Slammer six months before the attack. Despite the widespread effects, no flood of lawsuits ensued.
In 2005, cross-border investment exceeded $1.3 trillion globally. Yet the international law governing the protection of foreign-owned property remains unsettled even in U.S. courts. Not only do American courts often refuse to reach the merits of expropriation claims, but they also frequently ignore relevant authority and rely upon the outdated and muddled Restatement (Third) for guidance. This article, which focuses on breach and forced renegotiation of contract claims, is the first of five planned articles that examine different theories of expropriation under international law. Together, these five articles try to construct a new and comprehensive analytical framework for adjudicating expropriation claims.