From Volume 87, Number 1 (September 2013)
This Article seeks to clarify the relationship between contract law and promises of privacy and information security. It challenges three commonly held misconceptions in privacy literature regarding the relationship between contract and data protection—the propertization fatalism, the economic value fatalism, and the displacement fatalism—and argues in favor of embracing contract law as a way to enhance consumer privacy. Using analysis from Sorrell v. IMS Health Inc., marketing theory, and the work of Pierre Bourdieu, it argues that the value in information contracts is inherently relational: consumers provide “things of value”—rights of access to valuable informational constructs of identity and context—in exchange for access to certain services provided by the data aggregator. This Article presents a contract-based consumer protection approach to privacy and information security. Modeled on trade secret law and landlord-tenant law, it advocates for courts and legislatures to adopt a “reasonable data stewardship” approach that relies on a set of implied promises—nonwaivable contract warranties and remedies—to maintain contextual integrity of information and improve consumer privacy.
From Volume 83, Number 3 (March 2010)
In the best of circumstances, governing domestic intelligence is challenging. Intelligence sits in an uncomfortable relationship with law’s commitment to transparency and accountability. History amply demonstrates that intelligence—including domestic intelligence—frequently begins where the rule of law gives out.
The inherent difficulty of governing intelligence has been unnecessarily exacerbated by a deep-seated and longstanding confusion about what domestic intelligence is. For over a century, policymakers and academic commentators have assumed that it is essentially a form of criminal investigation and that criminal law supplies the logical starting place for its effective governance. Over the years, this faulty premise has fostered a boom-and-bust cycle in intelligence governance; domestic intelligence has been, at different times, effectively out of business or unchecked by law.
This Article introduces a new way to think about domestic intelligence and its governance. Domestic intelligence is a kind of risk assessment, a regulatory activity familiar across the administrative state. Similar to risk assessments in environmental or health and safety law, domestic intelligence seeks to quantify a risk before it materializes, based on the careful analysis of aggregative data.
From Volume 81, Number 4 (May 2008)
Consider the following hypothetical: the Securities and Exchange Commission (“SEC”) is investigating a corporation for stock option backdating by the corporation’s officers and directors, and possible criminal charges are looming. The implicated company fires an executive, and seals her office. All of the executive’s documents inside the office, including her personal documents, are subpoenaed by the SEC. In a modern world, both work related documents and purely personal documents are often left at the office. These documents could include, but are not limited to, personal bank statements, other personal financial documents, letters, a diary, and even medical information. While personal files could have nothing to do with the corporation, the corporation must turn over these documents to the SEC pursuant to a valid subpoena. The SEC later can provide these documents to the U.S. Attorney’s office in a parallel criminal investigation of securities fraud. In a traditional criminal case, the government would need a search warrant and probable cause to enter someone’s home or office and take personal documents from the individual. Through the SEC subpoena, however, the documents may be subpoenaed for mere “official curiosity” and then handed over to the U.S. Attorney’s office, as long as the parallel proceedings were not carried out in bad faith.
From Volume 80, Number 2 (January 2007)
A defining problem of the Information Age is securing computer databases of ultrasensitive personal information. These reservoirs of data fuel our Internet economy but endanger individuals when their information escapes into the hands of cyber-criminals. This juxtaposition of opportunities for rapid economic growth and novel dangers recalls similar challenges society and law faced at the outset of the Industrial Age. Then, reservoirs collected water to power textile mills: the water was harmless in repose but wrought havoc when it escaped. After initially resisting Rylands v. Fletcher’s strict-liability standard as undermining economic development, American courts and scholars embraced it once the economy matured and catastrophes such as the Johnstown Flood made those hazards impossible to ignore.
Public choice analysis suggests that a meaningful public law response to insecure databases is as unlikely now as it was in the early Industrial Age. The Industrial Age’s experience can, however, help guide us to an appropriate private law remedy for the new risks and new types of harm of the early Information Age. Just as the Industrial Revolution’s maturation tipped the balance in favor of early tort theorists arguing that America needed, and could afford, a Rylands solution, so too the Information Revolution’s deep roots in American society and many strains of contemporary tort theory support strict liability for bursting cyber-reservoirs of personal data instead of a negligence regime overmatched by fast-changing technology. More broadly, the early Industrial Age offers valuable lessons for addressing other important Information Age problems.
From Volume 76, Number 1 (November 2002)
New crimes require new thinking about regulation. Because of computerization and globalization, today’s world faces new crimes and new ways of committing old crimes. Because of the interconnectedness of our global financial markets, this evolving criminal activity has unprecedented power to wreak havoc on every aspect of modern life. Law enforcement has no choice but to respond effectively.
One aspect of this new thinking is revising our concept of crime. Complex, economic wrongdoing is difficult to categorize as criminal primarily because it is enormously difficult to prove the high level of mens rea traditionally and appropriately required in criminal law. Proving this requisite mental state by the heightened burden required in criminal cases is even more difficult. Moreover, even when proof of criminal intent beyond a reasonable doubt is possible, conducting the investigation and proving a case by these standards is so expensive and time-intensive for both the executive and judicial branches that the costs often outweigh any benefit achieved. Lastly, imposing the criminal sanction of imprisonment on defendants whose wrongdoing, however destructive to society, may be malum prohibitum, is morally and practically questionable for a criminal justice system and is often economically inefficient.