Research Digest of Data Governance and Cyber Security in Global Journals(2)

   2018-02-14 09:48

Dalmacio V. Posadas, Jr、AFTER THE GOLD RUSH: THE BOOM OF THE INTERNET OF THINGS, AND THE BUSTS OF DATA-SECURITY AND PRIVACY (淘金热之后:物联网热潮和数据安全与隐私的降温)、Fordham Intellectual Property, Media and Entertainment Law Journal(Fall, 2017)
This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual's life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things-- and any of its unforeseen progeny-- develop with an eye toward safeguarding individual privacy while allowing technological development.

Hannah L. Cook、FLAGGING THE MIDDLE GROUND OF THE RIGHT TO BE FORGOTTEN: COMBATTING OLD NEWS WITH SEARCH ENGINE FLAGS(树立被遗忘权的中间立场:高举反对旧的新闻搜索的旗帜)、Vanderbilt Journal of Entertainment and Technology Law(Fall, 2017)
Incomplete and outdated news articles present an increasing problem for individuals who find themselves stigmatized on the basis of truthful but misleading reports. This Article proposes a moderate solution between the European right to be forgotten and the protectionless status quo in the United States. It proposes a flagging system, administered through Federal Trade Commission adjudications, where links to articles whose private harms outweigh their public benefits are flagged in the search results of an individual. This flag will help combat psychological biases that may cause decision makers to place an irrational weight on these articles while preserving the ability of the public to access the information.

The Harvard Law Review Association、IF THESE WALLS COULD TALK: THE SMART HOME AND THE FOURTH AMENDMENT LIMITS OF THE THIRD PARTY DOCTRINE(如果这些墙能说话的话:智能家庭和第四修正案限制第三方学说)、Harvard Law Review(May, 2017)
This Note argues that the current third party doctrine cannot adequately protect individuals' privacy rights that are implicated in the smart home context. Thus, the Supreme Court ought, and may be especially inclined, to update the doctrine. Further, the Court can do so in a way that is consistent with its own Fourth Amendment jurisprudence by applying the context-based “reasonable expectation of privacy” test.11 Namely, the Court should consider the voluntariness of the disclosure, the nature of the information shared, and the identity of the recipients, as it did when deciding the cases leading up to what is now the third party doctrine. The context of smart homes puts the modern absurdity of the third party doctrine into especially stark relief. “[I]f the machines [and the government] are watching, maybe the *1926 home is not really the home anymore?” 12 The home is the bedrock of the Supreme Court's Fourth Amendment jurisprudence, where individuals' privacy interests are at their peak. 13 It is difficult to imagine that the Court would countenance the third-party exception's working to provide the government warrantless entry into any home it wishes.Part I discusses the evolution of the third party doctrine. Part II discusses modern applications of the third party doctrine. Part III explores the growing tensions between the doctrine and our shifting technological landscape. Part IV concludes by demonstrating how the application of the third party doctrine--and the outdated binaries that comprise it--is rendered especially absurd and problematic in the smart home context. It also posits that the application of the doctrine to the home, an area where the Court has been most unwilling to compromise Fourth Amendment protection, presents the ideal (and perhaps necessary) opportunity for the Court to reconsider the doctrine, which it can do by applying its own contextually mediated reasonable expectation of privacy test.

J.T. Parisi、FOLLOWING FOOTSTEPS: HOW FEDERAL DISTRICT COURT JURISPRUDENCE PROTECTS HEALTH DATA IN THE WORKPLACE(下一步:联邦地区法院判例如何保护工作场所的健康数据)、Vanderbilt Journal of Entertainment and Technology Law(Fall, 2017)
With the growing popularity of fitness tracking technology, employers have started to provide their employees with fitness tracking devices in order to obtain a subsidy on employer group health plans. Access to this data creates an opportunity to abuse the data by using it when making employment decisions. This Note analyzes how the current legal framework does not adequately protect the data and employees. The solution suggests using a recent case to provide the Equal Employment Opportunity Commission with authority to regulate employers' use of the health data until adequate privacy and data security laws can address the problem.

Daniel Healow、NEIGHBORHOOD WATCH 2.0: PRIVATE SURVEILLANCE AND THE INTERNET OF THINGS(邻里观察2:私人监控和物联网)、Washington Journal of Law, Technology & Arts(Fall, 2017)
The use of low-cost cameras and internet-connected sensors is sharply increasing among local law enforcement, businesses, and average Americans. While the motives behind adopting these devices may differ, this trend means more data about the events on Earth is rapidly being collected and aggregated each day. Current and future products, such as drones and self-driving cars, contain cameras and other embedded sensors used by private individuals in public settings. To function, these devices must passively collect information about other individuals who have not given the express consent that is commonly required when one is actively using an online service, such as email or social media. Generally, courts do not recognize a right to privacy once a person enters public spaces. However, the impending convergence of privately-owned sensors gathering information about the surrounding world creates a new frontier in which to consider private liberties, community engagement, and civic duties. This Article will analyze the legal and technological developments surrounding: (1) existing data sources used by local law enforcement; (2) corporate assistance with law enforcement investigations; and (3) volunteering of personal data to make communities safer. After weighing relative privacy interests, this Article will explain, under current laws, the utility of private data to make communities safer, while simultaneously *2 advancing the goals of fiscal responsibility, government accountability, and community engagement.

Andrew Guthrie Ferguson、THE “SMART” FOURTH AMENDMENT(聪明的第四修正案)、Cornell Law Review(March, 2017)
“Smart” devices radiate data, exposing a continuous, intimate, and revealing pattern of daily life. Billions of sensors collect data from smartphones, smart homes, smart cars, medical devices, and an evolving assortment of consumer and commercial products. But, what are these data trails to the Fourth Amendment? Does data emanating from devices on or about our bodies, houses, things, and digital devices fall within the Fourth Amendment's protection of “persons, houses, papers, and effects”? Does interception of this information violate a “reasonable expectation of privacy”?This Article addresses the question of how the Fourth Amendment should protect “smart data.” It exposes the growing danger of sensor surveillance and the weakness of current Fourth Amendment doctrine. The Article then suggests a new theory of “informational curtilage” to protect the data trails emerging from smart devices and reclaims the principle of “informational security” as the organizing framework for a digital Fourth Amendment.

Margaret Byrne Sedgewick、TRANSBORDER DATA PRIVACY AS TRADE(作为交易的数据隐私跨境)、California Law Review(October, 2017)
Data flows continuously across national boundaries. The current model of regulation for data privacy, an essential component for safe data flow, relies impractically on jurisdiction-specific rules. This practice impedes the benefits of data, which are increasingly a necessary and integral part of day-to-day life. A look at the history of data privacy reveals that this practice is rooted in an ill-fitting adoption of privacy standards set in the period after World War II. Europe was reeling from the Nazi regime and intent on keeping the government out of the home and personal communication. Analogies between these traditional protected areas and the contemporary transmissions and use of personal data are unsatisfying--and lead to unsatisfying policy. Traditional privacy jurisprudence must be better reconciled with rapidly advancing technology and globalization.This Note proposes reframing transborder data privacy as trade. This step would transition the regulatory model away from a jurisdiction-specific set of rules to an internationally shared set of standards that better reflects the immediate mobility of data in the cloud. The U.S. and European systems, while formally divergent enough to cause these problems, are in fact grounded in common principles that would serve as a base for an international agreement on transborder data privacy. Though political opposition to shared standards may be currently insurmountable, this Note nonetheless concludes that an international trade framework would more effectively harness the benefits and mitigate the risks of transborder data flow.

Eric Johnson、LOST IN THE CLOUD: CLOUD STORAGE, PRIVACY, AND SUGGESTIONS FOR PROTECTING USERS' DATA(迷失在云端:云存储、隐私和保护用户数据的建议)、Stanford Law Review(March, 2017)
In the digital age, users store vast amounts of data--often data considered to be private--in the cloud. The privacy of this data is increasingly determined by the policies of the companies storing it. But how does the law currently protect that data from law enforcement? Do users maintain a reasonable expectation of privacy in the information they have uploaded to the cloud? And if so, can service providers' terms of service affect users' reasonable expectations of privacy? This Note answers those questions by examining the main legal protections relevant to data stored in the cloud: the Stored Communications Act and the Fourth Amendment. After analyzing these protections, this Note determines that data stored in the cloud may be protected by the Act. But more importantly, this Note analyzes the history of the third-party doctrine and determines that users do have a reasonable expectation of privacy in information stored in the cloud until the third-party doctrine is triggered. And this triggering can occur due to provider access pursuant to the terms of service. In light of these findings, this Note concludes by suggesting that providers implement standard, scope, and notice provisions in their privacy policies or terms of service in order to enhance the protection of user privacy while also providing reasonable means for providers to secure and maintain their networks. 

Ryan Calo and Alex Rosenblat、THE TAKING ECONOMY: UBER, INFORMATION, AND POWER(攫取的经济:优步,信息和权力)、Columbia Law Review(October, 2017)
Sharing economy firms such as Uber and Airbnb facilitate trusted transactions between strangers on digital platforms. This creates economic and other value but raises concerns around racial bias , safety , and fairness to competitors and workers that legal scholarship has begun to address. Missing from the literature , however, is a fundamental critique of the sharing economy grounded in asymmetries of information and power. This Essay , coauthored by a law professor and a technology ethnographer who studies work , labor, and technology,furnishes such a critique and proposes a meaningful response through updates to consumer protection law.Commercial firms have long used what they know about con to shape their behavior and maximize profits . Sitting between consumers and providers of services, however, sharing economy firm have unique capacity to monitor and nudge all participants - including people whose livelihoods may depend on the platform. These firms reveals their monitoring activities only selectively . However, preliminary evidence suggests that sharing economy firms such as Uber may already going too far, leveraging their access to information about their control over the user experience to mislead, coerce, or otherwise disadvantage sharing economy participants .This Essay argues that consumer protection law, with its longtime emphasis on restraining asymmetries of information and power,is well positioned to address this underexamined aspect of the sharing economy Yet, the regulatory response to date seems outdated and superifcial. to be effective,legal interventions must (1) reflect a deeper understanding of the acts and practices of digital platforms and (2) limit the incentives for sharing economy firms to abuse their position.

Kimberly A. Houser and Debra Sanders、THE USE OF BIG DATA ANALYTICS BY THE IRS: EFFICIENT SOLUTIONS OR THE END OF PRIVACY AS WE KNOW IT? (美国国税局使用大数据分析:如我们所知,有效的解决方案或隐私的结束?)、Vanderbilt Journal of Entertainment and Technology Law(Summer, 2017)
This Article examines the privacy issues resulting from the IRS's big data analytics program as well as the potential violations of federal law. Although historically, the IRS chose tax returns to audit based on internal mathematical mistakes or mismatches with third party reports (such as W-2s), the IRS is now engaging in data mining of public and commercial data pools (including social media) and creating highly detailed profiles of taxpayers upon which to run data analytics. This Article argues that current IRS practices, mostly unknown to the general public are violating fair information practices. This lack of transparency and accountability not only violates federal law regarding the government's data collection activities and use of predictive algorithms, but may also result in discrimination. While the potential efficiencies that big data analytics provides may appear to be *818 a panacea for the IRS's budget woes,unchecked,these activities are asignificant threat to privacy. Other concerns regarding the IRS's entrée into big data are raised including the potential for political targeting, data breaches, and the misuse of such information. This Article intends to bring attention to these privacy concerns and contribute to the academic and policy discussions about the risks presented by the IRS's data collection, mining and analytics activities.

Lindsey Barrett、HERBIE FULLY DOWNLOADED: DATA-DRIVEN VEHICLES AND THE AUTOMOBILE EXCEPTION(完全下载:数据驱动车辆和汽车例外)、Georgetown Law Journal(November, 2017)
The Fourth Amendment's automobile exception generally allows vehicles to be searched without a warrant. This lessened degree of protection is based partially on the need to afford law enforcement officials discretion when a suspect, evidence, or contraband is found in an automobile. It is also based on the diminished expectation of privacy in vehicles, due to their pervasive regulation and use of the public roadways. Although an autonomous vehicle would seem to undermine the mobility rationale for the automobile exception, it is the information such vehicles collect about their drivers that merits a departure from established Fourth Amendment doctrine to ensure that basic privacy protections remain in full force. This Note argues that although the mobility analysis of the automobile exception does not compel a new approach to Fourth Amendment analysis for autonomous vehicles, the information these vehicles collect represents such a significant privacy interest that law enforcement officials should be required to obtain a warrant before accessing vehicle data. This result is supported by the Supreme Court's analysis in Riley v. California and United States v. Jones.