The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information

Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft. Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism. This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers

Regulating Data as Property: A New Construct for Moving Forward

The global community urgently needs precise, clear rules that define ownership of data and express the attendant rights to license, transfer, use, modify, and destroy digital information assets. In response, this article proposes a new approach for regulating data as an entirely new class of property. Recently, European and Asian public officials and industries have called for data ownership principles to be developed, above and beyond current privacy and data protection laws. In addition, official policy guidances and legal proposals have been published that offer to accelerate realization of a property rights structure for digital information. But how can ownership of digital information be achieved? How can those rights be transferred and enforced? Those calls for data ownership emphasize the impact of ownership on the automotive industry and the vast quantities of operational data which smart automobiles and self-driving vehicles will produce. We looked at how, if at all, the issue was being considered in consumer-facing statements addressing the data being collected by their vehicles. To formulate our proposal, we also considered continued advances in scientific research, quantum mechanics, and quantum computing which confirm that information in any digital or electronic medium is, and always has been, physical, tangible matter. Yet, to date, data regulation has sought to adapt legal constructs for “intangible” intellectual property or to express a series of permissions and constraints tied to specific classifications of data (such as personally identifiable information). We examined legal reforms that were recently approved by the United Nations Commission on International Trade Law to enable transactions involving electronic transferable records, as well as prior reforms adopted in the United States Uniform Commercial Code and Federal law to enable similar transactions involving digital records that were, historically, physical assets (such as promissory notes or chattel paper). Finally, we surveyed prior academic scholarship in the U.S. and Europe to determine if the physical attributes of digital data had been previously considered in the vigorous debates on how to regulate personal information or the extent, if at all, that the solutions developed for transferable records had been considered for larger classes of digital assets. Based on the preceding, we propose that regulation of digital information assets, and clear concepts of ownership, can be built on existing legal constructs that have enabled electronic commercial practices. We propose a property rules construct that clearly defines a right to own digital information arises upon creation (whether by keystroke or machine), and suggest when and how that right attaches to specific data though the exercise of technological controls. This construct will enable faster, better adaptations of new rules for the ever-evolving portfolio of data assets being created around the world. This approach will also create more predictable, scalable, and extensible mechanisms for regulating data and is consistent with, and may improve the exercise and enforcement of, rights regarding personal information. We conclude by highlighting existing technologies and their potential to support this construct and begin an inventory of the steps necessary to further proceed with this process

A New Generation of International Adjudication

This Article challenges the conventional view of contemporary international adjudication. It identifies a new generation of international tribunals, which has been largely ignored by commentators, and argues that these tribunals offer a highly successful, alternative model to traditional public-international-law adjudicatory bodies. The proliferation of international tribunals is widely regarded as one of the most significant developments in international law over the past century. The subject has given rise to an extensive and robust body of academic commentary. Although commentators reach widely divergent conclusions about many aspects of international law and adjudication, they all agree that international tribunals differ fundamentally from national courts. In particular, according to the commentary, international tribunals such as the International Court of Justice lack the power to render enforceable decisions or to exercise compulsory jurisdiction. This Article argues that commentators have proceeded from a flawed and incomplete understanding of contemporary international adjudication. Virtually all commentary on the subject ignores the development of a second generation of international tribunals, best represented by international commercial and investment tribunals, World Trade Organization panels, and claims-settlement mechanisms. Contrary to the conventional wisdom about international adjudication, this new generation of international tribunals has the power to exercise what is effectively compulsory jurisdiction and to render enforceable decisions that can often be coercively executed against states and their commercial assets. These second-generation tribunals have been the most frequently used and, in many respects, the most successful form of international adjudication in recent decades. The caseloads of these tribunals have grown rapidly over the past forty years and now substantially exceed those of traditional public-international-law tribunals. Moreover, an analysis of state treatymaking practice over recent decades shows that states have virtually never concluded treaties accepting the jurisdiction of traditional first-generation tribunals—concluding less than one treaty per year—whereas they have frequently accepted the jurisdiction of second-generation tribunals capable of rendering enforceable decisions—accepting some fifty treaties per year. More fundamentally, second-generation tribunals have played an essential role in facilitating international trade, finance, and investment; have contributed to the development of important fields of international law; and have provided leading contemporary examples of international law working in practice. Although largely ignored by the commentary, the success and frequent use of second-generation tribunals have important implications for conventional analysis of international adjudication. The success of these tribunals flatly contradicts the claims, advanced by a number of academic commentators, that international adjudication is unimportant in contemporary international affairs and that states do not use international tribunals—particularly tribunals that would be effective. In reality, second-generation tribunals have been frequently and successfully used in vitally important fields, in part because they issue effective and enforceable decisions. At the same time, the success of second-generation tribunals also contradicts prescriptions, offered by a number of commentators, that future international tribunals be modeled on “independent” first-generation tribunals or, alternatively, on entirely “dependent” adjudicative mechanisms. Successful second-generation tribunals exhibit a blend of structural characteristics that defy blanket prescriptions for either “independence” or “dependence” and that counsel for more tailored, nuanced institutional designs

What\u27s It Worth to Keep a Secret?

This article is the first major study of protection and valuation of trade secrets under federal criminal law. Trade secrecy is more important than ever as an economic complement and substitute for other intellectual property protections, particularly patents. Accordingly, U.S. public policy correctly places a growing emphasis on characterizing the scope of trade secrets, creating incentives for their productive use, and imposing penalties for their theft. Yet amid this complex ecosystem of legal doctrine, economic policy, commercial strategy, and enforcement, there is little research or consensus on how to assign value to trade secrets. One reason for this gap is that intangible assets in general are notoriously difficult to value, and trade secrecy by its opaque nature is ill-suited to the market-signaling mechanisms that offer at least some traction in other forms of valuation. Another reason is that criminal trade secret law is relatively young, and the usual corrective approaches to valuation in civil trade secrecy are not synonymous with the greater distributive concerns of criminal law. To begin to fill this gap, we examine over a decade of trade secret protection and valuation under the U.S. Economic Espionage Act of 1996. From original data on EEA prosecutions, we show that trade secret valuations are lognormally distributed as predicted by Gibrat’s Law, with valuations typically low on the order of $5 million but reaching as high as$250 million. There is no notable difference among estimates from various valuation methods, but a difference between high and low estimates on one hand and the sentencing estimates on the other. These findings suggest that the EEA has not been used to its full capacity, a conclusion buttressed by recent Congressional actions to strengthen the EEA

What's it worth to keep a secret?

This article is the first major study of protection and valuation of trade secrets under federal criminal law. Trade secrecy is more important than ever as an economic complement and substitute for other intellectual property protections, particularly patents. Accordingly, U.S. public policy correctly places a growing emphasis on characterizing the scope of trade secrets, creating incentives for their productive use, and imposing penalties for their theft. Yet amid this complex ecosystem of legal doctrine, economic policy, commercial strategy, and enforcement, there is little research or consensus on how to assign value to trade secrets. One reason for this gap is that intangible assets in general are notoriously difficult to value, and trade secrecy by its opaque nature is ill-suited to the market-signaling mechanisms that offer at least some traction in other forms of valuation. Another reason is that criminal trade secret law is relatively young, and the usual corrective approaches to valuation in civil trade secrecy are not synonymous with the greater distributive concerns of criminal law. To begin to fill this gap, we examine over a decade of trade secret protection and valuation under the U.S. Economic Espionage Act of 1996. From original data on EEA prosecutions, we show that trade secret valuations are lognormally distributed as predicted by Gibrat’s Law, with valuations typically low on the order of $5 million but reaching as high as$250 million. There is no notable difference among estimates from various valuation methods, but a difference between high and low estimates on one hand and the sentencing estimates on the other. These findings suggest that the EEA has not been used to its full capacity, a conclusion buttressed by recent Congressional actions to strengthen the EEA

Limitation of Sales Warranties as an Alternative to Intellectual Property Rights: An Empirical Analysis of IPhone Warranties’ Deterrent Impact on Consumers

Apple\u27s success with the Apple iPhone has brought with it certain problems. Its success has engendered a community that has attempted to circumvent Apple\u27s exclusive service agreement with AT&T. Unfortunately for Apple (and similarly situated manufacturers), intellectual property law allows consumers to alter their products so as to circumvent relationships that manufacturers may have with others. The patent and copyright law first sale doctrine allows consumers to manipulate a product after it is purchased. As a result, manufacturers are increasingly turning to alternatives to intellectual property to secure control over the device after the sale. One such alternative is the exclusion of warranty under Article 2 of the Uniform Commercial Code. This iBrief considers whether limitation of warranties have the deterrence effect manufacturers desire. Said differently, it considers whether manufacturers can use warranty limitations to prevent consumers from using their products in an unauthorized manner. The iBrief presents a behavioral model based on the Triandis model of planned behavior and enhances the model by accounting for likely and unlikely benefits and detriments. The model suggests that participants weigh the probability and magnitude of the detriment against the probability and magnitude of the beneficial impact when making the decision to engage in technological piracy. This model, considered with other empirical evidence, suggests that Apple\u27s warranty could be a stronger deterrent for consumers than civil liability. The iBrief concludes that manufacturers can better protect their post-sale expectation of profits by raising consumer awareness of their warranty\u27s quality and by raising awareness of the consequences for using the product in a way that is outside the terms of the consumers\u27 authorized use

The Anonymous Poster: How to Protect Internet Users’ Privacy and Prevent Abuse

The threat of anonymous Internet posting to individual privacy has been met with congressional and judicial indecisiveness. Part of the problem stems from the inherent conflict between punishing those who disrespect one\u27s privacy by placing a burden on the individual websites and continuing to support the Internet\u27s development. Additionally, assigning traditional tort liability is problematic as the defendant enjoys an expectation of privacy as well, creating difficulty in securing the necessary information to proceed with legal action. One solution to resolving invasion of privacy disputes involves a uniform identification verification program that ensures user confidentiality while promoting accountability for malicious behavior

Weathering the Nest: Privacy Implications of Home Monitoring for the Aging American Population

The research in this paper will seek to ascertain the extent of personal data entry and collection required to enjoy at least the minimal promised benefits of distributed intelligence and monitoring in the home. Particular attention will be given to the abilities and sensitivities of the population most likely to need these devices, notably the elderly and disabled. The paper will then evaluate whether existing legal limitations on the collection, maintenance, and use of such data are applicable to devices currently in use in the home environment and whether such regulations effectively protect privacy. Finally, given appropriate policy parameters, the paper will offer proposals to effectuate reasonable and practical privacy-protective solutions for developers and consumers

Market Structure and Political Law: A Taxonomy of Power

The goal of this Article is to create a way of seeing how market structure is innately political. It provides a taxonomy of ways in which large companies frequently exercise powers that possess the character of governance. Broadly, these exercises of power map onto three bodies of activity we generally assign to government: to set policy, to regulate markets, and to tax. We add a fourth category – which we call dominance, after Brandeis – as a kind of catchall describing the other political impacts. The activities we outline will not always fit neatly into these categories, nor do all companies engage in all of these levels of power – that is not the point. The point is that Bank of America and Exxon govern our lives in a way that, say, the local ice cream store in your hometown does not. Explicitly understanding the power these companies wield as a form of political power expands the range of legal tools we should consider when setting policy around them

Double Secret Protection: Bridging Federal and State Law To Protect Privacy Rights for Telemental and Mobile Health Users

Mental health care in the United States is plagued by stigma, cost, and access issues that prevent many people from seeking and continuing treatment for mental health conditions. Emergent technology, however, may offer a solution. Through telemental health, patients can connect with providers remotely—avoiding stigmatizing situations that can arise from traditional healthcare delivery, receiving more affordable care, and reaching providers across geographic boundaries. And with mobile health technology, people can use smart phone applications both to self-monitor their mental health and to communicate with their doctors. But people do not want to take advantage of telemental and mobile health unless their privacy is protected. After evaluating the applicability of current health information privacy law to these new forms of treatment, this Note proposes changes to the federal regime to protect privacy rights for telemental and mobile health users