Zealous Administration: The Deportation Bureaucracy

An agency\u27s culture shapes its lawmaking. Under certain conditions, agency culture dominates decision-making so strongly that it mutes the influence of those factors that administrative law scholars have traditionally focused on including presidential will, judicial oversight, internal resistance, and public opinion. We call this undertheorized phenomenon zealous administration. The immigration enforcement bureaucracy has vast discretion to remove unauthorized immigrants from the United States. Current immigration policies-such as indiscriminate deportation, family separation, and harsh detention-represent the most prominent example of zealous administration in the federal government. This Article focuses on that bureaucracy to plumb the causes and effects of zealous administration and to explore ways to limit it. Zealous administration manifests in three principal ways. First, the agency engages in hyper-regulation-the exercise of authority in indiscriminate, pervasive, and performative modes. Second, the agency is politically resilient-it is uniquely impervious to influence from the President, pressure from other government entities, public disapproval, and internal dissent. Third, zealous administration-once it has taken root in an agency and absent some powerful intervention-will grow over time and coopt for its mission other agencies sharing the same regulatory space. The immigration enforcement bureaucracy\u27s zealous administration complements President Trump\u27s aggressive agenda, but it is not merely a product of it. Zealous administration in that bureaucracy has deep structural roots long predating the current administration. Neither the reigning presidential-control view of administrative lawmaking, nor the alternative deliberative-democratic view can fully account for it. This Article fills the gap by drawing on classic public choice theory to construct a model of immigration enforcement as regulation. It concludes that taming zealous administration requires policymakers to focus on redirecting bureaucratic incentives, redesigning institutions, and expanding judicial review

The Law of Attribution: Rules for Attribution the Source of a Cyber-Attack

State-sponsored cyber-attacks are on the rise and show no signs of abating. Despite the threats posed by these attacks, the states responsible frequently escape with impunity because of the difficulty in attributing cyber-attacks to their source. As a result, current scholarship has focused almost exclusively on overcoming the technological barriers to attribution

Surveillance by Algorithm: The NSA, Computerized Intelligence Collection, and Human Rights

ISIS’s cultivation of social media has reinforced states’ interest in using automated surveillance. However, automated surveillance using artificial intelligence (“machine learning”) techniques has also sharpened privacy concerns that have been acute since Edward Snowden’s disclosures. This Article examines machine-based surveillance by the NSA and other intelligence agencies through the prism of international human rights. Two camps have clashed on the human rights implications of machine surveillance abroad. The state-centric camp argues that human rights agreements like the International Covenant on Civil and Political Rights (ICCPR) do not apply extraterritorially. Moreover, the state-centric camp insists, machine surveillance is inherently unintrusive, like a dog seeing a human step out of the shower. Surveillance critics respond that machine and human access to data are equivalent invasions of privacy and legal protections must be equal for individuals within a state’s borders and nonnationals overseas. In a controversial recent decision, Schrems v. Data Protection Commissioner, the European Court of Justice appeared to side with surveillance’s critics. This Article argues that both the state-centric and critical positions are flawed. This Article agrees with surveillance critics that the ICCPR applies extraterritorially. Machine access to data can cause both ontological harm, stemming from individuals’ loss of spontaneity, and consequential harm, stemming from errors that machines compound in databases such as no-fly lists. However, the Schrems decision went too far by failing to acknowledge that human rights law provides states with a measure of deference in confronting threats such as ISIS. Deference on overseas surveillance is particularly appropriate given U.N. Security Council resolutions urging states to deny terrorists safe havens. But deference cannot be absolute. To provide appropriate safeguards, this Article recommends that machine searches abroad be tailored to compelling state purposes, scientifically validated, and subject to independent review

\u27Code\u27 and the Slow Erosion of Privacy

The notion of software code replacing legal code as a mechanism to control human behavior-- code as law --is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of code as law on privacy. To what extent is privacy-related code being used, either to undermine or to enhance privacy? On the basis of cases in the domains of law enforcement, national security, E-government, and commerce, it is concluded that technology rarely incorporates specific privacy-related norms. At the same time, however, technology very often does have clear effects on privacy, as it affects the reasonable expectation of privacy. Technology usually makes privacy violations easier. Particularly information technology is much more a technology of control than it is a technology of freedom. Privacy-enhancing technologies (PETs) have yet to be implemented on any serious scale. The consequent eroding effect of technology on privacy is a slow, hardly perceptible process. If one is to stop this almost natural process, a concerted effort is called for, possibly in the form of privacy impact assessments, enhanced control mechanisms, and awareness-raising

Answering the Cyber Oversight Call

In the past few years, a revised cyber strategy, a spate of new cyber authorities, and revamped presidential directives have significantly expanded the cyber capabilities of the U.S. military. This expansion has coincided with a weakening and dispersion of traditional congressional oversight mechanisms, creating a separation of powers mismatch. This mismatch, and the necessarily stealthy features that characterize cyberoperations, inhibit Congress’s ability to gain a comprehensive understanding of the use and deployment of these cyber powers, while obscuring the use of such powers from the public as well. Put bluntly, the traditional congressional oversight mechanisms are not suited to the cyber oversight task. There is a need to find alternative players able to answer the cyber oversight call. To fill this gap, scholars have proposed various “surrogates” and “intermediaries” including foreign allies, local governments, technology companies, and other private sector actors. This Article urges a different approach by examining the consequential role of the Department of Defense Office of Inspector General (DoD OIG) from the cyber oversight perspective. Although often maligned and misunderstood as the bean counters of the federal government, inspectors general serve critical functions in our constitutional scheme, both as internal checks on abuses of executive power and as conduits of information to the legislative branch. The DoD OIG is uniquely positioned and equipped to fill the gaps in the cyber oversight framework, and to ensure that the political branches are working together to appropriately limit and guide the use of these vast new cyber powers. In sum, this Article explores the DoD OIG’s distinctive ability to answer the cyber oversight call

\u27Code\u27 and the Slow Erosion of Privacy

The notion of software code replacing legal code as a mechanism to control human behavior-- code as law --is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of code as law on privacy. To what extent is privacy-related code being used, either to undermine or to enhance privacy? On the basis of cases in the domains of law enforcement, national security, E-government, and commerce, it is concluded that technology rarely incorporates specific privacy-related norms. At the same time, however, technology very often does have clear effects on privacy, as it affects the reasonable expectation of privacy. Technology usually makes privacy violations easier. Particularly information technology is much more a technology of control than it is a technology of freedom. Privacy-enhancing technologies (PETs) have yet to be implemented on any serious scale. The consequent eroding effect of technology on privacy is a slow, hardly perceptible process. If one is to stop this almost natural process, a concerted effort is called for, possibly in the form of privacy impact assessments, enhanced control mechanisms, and awareness-raising