Anonymization and Risk

Perfect anonymization of data sets that contain personal information has failed. But the process of protecting data subjects in shared information remains integral to privacy practice and policy. While the deidentification debate has been vigorous and productive, there is no clear direction for policy. As a result, the law has been slow to adapt a holistic approach to protecting data subjects when data sets are released to others. Currently, the law is focused on whether an individual can be identified within a given set. We argue that the best way to move data release policy past the alleged failures of anonymization is to focus on the process of minimizing risk of reidentification and sensitive attribute disclosure, not preventing harm. Process-based data release policy, which resembles the law of data security, will help us move past the limitations of focusing on whether data sets have been “anonymized.” It draws upon different tactics to protect the privacy of data subjects, including accurate deidentification rhetoric, contracts prohibiting reidentification and sensitive attribute disclosure, data enclaves, and query-based strategies to match required protections with the level of risk. By focusing on process, data release policy can better balance privacy and utility where nearly all data exchanges carry some risk

Reliable Perfection of Security Interests in Crypto-Currency

As you all know, the organizers of this event chose a topic of burning interest when they selected crypto-currency as the focus of this year’s panel. Fortunately, unlike most of the similar events at which the author has been asked to speak, we have not been asked to talk about Bitcoin as the currency of the future; my doubts about the ability of Bitcoin to succeed as a currency of routine use – as opposed to a speculative investment vehicle – dampen my interest in talking repeatedly about that subject. The task they have set for the speakers is one that involves a transactional development with much more potential for widespread deployment: transactions in which lenders extend loans in return for an interest in some form of crypto-currency as collateral. That topic sidesteps the indeterminate speculation about the future development of Bitcoin in favor of something of commercial immediacy. Crypto-currencies, in fact, have present value on the balance sheets of commercial borrowers, and all signs suggest that, in the years to come, investments in one or another form of crypto-currency will become more routine and more substantial. To be sure, that value might be volatile, and it might or might not be useful to think of it as currency, but from the perspective of lenders, it represents value that would enhance the borrowing base of their customers if lenders could capture it reliably. This article considers that topic. The author proceeds in three steps. First, the author considers the simple straightforward approach of perfecting a security interest under existing legal rules. Recognizing the obvious weaknesses of that approach in cabining transfers of collateral to pseudonymous purchasers, the author turns in the second part of the article to a more capacious use of institutional arrangements that should give the lender a more effective control of the asset – transactions using what the author calls “quasi-control.” Finally, the third part of the article briefly considers technological advances that would use blockchain-based smart contracting tools to perfect the lender’s interests more elegantly, namely the development of a “smart” lien that integrates the respective rights of the borrower and lender directly into the mechanism of the blockchain

Commodifying Consumer Data in the Era of the Internet of Things

Internet of Things (“IoT”) products generate a wealth of data about consumers that was never before widely and easily accessible to companies. Examples include biometric and health-related data, such as fingerprint patterns, heart rates, and calories burned. This Article explores the connection between the types of data generated by the IoT and the financial frameworks of Article 9 of the Uniform Commercial Code and the Bankruptcy Code. It critiques these regimes, which enable the commodification of consumer data, as well as laws aimed at protecting consumer data, such as the Bankruptcy Abuse Prevention and Consumer Protection Act, various state biometric data statutes, and the Health Insurance Portability and Accountability Act. This Article contends that in addition to privacy policies, financial frameworks can also play a critical role in facilitating the transfer and disclosure of consumer data in a manner that is opaque and potentially harmful to consumers. Furthermore, existing privacy frameworks that rely heavily on a notice and choice model and the provisions of a company’s privacy policy to determine the level of protection given to consumers, and which may not always apply to IoT companies, do not effectively safeguard consumers in the IoT setting. This Article proposes several solutions to engender movement away from an overreliance on the notice and choice model and the terms of privacy policies, and to reduce the various moments of data disclosure authorized by financial frameworks. It also offers ways to preserve the value of IoT data as a source of financing for companies while simultaneously protecting the privacy of consumers

Concerns Around Opposition to the Green Pass in Italy: Social Listening Analysis by Using a Mixed Methods Approach

Background: The recent introduction of COVID-19 certificates in several countries, including the introduction of the European green pass, has been met with protests and concerns by a fraction of the population. In Italy, the green pass has been used as a nudging measure to incentivize vaccinations because a valid green pass is needed to enter restaurants, bars, museums, or stadiums. As of December 2021, a valid green pass can be obtained by being fully vaccinated with an approved vaccine, recovered from COVID-19, or tested. However, a green pass obtained with a test has a short validity (48 hours for the rapid test, 72 hours for the polymerase chain reaction test) and does not allow access to several indoor public places. Objective: This study aims to understand and describe the concerns of individuals opposed to the green pass in Italy, the main arguments of their discussions, and their characterization. Methods: We collected data from Telegram chats and analyzed the arguments and concerns that were raised by the users by using a mixed methods approach. Results: Most individuals opposing the green pass share antivaccine views, but doubts and concerns about vaccines are generally not among the arguments raised to oppose the green pass. Instead, the discussion revolves around the legal aspects and the definition of personal freedom. We explain the differences and similarities between antivaccine and anti–green pass discourses, and we discuss the ethical ramifications of our research, focusing on the use of Telegram chats as a social listening tool for public health. Conclusions: A large portion of individuals opposed to the green pass share antivaccine views. We suggest public health and political institutions to provide a legal explanation and a context for the use of the green pass, as well as to continue focusing on vaccine communication to inform vaccine-hesitant individuals. Further work is needed to define a consensual ethical framework for social listening for public health

Speak Out: Verifying and Unmasking Cryptocurrency User Identity

Terror attacks pose a serious threat to public safety and national security. New technologies assist these attacks, magnify them, and render them deadlier. The more funding terrorist organizations manage to raise, the greater their capacity to recruit members, organize, and commit terror attacks. Since the September 11, 2001 terror attacks, law enforcement agencies have increased their efforts to develop more anti-terrorism and anti-money laundering regulations, which are designed to block the flow of financing of terrorism and cut off its oxygen. However, at present, most regulatory measures focus on traditional currencies. As these restrictions become more successful, the likelihood that cryptocurrencies will be used as an alternative to fund illicit behaviors grows. Furthermore, the COVID-19 virus and subsequent social distancing guidelines have increased the use of cryptocurrencies for money laundering, material support to terror, and other financial crimes. Cryptocurrencies are a game-changer, significantly affecting market functions like never before and making it easier to finance terrorism and other types of criminal activity. These decentralized and (usually) anonymous currencies facilitate a high volume of transactions, allowing terrorists to engage in extensive fundraising, management, transfer, and spending for illegal activities. As cryptocurrencies gain popularity, the issue of regulating them becomes more urgent. This Article proposes to reform cryptocurrency regulation. It advocates for mandatory obligations directed at cryptocurrency issuers, wallet providers, and exchanges to verify the identity of users on the blockchain. Thus, courts could grant warrants obligating cryptocurrency-issuing companies to unmask the identity of cryptocurrency users when there is probable cause that their activities support terrorism or other money laundering schemes. Such reforms would stifle terrorism and other types of criminal activity financed through cryptocurrencies, curbing harmful activities and promoting national security. In recognition of the legal challenges this solution poses, this Article also addresses substantial objections that might be raised regarding the proposed reforms, such as innovation concerns, First Amendment arguments, and Fourth Amendment protections. It concludes by addressing measures to efficiently promote application of the proposed reforms