Big Data\u27s Other Privacy Problem

Big Data has not one privacy problem, but two. We are accustomed to talking about surveillance of data subjects. But Big Data also enables disconcertingly close surveillance of its users. The questions we ask of Big Data can be intensely revealing, but, paradoxically, protecting subjects\u27 privacy can require spying on users. Big Data is an ideology of technology, used to justify the centralization of information and power in data barons, pushing both subjects and users into a kind of feudal subordination. This short and polemical essay uses the Bloomberg Terminal scandal as a window to illuminate Big Data\u27s other privacy problem

Regulation by Software

Software is neither law nor architecture. It is its own modality of regulation. This Note builds on Larry Lessig’s famous formulation that “code is law” to argue that Lessig was wrong to equate computer software with physical architecture. Although software resembles both law and architecture in its power to constrain behavior, it has features that distinguish it from both. The Note identifies four relevant attributes of software: It is ruleish, potentially nontransparent, impossible to ignore, and vulnerable to sudden failure. By assessing the impact of these characteristics in a given context, one can decide whether software is a good or a bad choice to solve a regulatory problem. Part I situates software within Lessig’s theory of different and complementary modalities of regulation that constrain individuals. In Code, he postulates four such modalities: law, social norms, markets, and physical architecture. He then argues that software is a subspecies of physical architecture as a modality. I argue instead that three basic characteristics of software establish it as a distinct modality that should not be conflated with any of the others: First, software is automated. Once set in motion by a programmer, a computer program makes its determinations mechanically, without further human intervention. Second, software is immediate. Rather than relying on sanctions imposed after the fact to enforce its rules, it simply prevents the forbidden behavior from occurring. Third, software is plastic. Programmers can implement almost any system they can imagine and describe precisely. Software is like physical architecture and unlike law in being automated and immediate. However, plasticity is more characteristic of legal systems than of architectural ones. Software’s plasticity interacts with its automation and its immediacy to produce consequences that set it apart from both law and physical architecture. In Part II, I turn to these distinctive consequences. There are four recurring and predictable patterns present in any regulation by software: First, along the traditional continuum between rules and standards, software lies at the extreme rule-bound end. Second, software can regulate without transparency. Frequently, those regulated by software may have no reasonable way to determine the overall shape of the line between prohibited and permitted behavior. Third, software rules cannot be ignored. Parties facing a decision made by software can, at best, take steps to undo what software has wrought. Fourth, software is more fragile than other systems of regulation. Hackers can turn its plasticity against it, and its automated operation means that unintended consequences are shielded from human review. Part III applies this analysis to two case studies. It predicts that software is a good way to manage negotiations and transactions in online marketplaces such as online auction sites and electronic stock exchanges. On the other hand, it predicts several pitfalls for the use of software to restrict the distribution of digital media

The Elephantine Google Books Settlement

The genius—some would say the evil genius—of the proposed Google Books settlement is the way it fuses legal categories. The settlement raises important class action, copyright, and antitrust issues, among others. But just as an elephant is not merely a trunk plus legs plus a tail, the settlement is more than the sum of the individual issues it raises. These “issues” are, really just different ways of describing a single, overriding issue of law and policy—a new way to concentrate an intellectual property industry. In this essay, I will argue for the critical importance of seeing the settlement all at once, rather than as a list of independent legal issues. After a brief overview of the settlement and its history (Part I), I will describe some of the more significant issues raised by objectors to the settlement, focusing on the trio of class action, copyright, and antitrust law (Part II). The settlement’s proponents have responded with colorable defenses to every one of these objections. My point in this Part is not to enter these important debates on one side or the other, but rather to show that the hunt to characterize the settlement has ranged far and wide across the legal landscape. Truly pinning down the settlement, however, will require tracing the connections between these different legal areas. I will argue (Part III) that the central truth of the settlement is that it uses an opt-out class action to bind copyright owners (including the owners of orphan works) to future uses of their books by a single defendant. This statement fuses class action, copyright, and antitrust concerns, as well as a few others. It shows that the settlement is, at heart, a vast concentration of power in Google’s hands, for good or for ill. The settlement is a classcopytrustliphant, and we must strive to see it all at once, in its entirety, in all its majestic and terrifying glory

Information Policy for the Library of Babel

The image of Borges\u27s Library of Babel, which contains all possible books, is haunting and suggestive. This essay asks what we would do if we were advising a Federal Library Commission on how to deal with the Library\u27s vast holdings and overwhelming disorganization. This thought exercise provides a set of sensible principles for information policy in an age of extreme informational abundance

Consenting to Computer Use

The federal Computer Fraud and Abuse Act (CFAA) makes it a crime to “access a computer without authorization or exceed authorized access.” Courts and commentators have struggled to explain what types of conduct by a computer user are “without authorization.” But this approach is backwards; authorization is not so much a question of what a computer user does, as it is a question of what a computer owner allows. In other words, authorization under the CFAA is an issue of consent, not conduct; to understand authorization, we need to understand consent. Building on Peter Westen’s taxonomy of consent, I argue that we should distinguish between the factual question of what uses a computer owner manifests her consent to and the legal question of what uses courts will deem her to have consented to. Doing so allows to distinguish the different kinds of questions presented by different kinds of CFAA cases, and to give clearer and more precise answers to all of them. Some cases require careful fact-finding about what reasonable computer users in the defendant’s position would have known about the owner’s expressed intentions; other cases require frank policy judgments about which kinds of unwanted uses should be considered serious enough to trigger the CFAA

Saving Facebook: A Response to Professor Freiwald

In this brief response to Professor Susan Freiwald\u27s thoughtful comments on my article Saving Facebook, I address three of Freiwald’s points, all of which go to the heart of my project. I justify my choice of Facebook, ask when user collective action can sufficiently protect privacy, and emphasize that these privacy issues are genuinely peer-to-peer