Suchergebnisse

A broad coalition, including companies formerly opposed to the enactment of privacy statutes, has now formed behind the idea of a national information privacy law. Among the benefits that proponents attribute to such a law is that it would harmonize the U.S. regulatory approach with that of the European Union (E.U.) and possibly minimize international regulatory conflicts about privacy. This essay argues, however, that it would be a mistake for the United States to enact a comprehensive or omnibus federal privacy law for the private sector that preempts sectoral privacy law. In a sectoral approach, a privacy statute regulates only a specific context of information use. An omnibus federal privacy law would be a dubious proposition because of its impact on experimentation in federal and state sectoral laws, and the consequences of ossification in the statute itself. In contrast to its skepticism about a federal omnibus statute, this essay views federal sectoral laws as a promising regulatory instrument. The critical question is the optimal nature of a dual federal-state system for information privacy law, and this essay analyzes three aspects of this topic. First, there are general circumstances under which federal sectoral consolidation of state law can bring benefits. Second, the choice between federal ceilings and floors is far from the only preemptive decision that regulators face. Finally, there are second-best solutions that become important should Congress choose to engage in broad sectoral preemption.

This Essay responds to Stephen Holmes' Jorde Lecture, which was delivered at Boalt Hall on November 5, 2007. It builds on his model of "public liberty" by discussing how private liberty, and information privacy in particular, is a precondition for public liberty. For Holmes, private liberty is largely a negative right—a right to be free from governmental interference. In contrast, this Essay considers privacy to be an element of public rights. Participation in a democracy requires individuals to have an underlying capacity for self-determination, which requires some personal privacy. Through the lens of the recent amendment of the Foreign Intelligence Surveillance Act (FISA), this Essay analyzes a number of Holmesian concepts through. Its Part I describes the background of FISA, the National Security Agency's (NSA) warrantless surveillance program in violation of this statute, and the amendments to this law in the Protect America Act of 2007, a short term statutory "fix" that has expired, and the FISA Amendments Act of 2008, which remains in effect. Its Part II turns to an analysis of the challenges to private and public liberty posed by the NSA's surveillance. This Part is organized around three topics: (1) past wisdom as codified in law; (2) the impact of secrecy on government behavior; and (3) institutional lessons. As we shall see, a Holmesian search for the wisdom previously collected in law proves quite difficult. FISA regulated some aspects of intelligence gathering and left the intelligence community entirely free to engage in others. Over time, moreover, technological innovations and altered national security concerns transformed the implications of the past policy landscape. As a result, the toughest questions, which concern surveillance of foreign-to-domestic communications, do not receive an easy answer from the past. Regarding the impact of secrecy on government behavior, the analysis is, at least initially, more straightforward. As Holmes discusses, the Bush administration was adept at keeping secrets not only from the public and other branches of government, but from itself. It is also striking how little Congress knew about NSA activities while amending FISA. The larger lessons, however, prove yet more complicated: strong structural and political factors are likely to limit the involvement of Congress and courts in this area. This Essay concludes by confronting these institutional lessons and evaluating elements of a response that would improve the government's performance by crafting new informational and deliberative structures for it.

Consider three questions. How would one decide if there was too much telecommunications surveillance in the United States, or too little? How would one know if law enforcement was using its surveillance capabilities in the most effective fashion? How would one assess the impact of this collection of information on civil liberties? In answering these questions, a necessary step, the logical first move, would be to examine existing data about governmental surveillance practices and their results. One would also need to examine and understand how the legal system generated these statistics about telecommunications surveillance. Ideally, the information structure would generate data sets that would allow the three questions posed above to be answered. Light might also be shed on other basic issues, such as whether or not the amount of telecommunications surveillance was increasing or decreasing. Such rational inquiry about telecommunications surveillance is, however, largely precluded by the haphazard and incomplete information that the government collects about it. This Article evaluates the main parts of telecommunications surveillance law and the statistics about their use. The critical statutory regulations are (1) the Wiretap Act, (2) the Pen Register Act, (3) the Stored Communications Act, and, for foreign intelligence, (4) the Foreign Intelligence Surveillance Act, and (5) the different provisions for National Security Letters (NSLs). Other parts of the surveillance landscape represent an even greater expanse of blank spaces on the legal map. There are a number of "semi-known unknowns" (to coin a phrase); these are kinds of telecommunications surveillance about which only limited public information exists - this surveillance also occurs outside a detailed legal framework. This Article concludes with the development of the concept of "privacy theater." Currently, the value of the collection of telecommunications statistics is largely ritualistic. It serves to create a myth of oversight. This Article proposes that we go beyond myth and re-dedicate ourselves to the task of creating a telecommunications surveillance law that minimizes the impact of surveillance on civil liberties and maximizes its effectiveness for law enforcement.

In this Article, Professor Schwartz depicts the widespread, silent collection of personal information in cyberspace. At present, it is impossible to know the fate of the personal data that one generates online. Professor Schwartz argues that this state of affairs degrades the health of a deliberative democracy; it cloaks in dark uncertainty the transmutation of Internet activity into personal information that will follow one into other areas and discourage civic participation. This situation also will have a negative impact on individual self- determination by deterring individuals from engaging in the necessary thinking out loud and deliberation with others upon which choice- making depends. In place of the existing privacy horror show on the Internet, Professor Schwartz seeks to develop multidimensional rules that set out fair information practices for personal data in cyberspace. The necessary rules must establish four requirements: (1) defined obliga- tions that limit the use of personal data; (2) transparent processing systems; (3) limited procedural and substantive rights; and (4) external oversight. Neither the market nor industry self-regulation are likely, however, to put these four practices in place. Under current conditions, a failure exists in the 'privacy market." Moreover, despite the Clinton Administration's endorsement of industry self-regulation, this method is an unlikely candidate for success. Industry self-regulation of privacy is a negotiation about "the rules of play" for the use of personal data. In deciding on these rules, industry is likely to be most interested in protecting its stream of revenues. Therefore, it will benefit if it develops norms that preserve the current status quo of maximum information disclosure. This Article advocates a legislative enactment of the four fair information practices. This legal expression of privacy norms is the best first step in promoting democratic deliberation and individual self-determination in cyberspace. It will further the attainment of ...