Wednesday, July 20, 2005

Youngest ID Theft Victim?

This AP story describes the identity theft of a 22-month old infant--and she wasn't just victimized once, but twice:

At 22 months old, [the toddler] is a little young to have her own phone. But her mother discovered her daughter's name listed in a phone book and soon realized an acquaintance had used the girl's Social Security number to set up the phone service.

It wasn't the first time the girl has been victimized by identity theft, her mother said.

Someone else using her name and Social Security number listed her on his tax return, claiming her as a dependent to get a larger tax refund, she said.

Posted by Daniel Solove on July 20, 2005 at 02:02 AM in Daniel Solove, Information and Technology | Permalink | Comments (0) | TrackBack

Tuesday, July 19, 2005

New Blog -- Supreme Court Extra

Supremectextra

A really interesting new blog has just appeared with many terrific law professor bloggers joining the blogosphere.  The blog is called Supreme Court Extra (hosted by ThinkProgress).  Here's a list of the law professor bloggers:

Samuel Bagenstos (Washington University)

Risa Goluboff (Virginia)

Oona A. Hathaway (Yale)

Brad Joondeph (Santa Clara)

Goodwin Liu (Berkeley)

Trevor Morrison (Cornell) (Trevor was previously a guest here at PrawfsBlawg)

Eduardo Penalver (Fordham)

Russell Robinson (UCLA)

Cristina Rodriguez (NYU)

Tim Wu (Virginia) (visiting Stanford)

For a complete list of bloggers at Supreme Court Extra, click here.   The recent addition of the Picker MobBlog which was born in June 2005, adds Randy Picker (Chicago), Doug Lichtman (Chicago), and Tim Wu (who is also at the Supreme Court Extra blog) to the blogosphere.   So without double-counting Wu, that's a total of 12 new law professor bloggers in the past two months. 

I guess I'll need to be updating the law professor blogger census soon.

Hat tip: Orin Kerr at the VC

Posted by Daniel Solove on July 19, 2005 at 01:42 PM in Blogging, Daniel Solove | Permalink | Comments (0) | TrackBack

Monday, July 18, 2005

FBI Surveillance of the ACLU and Greenpeace

Picture_fbi_logo_2 From the New York Times:

The Federal Bureau of Investigation has collected at least 3,500 pages of internal documents in the last several years on a handful of civil rights and antiwar protest groups in what the groups charge is an attempt to stifle political opposition to the Bush administration.

The F.B.I. has in its files 1,173 pages of internal documents on the American Civil Liberties Union, the leading critic of the Bush administration's antiterrorism policies, and 2,383 pages on Greenpeace, an environmental group that has led acts of civil disobedience in protest over the administration's policies, the Justice Department disclosed in a court filing this month in a federal court in Washington.

The filing came as part of a lawsuit under the Freedom of Information Act brought by the A.C.L.U. and other groups that maintain that the F.B.I. has engaged in a pattern of political surveillance against critics of the Bush administration. A smaller batch of documents already turned over by the government sheds light on the interest of F.B.I. counterterrorism officials in protests surrounding the Iraq war and last year's Republican National Convention.

F.B.I. and Justice Department officials declined to say what was in the A.C.L.U. and Greenpeace files, citing the pending lawsuit. But they stressed that as a matter of both policy and practice, they have not sought to monitor the political activities of any activist groups and that any intelligence-gathering activities related to political protests are intended to prevent disruptive and criminal activity at demonstrations, not to quell free speech. They said there might be an innocuous explanation for the large volume of files on the A.C.L.U. and Greenpeace, like preserving requests from or complaints about the groups in agency files.

Is there an innocuous explanation?  Maybe.  Maybe not.  The FBI's history sure isn't good when it comes to surveillance of political and civil liberties groups.  In its famous COINTELPRO investigations, the FBI routinely targed political dissenters.  As the famous Church Committee in Congress, led by Senator Frank Church, concluded in 1976:

The FBI’s COINTELPRO—counterintelligence program—was designed to “disrupt” groups and “neutralize” individuals deemed to be threats to domestic security.  The FBI resorted to counterintelligence tactics in part because its chief officials believed that existing law could not control the activities of certain dissident groups, and that court decisions had dtied the hands of the intelligence community.  Whatever opinion one holds about the policies of the targeted groups, many of the tactics employed by the FBI were indisputably degrading to a free society.

Many apologists for the FBI will rush to defend the FBI's files about the ACLU and Greenpeace.  Although it is too early to cast aspersions, there's a larger problem at work here.  If the information is innocuous, why the culture of secrecy?  Why not just come clean and explain why the data is being gathered?  More transparency is the answer.  If the government wants to work in secrecy, then I think it really shouldn't be justified in crying foul when others express concerns and assume the worst.  In other words, I think that government agencies have an onus to demonstrate to the American people why their actions are appropriate and justified, to set forth the relevant facts so that people can really trust the government.  With the unprecedented secrecy of the Bush Administration, and the typical secrecy of the FBI, one of the costs is that many people might assume the worst.  If the FBI doesn't like this . . . well . . . then it can be more forthcoming.    

Hat tip: Emergent Chaos

UPDATE: Orin Kerr at the VC has an interesting post arguing that the New York Times story reported that the documents were "on" the ACLU and Greenpeace rather than "referring to" these organizations.  Orin writes: "The ACLU didn't request just documents about the ACLU, or documents about monitoring the ACLU. Rather, it made an extremely broad request that asked the FBI to collect any documents in its possession that even just referred to the ACLU."  Orin has a point.  One of the FOIA requests was for "[a]ny records relating or referring to the Requestors."  This could include a wide array of documents, including legal pleadings.  Distortions such as these by the ACLU and the New York Times are troublesome.  In my post, I argued that the FBI's culture of secrecy and past history impacted its trustworthiness in a negative way.  Puffing up a story to make it seem more troublesome than it might be also impacts trustworthiness, too.  So the moral of the story is the same -- if you want to establish trust, give us more facts and less spin, be more open and honest.  I guess this advice needs to be heeded not just by the FBI, but also by the ACLU and the New York Times as well. 

Posted by Daniel Solove on July 18, 2005 at 12:49 PM in Daniel Solove, Information and Technology | Permalink | Comments (2) | TrackBack

Saturday, July 16, 2005

Democrats in Disarray

Dem1In a recent op-ed, my colleague Jonathan Turley (law, GW) points out that the Democratic leadership has been wildly inconsistent and ineffective on key issues:

As the White House comes closer to a nomination, the Democratic Senate appears in near-total disarray. Conflicting statements from Democratic leaders appear to be ferocious one day and fawning the next. What is clear is that there is a dangerous and growing disconnect between Democratic leaders and their base. . . .

Consider the filibuster proposals. The Democratic senators initially laid out a clear, principled position that they could not allow a vote on at least four of the pending appellate judges. While some of us did not agree with that position, we could at least understand it. Then the Democratic senators suggested that they would agree to allow the Republicans to have up-or-down votes on some of these candidates if the GOP agreed to bar some others. As part of this deal, they left it up to the Republicans to pick who would be confirmed and who would be rejected.

The Republicans rightfully called foul about such a crude head count. It was a position entirely divorced from principle. Then came the filibuster deal itself. Seven Democratic senators agreed to a proposal that protected the right of the filibuster while allowing some candidates to be confirmed. The result was a disaster for the Democrats. To this day, most people cannot figure out what the Democrats got from the deal. The four candidates that the Democrats had vowed to filibuster as the previously deemed "worst of the worst" were allowed to be confirmed. . . .

Senator Reid's announcement that he would support conservative stalwart Antonin Scalia for chief justice continues the confusion. . . .

After vehemently opposing Mr. Gonzales only recently for a political appointment, Mr. Reid was saying that he could support him for a lifetime appointment where he would interpret the law for the nation. Mr. Reid's position on Mr. Gonzales has led to a further erosion of credibility for the Democrats. For Democratic stalwarts, Mr. Gonzales appeared marginally pro-life but he also appeared strongly pro-torture. . . .

For now, the coming battle may be best described by that English bard as "full of sound and fury, signifying nothing."

For some time, the Democrats have been in quite a disarray. The Republicans control all branches of government and are about to get even more power when they appoint a new justice to the Supreme Court. The Democrats are still reeling.

The problem goes beyond these recent events. It goes to the basic strategy of the Democrats. What strategy you ask? Exactly . . . there really is no coherent strategy or plan.

The Democrats lack clear messages or unity. They cannot effectively communicate their ideas to many Americans despite the fact that many of their policies would benefit a large majority of Americans.

What needs to be done, I think, is for the Democrats to figure out what their core commitments are, articulate them clearly, and stick by them. Democrats need to unite behind these basic commitments and hold the line. They need to sell them to the American people . . . which is something they are not doing right now. Instead, the Democrats' only hope seems to be that the Republicans screw up or splinter apart.  The Democrats seem to be in such utter disarray that I really wonder whether there is much hope for the future of the party.

Posted by Daniel Solove on July 16, 2005 at 01:06 PM in Current Affairs, Daniel Solove, Law and Politics | Permalink | Comments (11) | TrackBack

Thursday, July 14, 2005

Fun With Credit Card Signatures

This has been around for a while, but I think that these attempts at credit card signature humor are absolutely hilarious.  See here and here.   This is what the person attempted:

Credit card signatures are a useless mechanism designed to make you feel safe, like airport security checks. So my question was, how crazy would I have to make my signature before someone would actually notice?

The answer -- there was virtually no limit to how crazy the signatures could get . . . until finally the person went too far.   To find out what it took to move from signing across the line to crossing the line, check out the links. I've included a few pictures from the experiment. 

Creditcard2 Creditcard4Creditcard5

Posted by Daniel Solove on July 14, 2005 at 01:44 AM in Daniel Solove, Information and Technology | Permalink | Comments (2) | TrackBack

The RFID Tag You Carry With You

Picture_cell_phone_gps_tracking_1There's been a lot of talk about RFID tags, which can now be implanted in humans or placed in objects people wear, such as clothing or jewelry.  RFID tags emit a signal that can be read by a reader.  The signal indicates an identification number, allowing people or items to be readily identified.   RFID tags have been around for some time, but the technology has become cheaper and smaller, thus increasing interest in their use.  For example, you might have heard last summer about Mexico's attorney general who had all 160 members of his staff implant RFID chips into their arms. 

Currently, the signal emitted by RFID is not very strong.  For implantable tags, you'd have to touch the reader to the skin to read the tag.   There have been many discussions of the potential dangers of RFID tags, especially when the technology develops to improve the range of the signal they emit.  The tags might be used to track people's movements.

Actually, many of us are already wearing an RFID device of sorts -- our cell phones.   Consider the following from a recent CS Monitor article:

Just as with GPS or TV, multiple wi-fi signals can be used to determine a location, Mr. Morgan says. "Every positioning system uses the same concept, that if you have three or more reference points, you can use math to figure out where you are."

This nifty diagram illustrates how it works.  So RFID technology that can track our whereabouts is already here -- our cell phones.   

Posted by Daniel Solove on July 14, 2005 at 01:17 AM in Daniel Solove, Information and Technology | Permalink | Comments (4) | TrackBack

Monday, July 11, 2005

The Growing Power of Blogs

From Reuters comes this story on the growing influence of blogs and their potential role in the Supreme Court nomination process:

Political groups preparing to battle over the first U.S. Supreme Court nomination in 11 years have a powerful new tool -- Internet blogs -- to spread information quickly and influence decision makers without relying on traditional media.

Web logs likely numbering in the dozens provide a way for the thoughtful and the passionate to publish their views. Politicians are taking notice as they prepare for the first high court nomination fight since the Internet became common in American households. . . .

"A key part of our strategy is reaching out to the Internet community," said Jim Manley, spokesman for Senate Democratic leader Harry Reid of Nevada.

Blogs and similar forums have been around since the early days of the Internet, but only in the last year have they begun to have an impact on public opinion and lawmakers, congressional staffers and bloggers said.

A recent study by the Pew Internet and American Life Project said that 7 percent of the 120 million U.S. adults who use the Internet have created a blog or web-based diary.

Reid and other political leaders now hold conferences with bloggers in the same way they meet with traditional press.

"I think they are instrumental in getting information out and deconstructing spin," said Eric Ueland, chief of staff to Senate Majority Leader Bill Frist, a Tennessee Republican.

"They are much defter and swifter than the mainstream media," he said, adding that blogs are also "very clear in their philosophical and ideological leanings." . . .

The story also mentions SCOTUSblog, where my Balkinization co-blogger Mary Lederman also blogs:

Tom Goldstein said researchers at his Washington law firm Goldstein and Howe already are poring over the background and court decisions of potential nominees. His firm's blogs at http:/www.scotusblog.com and http:/www.sctnomination.com/blog strive to be non-partisan, but will offer opinions on how a candidate may decide important cases, he said.

Posted by Daniel Solove on July 11, 2005 at 03:42 PM in Blogging, Daniel Solove | Permalink | Comments (0) | TrackBack

Making the Constitution Easier to Amend

Constitution2I just posted my thoughts at Balkinization on why it would be a good idea to make the Constitution easier to amend.  Here's a clip from my argument:

I think that the best solution is to make the Constitution easier to amend. If the Court decides something the People don’t like, then they can amend the Constitution. Because the Constitution is so hard to amend, there’s a sense of paralysis when the Court issues a decision. Roe v. Wade launched a battle over the Court, and the focus has been on appointing justices who would uphold or overturn Roe. But if the Constitution were easier to amend, maybe the battle would be fought without the Court always in the balance.

Those interested in reading more (I have a lot more to say about this) can check out the extended argument over at Balkinization. 

Posted by Daniel Solove on July 11, 2005 at 01:50 AM in Constitutional thoughts, Daniel Solove | Permalink | Comments (3) | TrackBack

The Privacy Act, Data of Milking, and the Milking of Data

Milk2Over at choof.org, my friend Chris Hoofnagle (Director, Electronic Privacy Information Center West Coast Office) points out a rather unusual new government database consisting of lactating mothers participating in the “Workplace Lactation Program.”  This database is regulated by the Privacy Act of 1974, which requires that the government provide notice in the Federal Register about its plans for the database and how the data will be used.  According to the notice, the data will include the “[p]articipant's name, employing office and office symbol, work and home telephone numbers, signed agreement forms, dates and times of lactation room use, and physician's approval slips and forms (if applicable).”

Hoofnagle writes:

One major problem in the Privacy Act area is that agencies use the "routine use" exception to allow information sharing. The idea is that the Privacy Act shouldn't prohibit ordinary use of data in government database, which on its face is reasonable. But the agencies have abused the exception, and now assert a series of "routine uses" over every database.

In this case, DOD has applied its "Blanket Routine Uses" to the lactation database. This means that information from the lactation database can be transferred to others for the following reasons:

· Law enforcement.
· To other agencies when DOD requesting information in order to engage in hiring and firing decisions.
· To other agencies when requested for a variety of government decision making.
· To Congress in response to Member inquiries.
· To foreign law enforcement.
· To state and local taxing authorities.
· To the Office of Personnel Management for pay, leave, and benefits administration.
· To the Department of Justice for litigation.
· To military banking facilities.
· To the General Services Administration for records management inspections.
· To the National Archives and Records Administration.
· To the Merit Systems Protection Board.
· To almost any entity for national security purposes.

This example demonstrates just how ridiculous the use of data in government has become.  Why the need to share this data in all these ways?  Does the government really need to reserve so many potential uses of the milk data?  This is an illustration of how the Privacy Act, designed to provide limits on how the government can collect, use, and share personal data, is not working very well.  There must be better limits on how the government can use the data it milks and milk the data it has. 

Another problem with the Privacy Act is that it has failed to limit the use of Social Security numbers.  Restricting the increasing use of Social Security numbers was one of the primary reasons for the passage of the Privacy Act.  The Act sure hasn’t worked.  The reason is because although the Privacy Act originally would have restricted the private sector use of Social Security numbers, this part was cut from the final version.   Now virtually every business and organization under the sun will squeeze people for their Social Security numbers, and companies can trade and sell them.  Sometimes spilt milk is worth crying over.      

In short, in many respects, the Privacy Act is quite close to a paper tiger . . . or perhaps, more aptly put, an empty milk carton. 

Posted by Daniel Solove on July 11, 2005 at 12:12 AM in Daniel Solove, Information and Technology | Permalink | Comments (0) | TrackBack

Saturday, July 09, 2005

More Job Talk Advice

Orin’s post has some great job talk advice.  Here’s my two cents.  The key to a good job talk is to advance one idea in a clear and interesting way and then lead an intellectually engaging conversation about it. Some tips:

1. Choose a topic that your audience can talk about.  If you pick an esoteric topic that nobody is interested in or nobody can debate, then people leave the job talk unexcited.   I’ve seen some job talks where a candidate talks about a technical subject that few in the audience can really discuss.  The result is that the discussion is flat, even though the job talk may have been very accurate and thoughtful.  The key is that there must be something that provokes a discussion.  You don’t want everyone readily agreeing with you or lacking the ability to challenge your claims.  Think of your job talk in terms of leading an interesting discussion. 

2. Don’t try to deal with every issue in the talk.  If there are some objections or responses to your thesis that you anticipate, let them come out in the discussion.  As Orin correctly says, it’s the discussion that counts.  In many cases, it is better to let the faculty raise the objection and you respond to it than to try to weakly preemptively address it in the talk. Remember, you don’t need to do everything in the initial 20 minutes.  The talk should just set up the discussion. 

3. Have an idea.  Many job talks don’t really have much of an idea.  Or they have an idea, but it is so muddled or unclear that people have a hard time figuring out what it is.  At the end of your 20 minutes of setting forth your idea, everybody in the room should be able to know what your thesis is. 

4. Don’t pretend that you have all the answers when you don’t.  Nobody expects you to be able to have a quick retort for every objection or an answer to every question.  What people expect is that you can intelligently grapple with objections and questions.  The goal is not winning every point – you’re not doing an oral argument.  So don’t get overly defensive or combative.  Instead, the goal is to demonstrate that you’re capable of engaging in a smart intellectual conversation.  If there’s a tricky issue that you’re not quite sure how to handle, say this, and then explain both sides of it to demonstrate that you have indeed thought about it carefully, and that while you might not be 100% certain of your approach to it, you clearly understand where all the potential problems with your position are.  There are many job talks where I agreed with the thesis but found the candidate not to be thoughtful or interesting enough.  So you can win the argument, but lose the job.  And your primary goal is not to win the argument; it’s to convince the faculty that you’re smart and thoughtful. 

5. Choose a topic where you know the law and issues inside and out.  You want the job talk to be on your turf.  You’re leading the discussion.  Although the topic should be accessible to all, you must know what you’re talking about.  Many a candidate has faltered by not knowing a key case or a key article in a field. 

 

At the end of the job talk, the faculty should walk out of the room thinking: (1) I had a great hour; this was fascinating stuff to think about; (2) the candidate had an interesting idea; (3) the candidate could speak in a clear and articulate manner that was engaging; (4) the candidate was respectful of the questioners; (5) the candidate was able to respond intelligently and thoughtfully to the comments and questions; (6) this candidate is the kind of person that I’d like to talk with more and that I’d like to have commenting on my scholarship. 

Posted by Daniel Solove on July 9, 2005 at 02:34 PM in Daniel Solove, Life of Law Schools | Permalink | Comments (2) | TrackBack

Friday, July 08, 2005

Peddling Your Numbers: Data Brokers and Cell Phone Records

Cellphone An article in today’s Washington Post by Jonathan Krim discusses a really disturbing new market of personal data – the numbers people dial on their cell phones.  Here’s an excerpt of the article:

. . . [P]hone records are a part of the sea of personal data routinely bought and sold online in an Internet-driven, I-can-find-out-anything-about-you world. Legal experts say many of the methods for acquiring such information are illegal, but they receive scant attention from authorities.

Think your mate is cheating? For $110, Locatecell.com will provide you with the outgoing calls from his or her cell phone for the last billing cycle, up to 100 calls. All you need to supply is the name, address and the number for the phone you want to trace. Order online, and get results within hours. . . .

Learning who someone talked to on the phone cannot enable the kind of financial fraud made easier when a Social Security or credit card number is purloined. Instead, privacy advocates say, the intrusion is more personal.

"This is a person's associations," said Daniel J. Solove, a George Washington University Law School professor who specializes in privacy issues. "Who their physicians are, are they seeing a psychiatrist, companies they do business with . . . it's a real wealth of data to find out the people that a person interacts with." . . . .

How pervasive is the problem? According to the article:

"There are probably 100 such sites" known to security officials at Verizon Wireless that offer to sell phone records, said Jeffrey Nelson, a company spokesman, who said Verizon is always trying to respond to abusive practices. He said that the company views all such activity as illegal. . . .

Cell phone records are kept by telephone companies, which must keep that information private.  So how are the data brokers getting a hold of it?  According to the article, the cell phone data is typically obtained by (1) getting it from an insider at the phone company; (2) “pretexting,” which involves tricking the phone company into releasing the information; and (3) obtaining it via customer accounts online.  The article explains this third technique:

Telephone companies, like other service firms, are encouraging their customers to manage their accounts over the Internet. Typically, the online capability is set up in advance, waiting to be activated by the customer. But many customers never do.

If the person seeking the records can figure out how to activate online account management in the name of a real customer before that customer does, the call records are there for the taking.

These tactics are all illegal. The FTC, however, has not done anything to crack down on the practice. According to the Washington Post article, an official at the FTC states that “the agency has never taken such a case to court and does not know how widespread the problem is. He said the FTC must focus its resources on the practices of data thieves that can cause the most damage to large numbers of consumers, such as financial fraud.”  Chris Hoofnagle of the Electronic Privacy Information Center, has just filed a complaint with the FTC about these practices. 

These events are a further demonstration that the FTC is not doing a sufficient enough job at protecting consumer privacy.  Earlier this year, a litany of data leaks were announced, involving the personal information of millions of people.  All this happened on the FTC’s watch.  There are a few reasons that can explain why the FTC is having such a difficult time enforcing privacy.  First, it was not originally designed to do the job.  It became involved with privacy issues in the mid 1990s because the United States had no agency to address privacy issues.  But privacy enforcement is just one of the many things the FTC does.  Second, the FTC sometimes lacks the legal firepower to do very much.  There are many gaps in federal privacy law that are exploited.   The FTC has limited authority over many privacy issues.   (It would, however, seemingly have authority over these illicit and deceptive practices by which cell phone numbers are obtained.) Third, the FTC is only so big, and it is overburdened with things to do. 

Congress needs to give the FTC the power and resources to deal with privacy, or else Congress should create a new agency with this focus and authority.  The current situation is simply untenable, with illegally-obtained cell phone data being brazenly sold over the Internet while the FTC sits idly by.

Posted by Daniel Solove on July 8, 2005 at 01:42 AM in Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Thursday, July 07, 2005

Blog Post --> Wash Post

Dogpoopgirl_2 I’m excited to report that one of my blog posts has become the basis of a newspaper article in the Washington Post.  The blog post, Of Privacy and Poop: Norm Enforcement Via the Blogosphere, concerns the story of a woman who was riding the subway in Korea.  She had a little dog, and it pooped on the train.  She didn’t clean it up.  A passenger snapped a digital picture of the rude woman and posted it on the Internet.  Across the blogosphere in Korea, the woman was written about and scolded; she became known as the "dog shit girl."  At Balkinization, while I was on leave from PrawfsBlawg, I wrote about the troubling implications of this form of mob justice in cyberspace.  Kaimi Wegner and Marcy Peek also wrote very interesting posts about it here at PrawfsBlawg.   

The other day, after being interviewed by Jonathan Krim at the Washington Post on another privacy story, we got to talking about blogging.   I told him about the dog poop girl story and sent him a link to my blog post.  And today, he wrote a Washington Post article about it.  Usually stories begin in the mainstream media and are then blogged about, but the direction is beginning to run both ways, as this mainstream media story was inspired by a blog post.  Anyway, I think it’s really neat. 

Posted by Daniel Solove on July 7, 2005 at 10:36 AM in Blogging, Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Wednesday, July 06, 2005

"Activist" Conservative Justices

Court_1 Jack Balkin has an insightful post discussing a fascinating NYT op-ed by Paul Gewirtz and Chad Golder on so-called judicial "activism" by the Supreme Court.  I was about to post on the op-ed myself, but Balkin beat me to the punch.  I am very skeptical of the term "activism."  It has so many different meanings that it is difficult to catalog them all.  In the end, the term "activism" is merely an epithet for justices or judges whose opinions one disagrees with.  That said, one way to define "activism" is to see how frequently a justice votes to strike down Congressional legislation.  Here's what Gewirtz and Golder write:

Declaring an act of Congress unconstitutional is the boldest thing a judge can do. That's because Congress, as an elected legislative body representing the entire nation, makes decisions that can be presumed to possess a high degree of democratic legitimacy. In an 1867 decision, the Supreme Court itself described striking down Congressional legislation as an act "of great delicacy, and only to be performed where the repugnancy is clear." Until 1991, the court struck down an average of one Congressional statute every two years. Between 1791 (the court's founding) and 1858, only two such invalidations occurred. . . .

Since the Supreme Court assumed its current composition in 1994, by our count it has upheld or struck down 64 Congressional provisions. That legislation has concerned Social Security, church and state, and campaign finance, among many other issues. We examined the court's decisions in these cases and looked at how each justice voted, regardless of whether he or she concurred with the majority or dissented.

We found that justices vary widely in their inclination to strike down Congressional laws. Justice Clarence Thomas, appointed by President George H. W. Bush, was the most inclined, voting to invalidate 65.63 percent of those laws; Justice Stephen Breyer, appointed by President Bill Clinton, was the least, voting to invalidate 28.13 percent. . . .

Gewirtz and Golder conclude:

One conclusion our data suggests is that those justices often considered more "liberal" - Justices Breyer, Ruth Bader Ginsburg, David Souter and John Paul Stevens - vote least frequently to overturn Congressional statutes, while those often labeled "conservative" vote more frequently to do so. At least by this measure (others are possible, of course), the latter group is the most activist.

Jack Balkin adds some terrific insights in his post.  Here's some of what Balkin has to say about the op-ed:

Gewirtz and Golder don't talk about judicial decisions that strike down state laws. That is because they argue that Congress, as the national legislature, has the greatest democratic legitimacy. But that begs the key question that still separates many liberals from many conservatives: federalism. For many conservatives, state decisionmaking is an independent constitutional good, and they prefer to have lots of issues decided differently in different states. So the fact that the more conservative Justices strike down lots of laws at the national level that impinge on the states does not suggest that they lack respect for democracy. Rather, it bespeaks a disagreement about what democracy means. It's not about the activism. It's the federalism, stupid.

That sounds like a pretty good rejoinder until you realize that the conservative judges on the U.S. Supreme Court tend to be fair weather federalists, and when an issue comes around that they really care about, they don't defer to state legislatures much either these days. The recent Kelo case is a good example; The liberal Justices preached judicial deference to local authorities and argued that legislatures could provide the best solution to the problem of overreaching by business interests. The more conservative Justices argued that courts should not defer and that there should be a single, nationwide rule prohibiting taking private property for economic development. So much for laboratories of state government. And don't get me started on Bush v. Gore.

Indeed, it would be well worth running the numbers on state cases since 1994. My guess is that you would find a more complicated story, with liberals striking down their share of laws, but with conservatives getting in their licks too. For example, liberals have voted to strike down laws involving regulation of abortion and homosexuality. On the other hand, they consistently voted to uphold state affirmative action programs and, as the recent Kelo case demonstrates, they have been quite reluctant to use judicial review in takings clause challenges. Conservatives have been on the other side; while decrying the use of the Due Process clause to protect abortion and homosexuality, they have wielded the Takings Clause with a vengeance, and used the Free Exercise Clause and the Free Speech Clauses-- liberally, we might say-- to protect religious groups, advertisers and campaign contributors. Conservatives also discovered how truly useful the Equal Protection Clause could be in attacking affirmative action programs and minority-majority districting.

Balkin concludes by observing:

At the end of the day, Gewirtz and Golder have shown only what everyone should already have known: that depending on how you define activism, different judges turn out to be activists or apostles of judicial restraint. All this suggests that we should focus on who has the better interpretation of the Constitution, rather than on who is an "activist."

Agreed.  100%. 

Posted by Daniel Solove on July 6, 2005 at 11:02 AM in Constitutional thoughts, Daniel Solove | Permalink | Comments (4) | TrackBack

Journalist Privilege and the Valerie Plame Case

Coopermiller Over at Balkinization, you might be interested in reading my post about the grand jury subpoena for the names of the White House officials who leaked Valerie Plame’s identity, outing her as a CIA agent in retaliation for her husband’s critique of Bush’s claims about weapons of mass destruction in Iraq.  Three journalists are involved – Matthew Cooper (Time Magazine), Judith Miller (New York Times), and Robert Novak (obnoxious pundit).  Actually, the subpoena only involves Cooper and Miller; for some reason that has yet to be stated, Novak is not facing any pressure to divulge the sources.  Cooper and Miller refused to divulge their sources; the court rejected their claim for journalist privilege; and the Supreme Court denied cert.  I argue that the rejection of their journalist privilege claim was correct as a matter of doctrine.  As a matter of policy, I take on Geoffrey Stone’s views about the appropriate scope of the privilege.  I argue that it should be broader than what Stone proposes, but that even under this broader version of the privilege, Cooper and Miller should still lose.  Also check out Dan Markel's post discussing my argument here      

Posted by Daniel Solove on July 6, 2005 at 12:10 AM in Constitutional thoughts, Daniel Solove | Permalink | Comments (0) | TrackBack

I’m Back With the Turkeys, Baby!

Yep, like it or not, I’m back, ready to clutter up PrawfsBlawg on a more permanent basis with my graffiti blog posts.   During the brief time I was unplugged from PrawfsBlawg, I was invited to Balkinization, so I only lasted a few days without blogging.  Balkinization has long been must-reading for me, so it is great to be a part of it.  I thoroughly recommend you spend some time there.

My current plan is to continue on at both PrawfsBlawg and Balkinization.  I will cross-post sometimes but will also deliver exclusive content to both blogs.  I haven’t figured out a grand system yet, so bear with me.  The bottom line is that I now have two places in the blogosphere where I can hang out, and both are terrific.   

With regards to PrawfsBlawg, I’m delighted to be back.  I’ve been teaching for about five years, which makes me perhaps not quite a “legal turkey” as this blog self-describes its bloggers.   Maybe a kind of grandfather turkey, as it is only here where my short stint in legal academia could make me the grizzled veteran of the bunch.  My fellow co-bloggers are really smart, interesting, and energetic, and the readers regularly post incisive comments, making PrawfsBlawg a wonderful place to be blogging these days.  So it’s a pleasure to join in with these turkeys on this blog, and I’ll just hope that Thanksgiving never arrives! 

Posted by Daniel Solove on July 6, 2005 at 12:01 AM in Daniel Solove, Housekeeping | Permalink | Comments (0) | TrackBack

Friday, June 24, 2005

Thanks and Goodbye

My visit at PrawfsBlawg has run well past my planned short stint.  I want to thank the folks at PrawfsBlawg for having me stop by and visit.  When I began guest blogging at PrawfsBlawg, I wasn’t sure about whether I’d take to blogging.  I had three unresolved questions: (1) Would I be any good at it? (2) Could I add blogging to my already busy life without throwing everything out of balance? (3) Would I enjoy it? 

Well, the first question I can’t really answer in an unbiased way.  I hope you’ve enjoyed some of my posts -- or at least been provoked into a good discussion by them.  As for the second question, the answer is “no” – blogging consumes hours of time, and it's taking years off my life for sure.  But the answer to the third question is an emphatic “yes.”  I’ve become addicted to blogging.  So regardless of whether I’m any good at it or whether it's lethal, this means that I’ll probably continue on with blogging.  I’m hooked.  So look for me in the blogosphere sometime soon.

Posted by Daniel Solove on June 24, 2005 at 02:08 AM in Daniel Solove, Housekeeping | Permalink | Comments (3) | TrackBack

They're At It Again: Pentagon Student Database

MilitaryWhen the Total Information Awareness program came to light in late 2002, the Defense Department learned the hard way that people weren't very happy that the government was planning to gather their data into a gigantic database.   Congress denied funding to the program in 2003 after a vigorous public outcry. 

But the government doesn't really learn.  A recent story in the Washington Post notes:

The Defense Department began working yesterday with a private marketing firm to create a database of high school students ages 16 to 18 and all college students to help the military identify potential recruits in a time of dwindling enlistment in some branches.

The program is provoking a furor among privacy advocates. The new database will include personal information including birth dates, Social Security numbers, e-mail addresses, grade-point averages, ethnicity and what subjects the students are studying.

The data will be managed by BeNow Inc. of Wakefield, Mass., one of many marketing firms that use computers to analyze large amounts of data to target potential customers based on their personal profiles and habits. . . .

The system also gives the Pentagon the right, without notifying citizens, to share the data for numerous uses outside the military, including with law enforcement, state tax authorities and Congress.

Posted by Daniel Solove on June 24, 2005 at 01:40 AM in Daniel Solove, Information and Technology | Permalink | Comments (0) | TrackBack

Thursday, June 23, 2005

An End to Party Politics?

Politicalparties1_2Are we about to enter into a brave new world beyond political parties as we know them?  According to Gary Hart, that’s where we’re headed.  He writes:

Out of power, the watchword among Democrats, and many independents, is: "I don't know what the Democrats stands for." That's because the Party's old coalition -- traditional liberals, labor, minorities, women, environmentalists, and internationalists -- is in the process of disappearing and a new one has yet to be formed. . . .

But many traditional Republicans don't know what their Party stands for either. It used to stand for balanced budgets, resistance to foreign entanglement, laissez faire economics, smaller government, and individual freedom. Not any more. That old coalition has disappeared as well. The new Republican Party stands for big government, huge deficits, pre-emptive warfare, massive nation-building, neo-imperialism in the Middle East, intrusion on your privacy, and a semi-official state religion dictated by fundamentalist ministers. . . .

Over and beyond this traditional party-based struggle for power is the greater tsunami overtaking the very nature of partisan politics itself. The old party structures are becoming obsolete. The prize of future power will go to the next Machiavelli, the next Montesquieu, the next Bismarck, the next Jefferson who both appreciates, before all others, that we are in a totally new political age, an age beyond traditional political parties, and then creates the next political paradigm.

Hart is right, I think, that the political parties are increasingly a fusion of different coalitions that are becoming increasingly difficult to hold together in a cohesive way.  But I doubt that we’re about to enter into “an age beyond traditional political parties.”  My guess is that the parties will simply realign, as has happened throughout history. 

I am much more persuaded by a Washington Post Magazine (July 25, 2004) article by David Von Drehle:

Once upon a time in America, there was a political party that believed in a strong central government, high taxes and bold public works projects. This party was popular on the college campuses of New England and was the overwhelming choice of African American voters.

It was the Republican Party.

The Republicans got started as a counterweight to the other party: the party of low taxes and limited government, the party suspicious of Eastern elites, the party that thought Washington should butt out of the affairs of private property owners.

The Democrats. . . .

Von Drehle surmises that political parties tend to fall apart when they reach the pinnacle of their power:

From the very beginning, whenever one party has gotten strong enough to start passing horrible laws such as the Alien and Sedition Acts, it has crumbled soon thereafter. Empowered, the parties overreach. Or members let some element of the party push its dogmas to the extreme, thus driving away moderate supporters. Or they calcify and then find themselves unable to deal with emerging problems. Something happens, and the pendulum swings. This happened to the Federalists. Years later, outrage at the tyrannical airs of the populist strongman Andrew Jackson split Jefferson's party into two camps -- the Jackson Democrats vs. the Whigs of Henry Clay -- and left it unable to cope with the issue of slavery. Then the Republicans had a heyday after winning the Civil War, but they, too, soon got to infighting. More recently, the Democrats deflated like a leaking dirigible after Franklin D. Roosevelt.

In other words, there is something about our parties, some power-sensitive self-destruct button lodged deep in the machinery, that keeps them from getting too big. . . .

But rarely do the parties just evaporate; they realign and reinvent themselves like Madonna.  This part of the article is worth quoting in depth:

LINCOLN'S REPUBLICANS were just six years old, having formed in 1854 from the husk of the Whig Party. . . .

The Republicans married Hamiltonism to abolitionism for a 100 percent big-government platform. They believed in the national union over states' rights. They believed in government programs to organize and develop the conquered frontier. Even as Lincoln waged war on the rebellious Confederacy, he signed some of the most important public works and infrastructure legislation in U.S. history, all passed by the Republican Congress -- laws authorizing the transcontinental railroad and granting the right of way; the Homestead Act to encourage settlement of the empty prairies; a program to educate those settlers at land-grant colleges; and so on.

This new party supported high taxes to pay for its ambitious agenda. The GOP passed the first federal income tax, a temporary levy to pay for the Civil War. And it supported high tariffs on imported goods. The agenda made sense in the context of Hamilton's vision of the United States as a great industrial and financial power. From the beginning, U.S. economic potential was awesome, but for its first century, that potential was still taking shape. U.S. businesses needed government aid and protection from the stronger economies of Britain and Europe. They needed a national banking system. They needed a transportation network. They needed protective tariffs to keep domestic markets from being flooded with low-cost, high-quality foreign goods.

At first, the Republican coalition produced success upon success. The Union was preserved, the slaves were freed, the oceans were linked by the iron rails of progress. The United States enjoyed a burst of economic activity unmatched anywhere in the world, personified not just by Rockefeller, Carnegie and Morgan, but also by Post and Kellogg, Borden and Hershey, Heinz and Campbell, Sears and Woolworth. The consumer economy was born.

But just as the Jeffersonian westward expansion sharpened the slave question, this Hamiltonian burst of government-sponsored development changed the American agenda, and with it the balance of interests in the Republican Party. For example, the bloody toll of the Civil War and the chaotic muddle of Reconstruction revived anti-government, states-rights sentiments in the North, thus strengthening the Democrats.

More important, U.S. business had become a colossus. In fact, it was so powerful that some of the same people who had supported government protection of American business now started to believe that the government should protect people from American business. One of them, Theodore Roosevelt, became president in 1901 upon the assassination of William McKinley, and over the next 11 years, Roosevelt split the Republican Party. He continued to see big government as a force for national progress, thus alienating those in the GOP coalition whose main commitment was to big business.

In 1908, after his trust-busting, canal-building, federal-land-conserving presidency, Roosevelt turned the White House over to his friend William H. Taft. But T.R. came to feel that Taft was returning the party to the plutocrats, and after four years of uneasy retirement, he returned to challenge Taft in 1912. Forced to choose between them, the Republicans took the more conservative path. They nominated Taft.

"In its essence, 1912 introduced a conflict between progressive idealism . . . and conservative values," wrote James Chace in his recent history of that election. "The broken friendship between Taft and Roosevelt inflicted wounds on the Republican Party that have never been healed."

This rift paved the way for Democrats to grab the mantle of progressivism. It was, after all, high time for the Democrats to reinvent themselves. The Jeffersonian ideal of the yeoman farmer was vanishing in the din and bustle of the urban and industrial future. So the party found a new future in the cities, among the working people. . . .

When the Great Depression hit, the Republicans were a disaster, and Democrats regained the upper hand in U.S. politics. Now the parties had crumbled and reformed themselves to such an extent that they had almost entirely swapped coalitions.

The New Deal Democrats of 1932 chose from the menu of enduring American either/ors: big government, high taxes, populist, frisky and French. But the trauma of the Depression was so intense that Franklin Roosevelt was to able to bring both Northern and Southern voters into the same coalition -- under an anti-big business banner. He was able to hold progressives and fundamentalists in a single uneasy alliance by delivering the balm of government assistance. FDR gave working people the right to unionize and to have unemployment insurance and worker's compensation. But he also managed to hold on to moderate business leaders by saying he was saving them from the far worse fate of socialism. No president ever enjoyed more or stranger bedfellows. . . .

. . . [O]nce the crises of the 1930s and 1940s were past, the country found itself face-to-face with the long-festering issue of racial discrimination. Without the Depression or war to hold the Democrats together, it was no longer possible to accommodate both segregationists and liberals. In 1948, the young mayor of Minneapolis, Hubert Humphrey, grabbed the Democratic convention and tugged it to embrace civil rights. When that happened, an angry group of Southern Democrats bolted from the party and nominated South Carolina's governor, Strom Thurmond, to run for president as a protest.

The complete breakup of the New Deal coalition took time, but by 1964, Thurmond had left the Democratic Party altogether, and over the next 20 years, millions of Southerners followed him. Segregation died, thankfully, as a legitimate issue, but resentment of Washington, D.C., endured. When Republican Ronald Reagan came along in the 1980s, preaching that "government is not a solution to our problem, government is the problem," he achieved an electoral college landslide to match FDR's victory in 1936. Old Dixie was transformed into a stronghold for the party of Lincoln. . . .

AFTER TWO CENTURIES of assembling coalitions, watching them split, then scrambling after the pieces like children under a pinata, our parties have arrived at this moment topsy-turvy. The Republicans have morphed into the party of low taxes and limited government, the party of Reagan, pushing an agenda that is conservative both fiscally and morally -- low tax and very prim -- but more assertive internationally than at many times in its past. . . .

Will we, according to Von Drehle, have multiple parties or an age beyond political parties as Hart suggests?  His answer:

When our two major parties engage in their periodic undoing, why don't they disperse their constituencies like dandelion seeds? . . . .

. . . . Because we are Americans. Charles de Gaulle once asked why anyone could think France would unite behind a single party when the country has 200 varieties of cheese. In the United States, things are simpler. We've given the world just two varieties of cheese: the kind with individually wrapped slices and the kind where the slices stick together. We're binary people: Coke vs. Pepsi, boxers vs. briefs, Ruben Studdard vs. Clay Aiken.

This either/or outlook has significantly shaped our politics. The most obvious example is North vs. South. We fought our bloodiest war over this one, and it is still with us, in important ways. But there are others: big government vs. small government, high taxes vs. low taxes, city vs. country, big business vs. populist. . . .

I wonder what the future holds and whether we're in for a major shake-up with our political parties.  I wonder if that time is near.  Both Hart and Von Drehle seem to think it is. 

Posted by Daniel Solove on June 23, 2005 at 03:04 AM in Daniel Solove, Law and Politics | Permalink | Comments (3) | TrackBack

Josef K. – Justice Denied. Again.

Picture_kafka_drawing Judge Alex Kozinski and his law clerk, Alexander Volokh recently published an opinion by a panel on U.S. Court of Appeals for the 9th Circuit in a law review article.  The article is called The Appeal, 103 Mich. L. Rev. 1391 (2005).  The judges on the panel were Judges Alex K., Bucephalus, and Godot.  No reason is given for the inexplicable delay, as the case was argued and submitted in 1926 but not decided until 2005.  And no reason is given why the opinion was published in the Michigan Law Review rather than in the Federal Reporter.  Shame on the panel!

The opinion begins:

The late Josef K., a thirty‑something male, claims that "[s]omeone must have slandered [him], for one morning, without having done anything truly wrong, he was arrested." T.R. 3.

The procedural history of this case is complicated and patchy, but what is clear is that, after being rude to his arresting officers, appellant came late to his initial interrogation and disrupted the proceedings. He refused to attend further interrogations, submitted no evidence or brief in his defense and repeatedly accused judicial authorities of corruption and incompetence.

He was apparently convicted, though the conviction does not appear in the record. On the eve of his thirty‑first birthday, K. was taken to a quarry by two guards and executed. "With failing sight K. saw how the men drew near his face, leaning cheek‑to‑cheek to observe the verdict. 'Like a dog!' he said; it seemed as though the shame was to outlive him." T.R. 231. As it has.

K. appeals, alleging unlawful arrest, inadequate notice, due process violations, systemic corruption, ineffective assistance of counsel and actual innocence. We affirm. . . .

The panel denied K.’s claims regarding his arrest:

Even though he was under arrest, K. was still allowed to "carry[] on [his] profession" and was not "hindered in the course of [his] ordinary life." T.R. 17. [FN5] Also, K. admitted that the arrest "ma[de him] laugh," T.R. 47, and that, to the extent the incident tended to "spread the news of [his] arrest [and] damage [his] public reputation, and in particular to undermine [his] position at the bank," "none of this met with the slightest success." T.R. 48. Without cognizable harm, K. lacks standing to contest his arrest.  De minimis non curat lex. . . .

While we're on the subject of trifles, we address K.'s claim that he was arrested without a warrant. At the time of the arrest, K. showed the guard his identification papers and demanded, in return, to see the guard's papers and the arrest warrant. T.R. 8. Not only was he not shown these, he was also told that the guards "weren't sent to tell" him why he was arrested. T.R. 5.

We see no problem. Before ordering an arrest, the authorities "inform themselves in great detail about the person they're arresting and the grounds for the arrest." T.R. 8. They don't "seek out guilt among the general population, but . . . [are] attracted by guilt . . . .  That's the Law." T.R. 8‑9; see also Decl. of Penal Colony Officer ("Guilt is always beyond a doubt."); Gerstein v. Pugh, 420 U.S. 103, 113 (1975) (arrest warrant not necessary for arrest supported by probable cause).

The panel affirmed the conviction, denying poor K. justice once again (the first time being his sudden execution):

K.'s only clear claim is that he is innocent. See, e.g., T.R. 47, 148, 213. But how can K. credibly claim innocence when he admits to not knowing the law? T.R. 9. He might as well dispute what the meaning of "is" is. The fuss he makes about how innocent he feels "disturbs the otherwise not unfavorable impression [he] make[s]." T.R. 14. Especially ludicrous is his suggestion that no one can "in general be guilty," as "[w]e're all human after all, each and every one of us." T.R. 213. That's how guilty people always talk.

In any event‑‑and this is the nub of the matter‑‑we fail to see what's so special about being innocent. See Commonwealth v. Amirault, 677 N.E.2d 652, 665 (Mass. 1997) ("[O]nce the [criminal] process has run its course . . . the community's interest in finality comes to the fore."). We will assume, for the sake of argument, that K. did not commit the crime for which he was convicted and executed. Can we be sure that K. did not commit some other, worse crime, that was overlooked? To ask the question is to answer it. The law works in mysterious ways and that which should be done is presumed to have been done. It follows that that which was done needed doing. K. was convicted and executed after a legal process that, as we have seen, is unimpeachable. He must have deserved what he got.

The opinion concludes:

K.'s overarching complaint, that "the Law should be accessible to anyone at any time" and that he has been denied entry to it, T.R. 216, "rings hollow." Alex K., Scholarship of the Absurd: Bob Bork Meets the Bald Soprano, 90 Mich. L. Rev. 1578, 1583 (1992). The very existence of these proceedings has provided an entrance for K. to defend himself. K. has consistently refused to cooperate with court officials' repeated attempts "to straighten out his complex case, regardless of the time and cost." T.R. 251. No one else could gain admittance here, because this entrance was meant solely for him. If he nevertheless remained outside, he has only himself to blame.

This opinion is in flagrant disregard of the law.  I am especially outraged that Judge Godot never attended oral argument, and the opinion has been written without any indication he has read the papers or discussed the case with the other panel members.  Such a disregard for justice is Kafkaesque, to say the least.   

Picture_kafka_cover_3_1 Perhaps the most ironic opinion pertaining to Josef K. is a real one by the U.S. Supreme Court.  In Joe Kafka v. United States, 121 S. Ct. 1365 (2001), the U.S. Supreme Court issued its typical one-sentence order, denying certiorari without explanation: “The petition for writ of certiorari is denied.”  Recall the parable in The Trial: “Before the Law stands a doorkeeper. . . . The doorkeeper sees that the man is nearing his end, and in order to reach his failing hearing, he roars to him: ‘No one else could gain admittance here, because this entrance was meant solely for you.  I’m going to go and shut it now.’”  A one sentence denial of cert., without explanation . . . how appropriate for Josef “Joe” K. 

Posted by Daniel Solove on June 23, 2005 at 03:01 AM in Article Spotlight, Daniel Solove, Odd World | Permalink | Comments (0) | TrackBack

Wednesday, June 22, 2005

New Law Prof. Blog on Grokster and Brand X

Grokster Professor Randy Picker at the University of Chicago Law School has just started a new blog -- Picker MobBlog -- with some great co-bloggers: Doug Lichtman (Chicago), Lior Stahilevitz (Chicago), Julie Cohen (Georgetown), Wendy Gordon (Boston Univ.), Jessica Litman (Wayne State), Larry Solum (Illinois), and Phil Weiser (Colorado).

Here's his description of the blog:

In anticipation of the release of the Supreme Court’s opinions in Grokster and Brand X, I have set up a new experimental blog located here (http://picker.typepad.com/). The point of this is to provide a vehicle for participating in what I expect will be a large online conversation about what the opinions mean (see Grokster fever and The Day Grokster Didn’t Come Down).

Think of this as a "smart mob" blog (or not so smart, you tell me). The idea is to bring together a group of interested people to blog on a particular topic, do so, and disband. I will post on the blog intermittently between mobs, but the mobs will be the heart of the blog. I think of this as an online reading group or an online workshop.

Slate has done this annually for a number of years with its Movie Club—a group of movie critics bat around the year’s best and worst movies—and SCOTUSblog did this recently with its Raich "superblog." A number of years ago I thought that an online workshop series would make sense, but I didn’t see a great way to do it. I think the MobBlog might be the right approach.

The first mob topic will be the forthcoming opinions in Grokster and Brand X. Smart mob bloggers on Grokster and Brand X will include me (Randy Picker); my colleagues Doug Lichtman and Lior Stahilevitz; Julie Cohen; Wendy Gordon; Jessica Litman; Larry Solum; and Phil Weiser.

Welcome to the blogosphere!

Posted by Daniel Solove on June 22, 2005 at 05:29 PM in Blogging, Daniel Solove | Permalink | Comments (0) | TrackBack

If It’s Against Your Privacy Policy, Just Change It

Ssa3_1 According to an article in the NY Times, documents obtained by the Electronic Privacy Information Center from the Social Security Administration (SSA) reveal that the SSA disclosed personal information in response to FBI requests after 9-11: 

The Social Security Administration has relaxed its privacy restrictions and searched thousands of its files at the request of the F.B.I. as part of terrorism investigations since the Sept. 11, 2001, attacks, newly disclosed records and interviews show.

The privacy policy typically bans the sharing of such confidential information, which includes home addresses, medical information and other personal data. But senior officials at the Social Security agency agreed to an "ad hoc" policy that authorized the release of information to the bureau for investigations related to Sept. 11 because officials saw a "life-threatening" emergency, internal memorandums say.

The Internal Revenue Service also worked with the bureau and the Social Security agency to provide income and taxpayer information in terror inquiries, law enforcement officials said. Officials said the I.R.S. information was limited because legal restrictions prevented the sharing of taxpayer information except by court order or in cases of "imminent danger" or other exemptions. The tax agency refused to comment.

The Social Security memorandums were obtained through a Freedom of Information Act request by the Electronic Privacy Information Center, a civil liberties group here. Copies were provided to The New York Times. . . .

The director of the Open Government Project at the Electronic Privacy Information Center, Marcia Hofmann, acknowledged the need for investigators to have access to vital information.

"But an ad hoc policy like this is so broad that it allows law enforcement to obtain really sensitive information by merely claiming that the information is relevant to the 9/11 investigation," Ms. Hofmann said. "There appears to be very little oversight."

Wouldn’t it be nice if the government just came clean with what it did after 9-11?  Then we could discuss and evaluate it without having to wait for little bits and pieces of the story to trickle out.  Getting information about the government’s activities is too often like pulling teeth.  This feeds distrust about the government’s law enforcement activities as well as makes people unsure that they are ever being given the complete story about what the government is doing with their personal data.  And what good is a privacy policy if it is conveniently rewritten the minute an agency wants to do something different?  I am not opining on whether or not the records ultimately should have been shared with the FBI, but the way it was done – secretly, without judicial supervision, and then kept quiet until now -- strikes me as very problematic. 

Posted by Daniel Solove on June 22, 2005 at 03:20 AM in Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Libraries, Privacy, and Law Enforcement

Books1 According to an NYT article:

Law enforcement officials have made at least 200 formal and informal inquiries to libraries for information on reading material and other internal matters since October 2001, according to a new study that adds grist to the growing debate in Congress over the government's counterterrorism powers.

In some cases, agents used subpoenas or other formal demands to obtain information like lists of users checking out a book on Osama bin Laden. Other requests were informal - and were sometimes turned down by librarians who chafed at the notion of turning over such material, said the American Library Association, which commissioned the study. . . .

The Bush administration says that while it is important for law enforcement officials to get information from libraries if needed in terrorism investigations, officials have yet to actually use their power under the Patriot Act to demand records from libraries or bookstores. . . .

The study does not directly answer how or whether the Patriot Act has been used to search libraries. The association said it decided it was constrained from asking direct questions on the law because of secrecy provisions that could make it a crime for a librarian to respond. Federal intelligence law bans those who receive certain types of demands for records from challenging the order or even telling anyone they have received it. . . .

The study, which surveyed 1,500 public libraries and 4,000 academic libraries, used anonymous responses to address legal concerns. A large majority of those who responded to the survey said they had not been contacted by any law enforcement agencies since October 2001, when the Patriot Act was passed.

But there were 137 formal requests or demands for information in that time, 49 from federal officials and the remainder from state or local investigators. Federal officials have sometimes used local investigators on joint terrorism task forces to conduct library inquiries. . . .

The study has not yet been released.  Here's the press release from the ALA's website.

This report makes me wonder about former Attorney General John Ashcroft's remarks a while back to counter criticism by the ALA over the Patriot Act.  According to a Washington Post article on Sept. 19, 2003:

"The charges of the hysterics," Ashcroft added, "are revealed for what they are: castles in the air built on misrepresentation; supported by unfounded fear; held aloft by hysteria."

The Justice Department escalated its attack on opponents of the USA Patriot Act yesterday, ridiculing criticism of the anti-terrorism law and accusing some lawmakers of ignoring classified reports that showed the government has never used its power to monitor individuals' records at bookstores and libraries. In an unusually sharp and at times sarcastic speech to police and prosecutors in Memphis, Attorney General John D. Ashcroft labeled critics of the law "hysterics" and said "charges of abuse of power are ghosts unsupported by fact or example."

"The fact is, with just 11,000 FBI agents and over a billion visitors to America's libraries each year, the Department of Justice has neither the staffing, the time nor the inclination to monitor the reading habits of Americans," he said. "No offense to the American Library Association, but we just don't care. . . .

While it might be true that the Patriot Act was not used to obtain library information, Ashcroft's contention that "we just don't care" doesn't seem to be true.  Government officials -- and apologists for greater security -- routinely argue that those concerned about privacy and civil liberties are overreacting.  Perhaps if the government were honest and forthcoming about the facts -- if it were to have a policy of providing the cold hard facts about what it is doing -- then people could properly evaluate the government's law enforcement endeavors.  But without the facts, with continual secrecy, with constant spin by Ashcroft and others, and with instances of broken promises by government agencies (see my recent TSA post), the government bares a lot of the blame for any "hysteria" and "overreaction."  And with the case of library records, the reality appears to be that in a number of cases, law enforcement authorites are interested in what some people are reading after all.   

Posted by Daniel Solove on June 22, 2005 at 03:03 AM in Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Tuesday, June 21, 2005

TSA's Broken Promise About Secure Flight

Dhs2_1Remember CAPPS II, the program for screening airline passengers by using databases of personal information?  This program was scrapped because the Transportation Security Administration (TSA) of the Department of Homeland Security (DHS) was concerned that it posed an increasing threat to privacy and civil liberties.  Replacing CAPPS II was the nicely-monikered "Secure Flight."  (EPIC's website has a good history and set of links about the history of the program.)  After names like Carnivore and Total Information Awareness, government officials have learned to rename things with soothing happy titles.   Secure Flight was to be a kindler, gentler version of CAPPS II, with more limited uses of information and with more limited information gathering and retention.  Privacy advocates were skeptical of Secure Flight, but TSA insisted that Secure Flight was genuinely nicer, not just nicer in name.  According to TSA's final order on its testing of Secure Flight:

Secure Flight will involve the comparison of information in PNRs from domestic flights to names in the Terrorist Screening Database (TSDB) maintained by the Terrorist Screening Center (TSC), including the expanded TSA No-Fly and Selectee Lists, in order to identify individuals known or reasonably suspected to be engaged in terrorist activity. TSA anticipates that it will also apply, within the Secure Flight system, a streamlined version of the existing passenger prescreening process, known as the Computer Assisted Passenger Prescreening System (CAPPS), which evaluates information in PNRs that passengers otherwise provide to aircraft operators in the normal course of business.

Simple comparisons of PNR information against records maintained in the TSDB will not permit TSA to identify information provided by passengers that is incorrect or inaccurate, potentially rendering the comparisons less effective. Therefore, on a very limited basis, in addition to testing TSA's ability to compare passenger information with data maintained by TSC, TSA will separately test the use of commercial data to determine if use of such data is effective in identifying passenger information that is incorrect or inaccurate and reducing the number of false positive matches of passenger information against TSDB records. This test will involve commercial data aggregators whose procedures will be governed by strict privacy and data security protections. TSA will not receive the commercially available data that would be used by commercial data aggregators.

According to this AP story, however, TSA has violated this promise:

The federal agency in charge of aviation security revealed that it bought and is storing commercial data about some passengers -- even though officials said they wouldn't do it and Congress told them not to.

The Transportation Security Administration is testing a terrorist screening program called Secure Flight that uses information about U.S. citizens who flew on commercial airlines in June 2004. . . .

According to documents obtained by The Associated Press, the TSA gave passenger name records to a contractor, Virginia-based EagleForce Associates. A passenger name record can include a variety of information, including name, address, phone number and credit card information.

EagleForce compared the passenger name records with more detailed data from three other contractors to find out if the records were accurate, according to the TSA.

EagleForce then produced CD-ROMs containing most of the information "and provided those CD-ROMs to TSA for use in watch list match testing," the documents said. The TSA now stores that data.

According to previous official notices, TSA had said it would not store commercial data about airline passengers. . . .

Nuala O'Connor Kelly, DHS's chief privacy officer, is investigating. 

For some time, we have been consistently told by government officials to refrain from criticizing programs such as Secure Flight because privacy concerns are being addressed, because promises are being made about keeping these programs limited.  We are told that such programs need to be developed in the darkness, as the sunlight of scrutiny will inhibit the testing.  But why should we trust them?  These revelations demonstrate that we cannot take TSA at its word. 

Posted by Daniel Solove on June 21, 2005 at 08:46 PM in Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

How HIPAA Was Undermined

Hipaa2 The Office of Legal Counsel (OLC) of the DOJ has issued a highly suspect interpretation of the original HIPAA that seriously undermines the enforceability of HIPAA. 

Some background: In 1996, Congress Passed the Health Insurance Portability and Accountability Act (HIPAA).  The Act, at 42 U.S.C. § 1320d-6, provided in part for the protection of medical privacy – although it left the specific details to the Department of Health and Human Services (HHS) to establish via a rulemaking.  HIPAA contained civil and criminal penalties for when:

A person who knowingly and in violation of this part--

(1) uses or causes to be used a unique health identifier;

(2) obtains individually identifiable health information relating to an individual; or

(3) discloses individually identifiable health information to another person

HHS promulgated detailed regulations under HIPAA during the Clinton Administration.  In 2000, HHS issued a final rule, but the Bush Administration announced that the rule would not go into effect.  A bit later on, the Bush Administration issued a rewritten rule, weakening many of HIPAA’s protections, but leaving much of the rule intact.  This new HIPAA rule became effective in 2003. 

But now the OLC has delivered quite a blow to HIPAA in an opinion interpreting HIPAA’s criminal enforcement provision (quoted above).

Swire_1Professor Peter Swire (law, Ohio State), who worked on the HIPAA rule under the Clinton Administration, has written a very clear and persuasive attack on the OLC's interpretation.  Swire writes:

One sad result of the OLC opinion may be to make the hundreds of thousands of people who have worked to create safeguards feel like chumps. In good faith, nurses, doctors, IT staff, and many others have built systems that supply good health care while respecting patients’ privacy. Now, seeing that the federal government has created immunity for bad actors, all these people may wonder why they tried so hard to do the right thing.

Swire provides useful background about civil and criminal enforcement under HIPAA:

OCR also reports that it has received over 13,000 HIPAA privacy complaints in the past two years.

Somehow, though, OCR has not yet brought a single civil enforcement action. In part, it likely made sense for the first few months or a year for OCR to emphasize helping organizations come into compliance with the new rule. Even now, two full years after compliance was due and five years after the final rule was announced, there is a major role for OCR in helping teach organizations how to do better.

With that said, however, the utter lack of enforcement actions sends a clear signal to health insurers and providers who are covered by HIPAA. The signal, growing ever stronger as the months go by, is that HHS will not act even against flagrant violations of the privacy rule.

With no private right of action, and no civil enforcement actions, the only big enforcement news has been on the criminal front. In 2004 the U.S. attorney in Seattle announced that Richard Gibson was being indicted for violating the HIPAA privacy law. Gibson was a phlebotomist – a lab assistant – in a hospital. While at work he accessed the medical records of a person with a terminal cancer condition. Gibson then got credit cards in the patient’s name and ran up over $9,000 in charges, notably for video game purchases. In a statement to the court, the patient said he “lost a year of life both mentally and physically dealing with the stress” of dealing with collection agencies and other results of Gibson’s actions. Gibson signed a plea agreement and was sentenced to 16 months in jail.

At the time, the Department of Justice trumpeted the first HIPAA criminal prosecution. The DOJ site announced: "This case should serve as a reminder that misuse of patient information may result in criminal prosecution."

Under its new legal opinion, however, Gibson could no longer be prosecuted under HIPAA.

Swire provides a clear analysis of the OLC opinion:

The Office of Legal Counsel (OLC) is a part of the Department of Justice that issues opinions, often on tricky legal issues that involve more than one part of the federal government. As a preliminary matter, it is odd for OLC to issue an opinion in the absence of a conflict among agencies or similar controversy. The very existence of the opinion is a sign of substantial political-level interest in the issue. (In addition, more than one source has informed me that senior officials were involved at both DOJ and HHS, including the deputy attorney general.)

The OLC opinion, dated June 1 but not made public until a New York Times article of June 7, answers a request from the general counsel of HHS for clarification of the scope of the HIPAA criminal provision.

The answer is that the criminal provision applies to “covered entities” under HIPAA. These covered entities are defined under the HIPAA electronic payment, security, and privacy rules to include essentially the following: health care providers, health plans (insurers), and health care clearinghouses. Roughly speaking, that means that the criminal provision applies to hospitals and health insurance companies, but not to individuals.

The OLC opinion does find that the law can apply to a few individuals. Certain directors, officers, and employees may be criminally liable “in accordance with general principles of corporate criminal liability.” The opinion emphasizes that criminal liability will apply especially when “the agents act within the scope of their employment.” For instance, a hospital might make a corporate decision to sell medical records in violation of HIPAA. For these employees, who act criminally but within their job description, then there could be criminal liability.

It is appropriate for the criminal law to apply to this sort of knowing violation of law. But we all know that outside hackers and rogue insiders such as Mr. Gibson pose much, much more of a threat. It is (presumably) rare for a health insurance company or medical provider to create an ongoing program of HIPAA violations as part of people’s scope of employment. Yet, OLC finds that other persons would “not be liable directly under this provision.”

Swire then offers a blistering critique of the OLC opinion:

For a law professor who teaches statutory interpretation, the OLC opinion is terribly frustrating to read. The opinion reads like a brief for one side of an argument. Even worse, it reads like a brief that knows it has the losing side but has to come out with a predetermined answer. . . .

First, the statute applies to “a person who knowingly and in violation of this part.” The effect of the OLC opinion is to change the statute to say “a person who is a covered entity who knowingly and in violation of this part.” The natural reading, in my view, is that “a person” can include hospital employees such as Gibson who abuse patient records. Gibson is “a person.” He is violating “this part” – the HIPAA rule – when he misuses the patient records.

Second, the criminal statute includes jail time. Indeed, the jail time increases from one year to five years to ten years based on the seriousness of the offense. Yet the OLC opinion says that Congress intended to make the covered entities the target of the criminal provision. We all know that hospitals and health insurance companies don’t go to jail. The common sense of the statute is that Congress intended individuals who violated the HIPAA rules to go to jail.

There is a third, related, point about an offense “committed under false pretenses.” The OLC opinion says the entire criminal provision is about covered entities, but that it also may sometimes apply to employees “acting within the scope of employment.” Can an employee be acting within the scope of employment and also be acting under false pretenses? I haven’t been able to think of how this jail time provision can ever apply under the OLC view – the employee would have to be truly within the scope of employment and acting under false pretenses at the same time. The OLC opinion seems to make the false pretense provision meaningless.

On the fourth argument, the OLC opinion itself lets the reader see its weakness. In (a)(1), Congress specifically made it a crime where a person “obtains individually identifiable health information relating to an individual.” (The person must of course act knowingly and in violation of the HIPAA standards.) Now it is a standard and important part of reading a statute to give effect to each provision in the law. That is, the criminal provision of (a)(1) must mean something. The OLC admits: “It could be argued that by including a distinct prohibition on obtaining health information, the law was intended to reach the acquisition by a person who is not a covered entity but who ‘obtains’ it from such an entity in a manner that causes the entity to violate” the privacy rule.

This sentence makes a great deal of sense – Congress intended to criminalize the illegal “obtaining” of health information when it made it a crime for any person to “obtain” health information. In the face of this clear language, OLC has to become amazingly inventive to save its preferred outcome. On the OLC view, Congress was not concerned about criminal activities by outsiders who steal medical records, or by insiders who sell medical records or use them for their own advantage. Instead, on the OLC view, Congress wrote the provision only to get at the covered entities, whose privacy activities are already regulated in other ways. And, on the OLC’s view, Congress did this without ever mentioning covered entities.

It is a canon of statutory construction that we should not reach “absurd” conclusions in interpreting a statute. This interpretation by OLC is absurd.

The last argument against the OLC opinion is that it treats the civil and criminal provisions as having the same scope, even though they are different statutes, with different purposes, and with different language. The civil provision does apply only to covered entities such as providers and health insurers. Those covered entities then are responsible for establishing privacy and security programs, and also complying with other administrative provisions such as standard formats for electronic payments. The covered entities pay civil fines (if and when HHS begins to bring civil enforcement actions).

By contrast, the criminal provision is tailored to specific pieces of HIPAA where Congress had the greatest concern about abuse. For instance, the privacy rule creates administrative rules such as training requirements and the need to name a chief privacy officer. These administrative requirements are omitted from the criminal provision, as are violations of the security rule and the payments rule. For the criminal provision, Congress focused on specific privacy violations, notably the obtaining or misuse of patient records under false pretenses or for personal gain.

When Congress targeted these information crimes, and called for jail time, it created a criminal provision that is different from the civil provision. The OLC opinion essentially assumes that the scope of the civil and criminal provisions is the same. The OLC opinion tries to suppress the clear text of the criminal provision about “person,” “false pretenses,” “obtaining” and other terms. A fairer and more neutral reading of the statute would be to recognize the different scope that follows from the different language and different goals of the civil and criminal provisions.

For a further critique, see Bruce Schneier’s take.  In a contrary opinion, Jeff Drummond, a lawyer who represents hospitals and health care entities, comments on HIPAA blog (yes, there is indeed a blog devoted to HIPAA, which is a good cure for insomnia):

The basis for the opinion is pretty well reasoned, and while it may be bad public policy, it actually is very good law: HIPAA applies to covered entities, and I fail to see how a person can break a law that doesn't apply to them. And this opinion does nothing to get the health care industry out of criminal prosecution. The industry itself is the only thing left in the law's criminal crosshairs; what it does is get the "small fry" employees and grunts out of criminal prosecution. One could argue that this makes the law less effective (I would agree, on policy grounds and on practical grounds, since it avoids the likely wrongdoers and sure makes it less of a club for law-abiding hospitals and physician groups to beat on or scare their employees). But the problem isn't one of interpretation, it's one of drafting. The law is written to apply to covered entities, not covered entities and their employees and agents.

This argument by Drummond strikes me as very unpersuasive.  Besides resorting to an ad hominem attack on Swire (not included in the excerpt here), he does not respond to some of Swire’s strongest arguments, such as the fact that the law will not punish the bad apples who go outside of the scope of their employment.  This seems quite backwards.  It is people like Gibson that seem most suited for HIPAA’s criminal penalties.  The OLC opinion creates absurd results and severely weakens HIPAA’s enforceability.  Drummond oddly recognizes how foolish these results are on policy and practical grounds, yet he finds the OLC opinion to be “very good law.”  So under Drummond’s view, Congress played the fool, writing a stupid and absurd law.  HIPAA certainly has many problems, but its not applying criminal penalties to employees was not one of them.  I agree with Swire – Congress wasn’t the fool and the law was fine before the OLC got its hands on it and twisted it into a pretzel. 

Posted by Daniel Solove on June 21, 2005 at 03:01 AM in Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Monday, June 20, 2005

Anonymity on the Internet Is Often a Mirage

Picture_anonymity_3This interesting AP story demonstrates how illusory anonymity can be on the Internet:

After what Mayor James West called his "brutal outing" by a newspaper that published transcripts of his conversations from a gay chat room, he complained in an e-mail to the city's commission on race relations. West asked: "Should we all fear that our private conversations will be splashed publicly and out of context for all in our sphere to see?" . . . .

After receiving a tip the mayor was offering city jobs to young men he met in a Gay.com chat room, The Spokesman-Review found a way to corroborate the information without having to subpoena records from the chat room's sponsor.

It hired a computer expert to track the identity of the person behind the screen names "Cobra82," "RightBiGuy" and "JMSElton" that it suspected was the mayor.

As a result, West is the subject of a recall for alleged misuse of a city-owned computer for offering internships to young men he met in the gay chat room. . . .

Law enforcement routinely uses subpoenas in terrorism, child pornography and other investigations to find the identities of Internet chat room users.

But what was unusual about this case was that someone not currently involved with law enforcement was able to unmask a person who thought they [sic] were operating anonymously.

Posted by Daniel Solove on June 20, 2005 at 08:01 PM in Daniel Solove, Information and Technology | Permalink | Comments (4) | TrackBack

Saturday, June 18, 2005

Data Security Breach Supersized: 40 Million People Affected

Cardsystems I'm getting tired of posting about data security breaches, but this one is a whopper -- actually, more like a double whopper.  From the AP:

The names, banks and account numbers of up to 40 million credit card holders may have been accessed by an unauthorized user, MasterCard International Inc. said Friday. The credit card giant said the security breach involves a computer virus that captured customer data for the purpose of fraud and may have affected holders of all brands of credit cards.

It said the breach was traced to Atlanta-based CardSystems Solutions Inc., which processes credit card and other payments for banks and merchants.

The compromised data did not include addresses or Social Security numbers, said MasterCard spokeswoman Sharon Gamsin. The data that may have been viewed -- names, banks and account numbers -- could be used to steal funds but not identities.

One thing to note is that the type of information accessed is likely to be used for credit card fraud, not identity theft.  The two are often confused, and many stories about this data breach have conflated the two. (The story I linked to does not.)  Credit card fraud involves a fraudster using a person's stolen card or card numbers to conduct fraud.  Credit card companies have elaborate detection systems for such fraud, and when a consumer catches the fraud, the card is cancelled and a new card is sent in the mail.  People's liability is limited, and with most credit card companies, people are not responsible for any of the fraudulent charges.  Identity theft, in contrast, is much more damaging.  It involves a thief using personal data to impersonate the victim -- usually the victim's Social Security number.  Identity theft is harder to clean up, because bad data finds its way into many different record systems, and since Social Security numbers are very difficult to change, the thief can continue to engage in the fraud.  Whereas credit card fraud is like getting a slight cold, identity theft is akin to contracting a chronic disease. 

Posted by Daniel Solove on June 18, 2005 at 01:56 PM in Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Notice Much Delayed: The FDIC Data Security Breach

Fdiclogo A Washington Post article discusses the letter the FDIC recently mailed to about 6000 of its employees that describes a data security breach where employee personal information was compromised:

Thousands of current and former employees at the Federal Deposit Insurance Corp. are being warned that their sensitive personal information was breached, leading to an unspecified number of fraud cases.

In letters dated last Friday, the agency told roughly 6,000 people to be "vigilant over the next 12 to 24 months" in monitoring their financial accounts and credit reports. The data that may have been improperly accessed included names, birth dates, Social Security numbers and salary information on anyone employed at the agency as of July 2002.

The agency said that in a "small number of cases," the data was used to obtain fraudulent loans from a credit union, but declined to specify how many or the credit union involved.

According to the letter, the breach occurred early last year, and it remains unclear why employees were not notified for nearly 18 months. The agency wrote that it learned of the breach only "recently," but did not explain how the breach surfaced or why it took so long to learn about it.

Why did it take 18 months to notify people?  How did the breach happen?  What is being done to address the problems?  The letter is vague on details.  Currently, there is legislation pending in many states as well as in Congress to mandate notifying people of data security breaches in which their personal information has been leaked.  Any data security breach notification law should mandate that disclosure occurs within a reasonable period of time after the breach occurs and that the notification letters have adequate details to inform people about what happened.   

Thanks to PrivacySpot for the pointer.

Posted by Daniel Solove on June 18, 2005 at 01:31 PM in Daniel Solove, Information and Technology | Permalink | Comments (2) | TrackBack

Friday, June 17, 2005

Is the FTC Finally Getting Serious About Security?

Ftc2 Bjs

The FTC just announced a settlement with BJ's Wholesale Club, Inc.  From the FTC press release:

BJ’s Wholesale Club, Inc. has agreed to settle Federal Trade Commission charges that its failure to take appropriate security measures to protect the sensitive information of thousands of its customers was an unfair practice that violated federal law. According to the FTC, this information was used by an unauthorized person or persons to make millions of dollars of fraudulent purchases. The settlement will require BJ’s to implement a comprehensive information security program and obtain audits by an independent third party security professional every other year for 20 years. . . .

The FTC charged that BJ’s engaged in a number of practices which, taken together, did not provide reasonable security for sensitive customer information. Specifically, the agency alleges that BJ’s:Failed to encrypt consumer information when it was transmitted or stored on computers in BJ’s stores;

    • Created unnecessary risks to the information by storing it for up to 30 days, in
      violation of bank security rules, even when it no longer needed the information;
    • Stored the information in files that could be accessed using commonly known default user IDs and passwords;
    • Failed to use readily available security measures to prevent unauthorized wireless connections to its networks; and
    • Failed to use measures sufficient to detect unauthorized access to the networks or to conduct security investigations.

The FTC Act prohibits "unfair or deceptive acts or practices in or affecting commerce."   An act or practice is unfair if it "causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition."  15 U.S.C. § 45(n). The complaint and settlement agreement are available here.

Posted by Daniel Solove on June 17, 2005 at 03:02 PM in Daniel Solove, Information and Technology | Permalink | Comments (0) | TrackBack

How Much Are Supreme Court Clerks Worth?

An article discusses the courtship of Supreme Court clerks.  Some firms are giving $150,000 signing bonuses.   

Posted by Daniel Solove on June 17, 2005 at 02:16 PM in Daniel Solove, Life of Law Schools | Permalink | Comments (0) | TrackBack

Thursday, June 16, 2005

Law Professor Blogger Census (Version 2.0)

Census_3 UPDATED! On Monday, June 13, I posted the beta version of our attempt to take a census of current law professors who are blogging about legal issues and/or the life of law professors.  Kaimi Wenger, Ethan Leib, and Dan Markel of PrawfsBlawg as well as Orin Kerr at VC all assisted me in this endeavor.  Many readers posted comments and emailed with bloggers we missed, and we are very grateful for the assistance.  When I decided to undertake this project, I thought that there would be around 30 or so law professor bloggers.  Had I known the number would be over 100, the task would have struck me as too daunting to begin!

This is version 2.0 of the census, which incorporates the assistance of our readers.  The statistics have been updated.   

There are a few blogs by law professors that I haven’t added to the census, as these are blogs solely about personal hobbies or experiences without connections to the law or the life of law professors.  I discussed my decision not to include these blogs here. After posting the beta version of the census, I learned from Ann Althouse that there are three other blogs I didn’t list from Wisconsin law professors.  I located two of them, both of which had posts that they preferred not to be included in the census.  I will respect their wishes.  Professor Stephen Bainbridge has a blog about wine, but I am not listing it because it has no legal themes at all.  But it’s a neat blog nonetheless!  Anyway, there is no strong litmus test for inclusion, just at a minimum some posts about issues relating to law, academics, politics, or the life of law professors, law students, or lawyers.      

We hope that this census will prove useful for discussing who is blogging, the “blogospherics” (demographics) of the bloggers, and the law schools that have heavy blogging populations.  We note that there are many very interesting blawgs by lawyers and law students, but we have restricted this list to law professors.  Additionally, blogs without activity over the past month were not included.

We might update this census from time to time, so please email me about your blog if you were left out of this list or if you know of others we overlooked.  And, of course, please email me if you start a new blog.   

A few statistics: 

· There are quite a lot of law professor bloggers – 130 in all. 

· The schools with the largest amount of bloggers include San Diego (7), UCLA (5), George Mason (5), Cincinnati (4), Ohio State (4), GW (3), Georgetown (3), Stanford (3), St. Thomas (3), Chapman (3), Villanova (3). 

· Of the bloggers, 28 are female and 102 are male.

Law School

Blawgger

Blawg

Arizona

Gabriel (Jack) Chin

CrimProf Blog

Ave Maria

Richard Myers

Mirror of Justice

Boston University

Randy Barnett

Volokh Conspiracy

Capital

David Mayer

MayerBlog

Cardozo

Susan Crawford

Susan Crawford Blog

Cardozo

Peter Tillers

Tillers on Evidence

Case Western

Jonathan Adler

The Commons Blog

Case Western

Andrew Morriss

The Commons Blog

Chapman

Tom Bell

Agoraphilia and

The Technology Liberation Front

Chapman

Hugh Hewitt

Hugh Hewitt.com

Chapman

John Eastman

The Remedy

Chicago

Judge Richard Posner

Becker-Posner Blog

Cincinnati

Paul Caron

TaxProf Blog

Cincinnati

Rafael Gely

LaborProf Blog

Cincinnati

Mark Godsey

CrimProf Blog

Cincinnati

Elizabeth Malloy

Health Law Prof Blog

Columbia

Eben Moglen

Freedom Now

Cornell

Bradley Wendel

Legal Ethics Forum

Cornell

Steven Shiffrin

Left2Right

Cumberland

Michael DeBow

Southern Appeal and

Point of Law

U.C. Davis

Anupam Chander

Anupam Chander

Duke

Stuart Benjamin

Volokh Conspiracy

Emory

Michael Perry

Mirror of Justice

Fordham

Amelia Uelmen

Mirror of Justice

Florida A&M

Jacqueline Dowd

The 13th Juror

Florida State

Dan Markel

PrawfsBlawg

Georgia

Kevin Jon Heller

The Yin Blog

Georgia State

Ellen Podgor

White Collar Crime Prof Blog

George Mason

David Bernstein

Volokh Conspiracy and

Point of Law

George Mason

Donald Boudreaux

Café Hayek

George Mason

Michelle Boardman

Volokh Conspiracy

George Mason

Michael Krauss

Point of Law

George Mason

Todd Zywicki

Volokh Conspiracy

GW

Donald Clarke

China Law Prof Blog

GW

Orin Kerr

Volokh Conspiracy

GW

Daniel Solove

PrawfsBlawg

Georgetown

Marty Lederman

SCOTUSblog and

Balkinization

Georgetown

Mark Tushnet

Balkinization

Georgetown

Rebecca Tushnet

Rebecca Tushnet’s Blog

Harvard

Charles Nesson

Eon

Harvard

Elizabeth Warren

TPMCafe

Hastings

Ethan Leib

PrawfsBlawg

Hofstra

Laura Appleman

Legal Ethics Forum and

PrawfsBlawg

Hofstra

Julian Ku

Opinio Juris

Illinois

Larry Ribstein

IdeoBlog

Illinois

Lawrence Solum

Legal Theory Blog

Indiana-Indianapolis

Jeff Cooper

Cooped Up

Iowa

Tung Yin

The Yin Blog

Lewis & Clark

Jack Bogdanski

Jack Bog’s Blog

Liberty

Beau Baez

Liberty Law Prof

Louisiana State

Christine Corcos

Media Law Prof Blog

Loyola LA

Rick Hasen

Election Law Blog

Marquette

Eric Goldman

Goldman’s Observations and

Technology & Marketing Law Blog

Marquette

Christine Hurt

Conglomerate

Maryland

Mark Graber

Balkinization

Mercer

David Hricik

Legal Ethics Forum

Miami

Michael Froomkin

Discourse.net

Michigan

Don Herzog

Left2Right

Michigan

Robert Howse

PrawfsBlawg

Minnesota

Carol Chomsky

Contracts Prof Blog

Missouri

Peggy McGuinness

Opinio Juris

New England

Joelle Moreno

PrawfsBlawg 

N.Y. Law Sch.

Beth Simone Noveck

Cairns Blog

UNC

Eric Muller

Is That Legal?

Northwestern

Anthony D’Amato

Bloggo D’Amato

Northwestern

James Lindgren

Volokh Conspiracy

Notre Dame

Richard Garnett

Mirror of Justice

Notre Dame

Vincent Rougeau

Mirror of Justice

Ohio State

Douglas Berman

Sentencing Law and Policy

Ohio State

Edward Lee

Lee Blog

Ohio State

Dale Oesterle

Business Law Prof Blog

Ohio State

Daniel Tokaji

Equal Vote

Oklahoma

Michael Scaperlanda

Mirror of Justice

Pepperdine

Roger Alford

Opinio Juris

Pittsburgh

Michael Madison

Madisonian Theory

Pittsburgh

Bernard Hibbitts

The Paper Chase

Regent

David Wagner

Ninomania

Roger Williams

Dennis Tonsing

Law School Academic Support Blog

Rutgers Camden

Greg Lastowka

Terra Nova

Rutgers Newark

Neil Buchanan

Left2Right

San Diego

Gail Heriot

The Right Coast

San Diego

Adam Kolber

Neuroethics Blog

San Diego

Shaun Martin

California Appellate Blog

San Diego

Michael Rappaport

The Right Coast

San Diego

Maimon Schwarzschild

The Right Coast

San Diego

Thomas Smith

The Right Coast

San Diego

Christopher Wonnell

The Right Coast

St. John’s

Christopher Borgen

Opinio Juris

St. John’s

Susan Stabile

Mirror of Justice

St. Thomas

Thomas Berg

Mirror of Justice

St. Thomas

Greg Sisk

Mirror of Justice

St. Thomas

Robert Vischer

Mirror of Justice

South Carolina

Ann Bartow

Sivacracy.net

SMU

Thomas Mayo

Health Law Prof Blog

South Texas

Paul McGreal

Corporate Compliance Prof Blog

South Texas

Dru Stevenson

South Texas Law Professor

Southwestern

Paul Horwitz

PrawfsBlawg

Stanford

Jennifer Granick

The Shout 

Stanford

Lawrence Lessig

Lessig Blog

Stanford

Margaret Jane Radin

Left2Right

SUNY Buffalo

Shubha Ghosh

Antitrust Prof Blog

Temple

David Hoffman

PrawfsBlawg

Temple

David Post

Volokh Conspiracy

Tennessee

Glenn Reynolds

Instapundit and

GlennReynolds.com

Texas

John Dzienkowski

Legal Ethics Forum

Texas

Brian Leiter

Leiter Reports

Texas Tech.

Gerry Beyer

Wills, Trusts, and Estates Prof Blog

Texas Weslyan

Franklin Snyder

Contracts Prof Blog

Thomas Jefferson

Kaimi Wenger

PrawfsBlawg

Toledo

Howard Friedman

Religion Clause

Touro

Jonathan Ezor

Tech Law Prof Blog

Touro

Michelle Zakarin

Tech Law Prof Blog

UCLA

Stephen Bainbridge

ProfessorBainbridge.com and

Mirror of Justice

UCLA

Victor Fleischer

A Taxing Blog

UCLA

Russell Korobkin

Volokh Conspiracy

UCLA

Seanna Shiffrin

Left2Right

UCLA

Eugene Volokh

Volokh Conspiracy

Vermont

Ellen Swain

Law School Academic Support Blog

Villanova

Patrick Brennan

Mirror of Justice

Villanova

James Maule

Mauled Again

Villanova

Mark Sargent

Mirror of Justice

Wake Forest

Jennifer Collins

PrawfsBlawg

Washington U.

Sam Bagenstos

Disability Law Blog

Wayne State

Peter Henning

White Collar Crime Prof Blog

Willamette

Susan Smith

Environmental Law Prof Blog

William Mitchell

Kim Dayton

Elder Law Prof Blog

Wisconsin

Ann Althouse

Althouse

Wisconsin

Gordon Smith

Conglomerate

Yale

Jack Balkin

Balkinization

Yale

Ian Ayres

Balkinization

Posted by Daniel Solove on June 16, 2005 at 03:01 AM in Blogging, Daniel Solove, Life of Law Schools | Permalink | Comments (11) | TrackBack

Wednesday, June 15, 2005

Identity Theft Fears and Online Shopping

Idtheft4 From a recent survey:

Nearly half of U.S. voters say they don't shop online because they fear identity thieves may capture their bank-account information, according to a survey released on Wednesday by a technology-industry trade group.

These fears are heightened because of the rash of security breaches in recent months.   I previously posted about these breaches here and here

However, these fears are misplaced.  Much identity theft has little to do with whether people shop online or not.  In fact, it has little to do with the measures people might take to protect themselves against identity theft.   When I'm interviewed by journalists about identity theft, they often ask me for tips that consumers can do to protect themselves.  They are looking for the usual tips -- shred your documents, guard your Social Security Number like a hawk, and so on.  But these tips aren't very protective.  Social Security Numbers are sold by many companies for a small fee; they appear on numerous public records; and yet companies continue to use them as passwords to gain access to accounts.   As I wrote in a law review article about identity theft:  "The problem stems not only from the government's creation of a de facto identifier [the Social Security Number] and lax protection of it, but also from the private sector's inadequate security measures in handling personal information. "   Thus, I tell journalists that these tips often just make victims of identity theft feel that they are to blame; and that these tips make people feel the illusion of being safe when in fact they are not. 

Youreviltwin There is little a person can do to protect herself from identity theft.  Even if you shred all your documents, you're only as safe as the lowest common denominator among the hundreds -- if not thousands -- of companies that use your personal data.  Much identity theft occurs not because of online fraud or because people fail to shred their documents, but because of a bad employee at a company who steals people's data, because of data leaks, or because of the theft of mail.  For an account of how identity thieves perpetrate their crimes, see MSNBC journalist Bob Sullivan's Your Evil Twin: Behind the Identity Theft Epidemic.  There are some really fascinating stories in this book.

Identity theft occurs because of an information system that is flawed.  The leakage of Social Security Numbers would not be such a problem if they weren't so widely used by companies and financial institutions as passwords to allow access to people's accounts.   We have a system of monitoring people's credit and processing personal information that leaves people out of the loop and that lacks sufficient accountability.   It's no wonder identity thieves readily exploit the system. 

While such public fears over identity theft might spur legislative action, I wish that people were fearing the real problems.  People are correct to be worried, but they have little idea about the causes of identity theft.    

Posted by Daniel Solove on June 15, 2005 at 03:59 PM in Daniel Solove, Information and Technology | Permalink | Comments (4) | TrackBack

Law Firm Partnership: Waiting for Godot?

Certainly no surprise, but of interest -- a recent article discusses the increasing length of time it takes for law firm associates to make partner.

The time it takes lawyers to attain partnership has increased from five years in the 1980s to 10 or more today, local lawyers said. One of the main reasons for the difference is the increased number of lawyers -- both young and old. More lawyers means more competition for leadership positions.

As a result, some law firms have restructured the way they promote lawyers, so that they only skim the best from the pool. That includes requiring more work of budding partners and even instituting a two-tier system with a junior level of partnership that does not yet share in the firm's profit. . . .

The increase in the pool of lawyers has forced higher-ups to change the way they promote people. Many firms adopted the "grinders-minders-finders" concept to help sift partner-appropriate lawyers from the pot. Grinders are hard workers; minders have good client relationships; and finders are good at bringing in new clients. If a lawyer has all three qualities, he or she may be promoted to partner.

This article is based on some firms in Ohio, but I'm sure that the trend is nationwide. 

Link thanks to JD2B.

Posted by Daniel Solove on June 15, 2005 at 02:22 PM in Daniel Solove, Life of Law Schools | Permalink | Comments (0) | TrackBack

Citing Foreign Law in Judicial Opinions: Which Countries Count?

Worldmap2

There has been much debate over the citation of foreign law in judicial opinions, especially recent Supreme Court opinions such as Lawrence v. Texas and Roper v. Simmons.  For some arguments in this debate, see Judge Richard Posner (con); Vicki Jackson (pro); and Orin Kerr (con). Much of the debate has centered on the appropriateness of such citation.  An Economist article on the topic states:

Conservatives have been further inflamed by the increasing frequency of Supreme Court references to foreign laws and opinions. Tom DeLay, the House majority leader, recently lambasted Justice Anthony Kennedy for his “incredibly outrageous” citation of international views in the court's ruling outlawing the death penalty for juvenile killers.

Republicans have now introduced a resolution in Congress banning inappropriate reliance on foreign laws or judgments in interpreting the constitution. Although almost certainly a violation of the separation of powers, it has already attracted a lot of support.

A fascinating recent law review article by Rex Glensy, Which Countries Count? Lawrence v. Texas and the Selection of Foreign Persuasive Authority, supports the citation of foreign authority, and it focuses on addressing an extremely important issue: When citing foreign authority, which countries should be cited? Why not look to China, for example?  From the abstract:

This Article provides a selection process for foreign persuasive authority within the context of comparative analysis. In Lawrence v. Texas, the Supreme Court struck down as unconstitutional a state statute relying, in part, on select foreign sources of authority. Recent scholarship has attacked the Lawrence Court's use of foreign authority, and in particular, its apparent self-serving and biased penchant for preferring materials from Western democracies at the expense of all other countries. This Article responds to that charge.

This Article argues that by combining the results of an historical analysis of the use of foreign authority with modern trends in social sciences and legal scholarship, it is possible to construct a framework within which the selection of appropriate foreign materials for comparative analysis by U.S. courts can operate. First, this Article traces the history of comparative analysis in the United States and, describing its normative impulse, illustrates that the ethos of comparative law in this country has always been one of informed nation selection.

Based upon this notion, this Article then presents a tri-partite framework in which the selection of foreign persuasive authority can take place: a framework which, depending on the specific context of the case, combines the democratic credentials of the originating country with such country's societal affinities to the United States. This Article concludes by showing that the Lawrence majority's selections complied with this framework, thus demonstrating that a cohesive and principled process lay behind the Court's particular choices of foreign persuasive authority.

Posted by Daniel Solove on June 15, 2005 at 03:10 AM in Article Spotlight, Constitutional thoughts, Daniel Solove | Permalink | Comments (24) | TrackBack

On Judges, Presidents, and Milli Vanilli

A new paper on SSRN by Stephen Choi and Mitu Gulati, Which Judges Write Their Opinions (and Should We Care)?, examines the extent to which law clerks write judge’s opinions.  From the abstract:

Common wisdom holds that many federal judges do not write their own opinions. While their degree of input into opinion writing varies, almost all rely to some extent on law clerks, typically recent law school graduates, to research and draft substantial sections of the opinion. Why should we care which judges write their opinions? We posit that determining the actual input of federal judges into the authorship of opinions provides useful information in a number of contexts, including judicial promotion decisions, the allocation of scarce judicial resources, and the judicial clerkship market for law students. . . .

This paper looks quite interesting.  It is certainly true that many judicial clerks do a substantial amount of opinion writing, but I think that we should also turn the microscope on presidents, who often are even less the author of their words and policies than judges. 

We have come to expect that presidents don’t write their speeches or make many of their own policy decisions.  Presidents have an elaborate crew of marketers, a team of strategists, a group of policy experts, a number of speech writers, and so on.   Perhaps only Britney Spears and most boy bands have a more sophisticated team behind them pulling the strings.  So we play along with this charade when we know that the president is often just reading from a script like an actor.

Millivanilli1 This all reminds me of the pop group Milli Vanilli.  Consider this bio from MTV’s website:

Milli Vanilli. The mere mention of the name still calls up the same derision it did when the dance-pop duo's career came to a sudden and ignominious end: Fakers. Frauds. A blatant marketing scam. Their story has been retold countless times: after selling millions of records, Rob Pilatus and Fabrice Morvan were revealed to be models who publicly lip-synced to tracks recorded by anonymous studio vocalists. They became the first act ever stripped of a Grammy award and came to symbolize everything people disliked about dance-pop. . . . Whether that assessment was fair or not, it was beyond easy to hold Milli Vanilli in contempt.

What’s so different between Milli Vanilli and the President of the United States? In some respects, not very much. 

Posted by Daniel Solove on June 15, 2005 at 03:01 AM in Constitutional thoughts, Daniel Solove, Law and Politics | Permalink | Comments (11) | TrackBack

Tuesday, June 14, 2005

Attacking the So-Called "Liberal" Media

Picture_medianews_6

A potent and powerful article by Godfrey Hodgson laments conservative attacks on the media.  A taste:

For a start, conservative critics relentlessly deride and accuse them of the one fault they have always tried to avoid: bias, in this case systematic liberal bias. Indignantly as they deny the charge, and hard as they genuinely strive to avoid it, there is no getting away from the fact that the tone of the most influential pieces of the news media industry – the New York Times and the Washington Post, Newsweek and Time, CBS and NBC and even CNN – has been set for decades by people, the great majority of whom see themselves as progressive, who vote Democrat and belong unmistakably to what conservatives see as the liberal elite.

It is also true that, far more even than in the 1950s, and certainly more than in the 1960s and 1970s, any such liberal bias is now aggressively challenged by institutions and journalists that do not bother to deny that they too have a bias. The most successful television news provider, Fox News, is unashamedly conservative. Talk radio is dominated by coarse, often abusive rightwing voices.

The supposedly liberal mainstream, moreover, increasingly offers a guaranteed outlet to professional conservatives. The New York Times, presumably in an effort to offset the charge of liberal bias, employs avowedly conservative columnists such as John Tierney (successor to a fellow conservative, William Safire) and David Brooks, while the Washington Post has Robert Novak and Charles Krauthammer, predictable champions of the right.

On television talk shows, a whole menagerie of shrill voices denounce liberalism with all the fervour of the "bawl and jump" preachers of the southern boondocks, coated with the accents and smooth vocabulary of the Ivy League. The once supposedly liberal mainstream mirrors the political scene: conservatives without an ideological doubt in their heads confront progressives who, with few exceptions, seem timid and hesitant. . . .

The alarming thing is that both CBS and Newsweek were disgraced for reporting that was inaccurate in detail but may well have been substantially true. The president did avoid going to Vietnam, however bogus the supposed proofs CBS cited. Qur’ans, it turned out, were indeed kicked in the direction of toilets, and splashed with urine by insouciant guards. Ideologues of the right, it seems, may write what they please: their opponents on the left are to be pilloried if they make the smallest mistake.

Posted by Daniel Solove on June 14, 2005 at 01:42 PM in Current Affairs, Daniel Solove | Permalink | Comments (3) | TrackBack

Privacy, Criminal Law, and Paparazzi

Camera Two of the courses I teach – information privacy law and criminal law . . . united as one!  This article discusses how prosecutors are beginning to press criminal charges against paparazzi:

Paparazzi accustomed to chasing down their high-profile targets in order to score photos that could ultimately net them huge profits are now finding themselves the focus of a criminal probe.

Officials in Los Angeles have launched an investigation into overly aggressive tactics used by some celebrity photogs who endanger lives in their quests for the money shot.

Police and prosecutors are cracking down on paparazzi who engage in practices such as using several cars to box in the A-lister of the moment, or even colliding with the celebrity's car, as happened to Lindsay Lohan last week.

"There is a very real concern that this type of behavior may constitute a danger to the victimized celebrity and others," William S. Hodgman, head of the Los Angeles County district attorney's target crimes unit, told the Los Angeles Times. "We are aware that vehicles are used quite often in efforts to stalk celebrities. We also are aware of numerous incidents where the celebrity and or others had children with them who were put in jeopardy." . . . .

"Part of the investigation is to see where the connections are, how closely they worked together, if at all," said Lieutenant Paul Vernon, an LAPD spokesman.

Galo Ramirez, the paparazzo who, according to police, intentionally hit Lohan's car with his minivan, is facing a charge of assault with a deadly weapon following the collision. Police are looking into whether other shutterbugs can be brought on felony conspiracy charges.

Another recent article discusses the economics of the paparazzi – more specifically, how they peddle their photos.  Many use agencies, which take a 40% cut, but which sell the photos within 24 hours to the highest bidder.  The money-making potential for paparazzi (and these paparazzi agencies) is enormous:

Publications often bid against each other for exclusive footage, and prices can get very high. Pictures of Brad Pitt and Angelina Jolie on the beach are said to have gone for $500,000 (though some paparazzi claim the actual figure was half that).

Remind me again why I write law review articles when I could make a living by taking just a few pictures a year. . . .

Posted by Daniel Solove on June 14, 2005 at 12:58 PM in Criminal Law, Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Monday, June 13, 2005

Law Professor Blogger Census (Beta Version 1.0)

Census_1 How many law professor bloggers are out there?  We thought we would attempt to take a census of current law professors who are blogging.  Kaimi Wenger, Ethan Leib, and Dan Markel of PrawfsBlawg as well as Orin Kerr at VC all assisted me in this endeavor.  We hope that this census will prove useful for discussing who is blogging, the “blogospherics” (demographics) of the bloggers, and the law schools that have heavy blogging populations.  We note that there are many very interesting blawgs by lawyers and law students, but we have restricted this list to law professors -- otherwise the project would be too daunting.  Additionally, blogs without activity over the past month were not included.

This is a beta version.  There are probably many bloggers that we missed.  Please email me about your blog if you were left out of this list or if you know of others we overlooked.

A few statistics: 

· There are quite a lot of law professor bloggers – 103 in all. 

· The schools with the largest amount of bloggers include San Diego (7), Cincinnati (4), George Mason (4), Ohio State (4), UCLA (4), GW (3), Stanford (3), St. Thomas (3), Chapman (3). 

· Of the bloggers, 20 are female and 83 are male.

Law School

Blawgger

Blawg

Arizona

Gabriel (Jack) Chin

CrimProf Blog

Ave Maria

Richard Myers

Mirror of Justice

Boston University

Randy Barnett

Volokh Conspiracy

Cardozo

Susan Crawford

Susan Crawford Blog

Case Western

Jonathan Adler

The Commons Blog

Chapman

Tom Bell

Agoraphilia

Chapman

Hugh Hewitt

Hugh Hewitt.com

Chapman

John Eastman

The Remedy

Chicago

Judge Richard Posner

Becker-Posner Blog

Cincinnati

Paul Caron

TaxProf Blog

Cincinnati

Rafael Gely

LaborProf Blog

Cincinnati

Mark Godsey

CrimProf Blog

Cincinnati

Elizabeth Malloy

Health Law Prof Blog

Columbia

Eben Moglen

Freedom Now

Cornell

Steven Shiffrin

Left2Right

U.C. Davis

Anupam Chander

Anupam Chander

Duke

Stuart Benjamin

Volokh Conspiracy

Emory

Michael Perry

Mirror of Justice

Fordham

Amelia Uelmen

Mirror of Justice

Hastings

Ethan Leib

PrawfsBlawg

Hofstra

Julian Ku

Opinio Juris

Florida State

Dan Markel

PrawfsBlawg

Georgia

Kevin Jon Heller

The Yin Blog

Georgia State

Ellen Podgor

White Collar Crime Prof Blog

George Mason

David Bernstein

Volokh Conspiracy

George Mason

Michelle Boardman

Volokh Conspiracy

George Mason

Todd Zywicki

Volokh Conspiracy

George Mason

Tyler Cowen

Volokh Conspiracy

GW

Donald Clarke

China Law Prof Blog

GW

Orin Kerr

Volokh Conspiracy

GW

Daniel Solove

PrawfsBlawg

Georgetown

Mark Tushnet

Balkinization

Illinois

Larry Ribstein

IdeoBlog

Illinois

Lawrence Solum

Legal Theory Blog

Iowa

Tung Yin

The Yin Blog

Lewis & Clark

Jack Bogdanski

Jack Bog’s Blog

Louisiana State

Christine Corcos

Media Law Prof Blog

Loyola LA

Rick Hasen

Election Law Blog

Marquette

Eric Goldman

Goldman’s Observations and

Technology & Marketing Law Blog

Marquette

Christine Hurt

Conglomerate

Miami

Michael Froomkin

Discourse.net

Michigan

Don Herzog

Left2Right

Michigan

Robert Howse

PrawfsBlawg

Minnesota

Carol Chomsky

Contracts Prof Blog

Missouri

Peggy McGuinness

Opinio Juris

New England

Joelle Moreno

PrawfsBlawg 

UNC

Eric Muller

Is That Legal?

Northwestern

James Lindgren

Volokh Conspiracy

Notre Dame

Richard Garnett

Mirror of Justice

Notre Dame

Vincent Rougeau

Mirror of Justice

Ohio State

Douglas Berman

Sentencing Law and Policy

Ohio State

Edward Lee

Lee Blog

Ohio State

Dale Oesterle

Business Law Prof Blog

Ohio State

Daniel Tokaji

Equal Vote

Oklahoma

Michael Scaperlanda

Mirror of Justice

Pepperdine

Roger Alford

Opinio Juris

Pittsburgh

Michael Madison

Madisonian Theory

Regent

David Wagner

Ninomania

Roger Williams

Dennis Tonsing

Law School Academic Support Blog

Rutgers Camden

Greg Lastowka

Terra Nova

San Diego

Gail Heriot

The Right Coast

San Diego

Adam Kolber

Neuroethics Blog

San Diego

Saikrishna Prakash

The Right Coast

San Diego

Michael Rappaport

The Right Coast

San Diego

Maimon Schwarzschild

The Right Coast

San Diego

Thomas Smith

The Right Coast

San Diego

Christopher Wonnell

The Right Coast

St. John’s

Christopher Borgen

Opinio Juris

St. John’s

Susan Stabile

Mirror of Justice

St. Mary’s

Gerry Beyer

Wills, Trusts, and Estates Prof Blog

St. Thomas

Thomas Berg

Mirror of Justice

St. Thomas

Greg Sisk

Mirror of Justice

St. Thomas

Robert Vischer

Mirror of Justice

South Carolina

Ann Bartow

Sivocracy.net

SMU

Thomas Mayo

Health Law Prof Blog

Southwestern

Paul Horwitz

PrawfsBlawg

Stanford

Jennifer Granick

The Shout 

Stanford

Lawrence Lessig

Lessig Blog

Stanford

Margaret Jane Radin

Left2Right

SUNY Buffalo

Shubha Ghosh

Antitrust Prof Blog

Temple

David Hoffman

PrawfsBlawg

Temple

David Post

Volokh Conspiracy

Tennessee

Glenn Reynolds

Instapundit

Texas

Brian Leiter

Leiter Reports

Texas Weslyan

Franklin Snyder

Contracts Prof Blog

Thomas Jefferson

Kaimi Wenger

PrawfsBlawg

Touro

Jonathan Ezor

Tech Law Prof Blog

Touro

Michelle Zakarin

Tech Law Prof Blog

UCLA

Stephen Bainrbidge

ProfessorBainbridge.com and

Mirror of Justice

UCLA

Victor Fleischer

A Taxing Blog

UCLA

Russell Korobkin

Volokh Conspiracy

UCLA

Eugene Volokh

Volokh Conspiracy

Vermont

Ellen Swain

Law School Academic Support Blog

Villanova

Patrick Brennan

Mirror of Justice

Villanova

Mark Sargent

Mirror of Justice

Wake Forest

Jennifer Collins

PrawfsBlawg

Wayne State

Peter Henning

White Collar Crime Prof Blog

Willamette

Susan Smith

Environmental Law Prof Blog

William Mitchell

Kim Dayton

Elder Law Prof Blog

Wisconsin

Ann Althouse

Althouse

Wisconsin

Gordon Smith

Conglomerate

Yale

Jack Balkin

Balkinization

Yale

Ian Ayres

Balkinization

Posted by Daniel Solove on June 13, 2005 at 03:10 AM in Blogging, Daniel Solove, Life of Law Schools | Permalink | Comments (26) | TrackBack

Most Cited Legal Periodicals (1997-2004)

John Doyle at Washington & Lee Law School has updated data about the most cited legal periodicals from 1997 through 2004.   The list consists of over 1000 journals.  The top 25 are:

1. Harvard Law Review

2. Yale Law Journal

3. Columbia Law Review

4. Stanford Law Review

5. Michigan Law Review

6. NYU Law Review

7. Fordham Law Review

8. Georgetown Law Journal

9. California Law Review

10. Virginia Law Review

11. Texas Law Review

12. Cornell Law Review

13. U. Chicago Law Review

14. UCLA Law Review

15. Vanderbilt Law Review

16. U. Penn. Law Review

17. Minnesota Law Review

18. Northwestern Law Review

19. American Journal of International Law

20. William & Mary Law Review

21. Notre Dame Law Review

22. North Carolina Law Review

23. Duke Law Journal

24. Southern California Law Review

25. Indiana Law Journal

This is not an all-time list.  According to the description of the methodology:

Counted citations are those which cite journal volumes published in the preceding eight years. The reason for this limit is to prevent a bias in favor of long-published journals. Thus the study is concerned only with citations to current scholarship. The search results give only the number of citing documents, and do not show where a citing article or case cites to two or more articles in a cited legal periodical. Sources for the citation counts are limited to documents in Westlaw's JLR database (primarily U.S. articles), and in Westlaw's ALLCASES database (U.S. federal/state cases).

Generally – although not always – law review prestige is roughly correlated to a law school’s U.S. News & World Report ranking.  The most interesting divergence between a journal’s ranking vis-à-vis the law school’s ranking is Fordham, which is the 7th most cited law review but the 27th ranked school.

I wonder how many of these journals achieve their ranking because of just one or two frequently-cited articles, with the rest of the articles receiving virtually no citations.  Should such a law review be ranked above one that is more consistent in publishing articles that are well-cited but that lacks a mega-hit? 

Citation counts are a very troublesome metric for quality or influence, as well discussed by Brian Leiter.  Nevertheless, every time I see a ranking based on citations, I can’t help but look.  It’s like Krispy Kreme donuts – very bad for you, but hard to resist. 

Posted by Daniel Solove on June 13, 2005 at 03:01 AM in Daniel Solove, Life of Law Schools | Permalink | Comments (0) | TrackBack

Sunday, June 12, 2005

The Terrorism That Isn't

Doj A very interesting Washington Post article analyzes the terrorism prosecutions by the US: 

Flanked by Attorney General Alberto R. Gonzales, Bush said that "federal terrorism investigations have resulted in charges against more than 400 suspects, and more than half of those charged have been convicted." . . . .

But the numbers are misleading at best.

An analysis of the Justice Department's own list of terrorism prosecutions by The Washington Post shows that 39 people -- not 200, as officials have implied -- were convicted of crimes related to terrorism or national security.

Most of the others were convicted of relatively minor crimes such as making false statements and violating immigration law -- and had nothing to do with terrorism, the analysis shows. For the entire list, the median sentence was just 11 months. . . .

Among all the people charged as a result of terrorism probes in the three years after the Sept. 11, 2001, attacks, The Post found no demonstrated connection to terrorism or terrorist groups for 180 of them.

Many of the cases did not involve people with al Qaeda connections, but “Colombian drug cartels, supporters of the Palestinian cause, Rwandan war criminals or others with no apparent ties to al Qaeda or its leader, Osama bin Laden.”  Beyond these inflated statistics, many defendants “have remained classified as terrorism defendants years after being cleared of connections to extremist groups.”

For example, the prosecution of 20 men, most of them Iraqis, in a Pennsylvania truck-licensing scam accounts for about 10 percent of individuals convicted -- even though the entire group was publicly absolved of ties to terrorism in 2001. . .

This powerful quote by Juliette Kayyem in the article is very apt:

"What we're seeing over time is the equivalent of mission creep: cases that would not be terrorism cases before Sept. 11 are swept onto the terrorism docket," said Juliette Kayyem, a former Clinton administration Justice official who heads the national security program at Harvard University's John F. Kennedy School of Government. "The problem is that it's not good to cook the numbers. . . . We have no accurate assessment of whether the war on terrorism is actually working."

A chart with data about each case is here.  For a graphical representation of the data, click here.

Posted by Daniel Solove on June 12, 2005 at 12:15 AM in Current Affairs, Daniel Solove, Information and Technology | Permalink | Comments (3) | TrackBack

Saturday, June 11, 2005

The Norm Police

When somebody butts in line, many people usually just grumble under their teeth, but there are a few folks who confront that norm-violator.  A USN&WR article suggests that we ought to be grateful for these norm police:

 

Social scientists call the behavior "altruistic punishment": the willingness to step in and enforce societal norms even if doing so carries little chance of reward and significant personal cost. Psychological theories and economic models suggest that people should make decisions about how to behave in groups based on their own best interests rather than the good of the group. In other words, taking an inconsiderate clod to task for butting into line in front of you makes perfect sense, but how to explain the person who bawls out a stranger for butting into line behind them? And yet the altruistic punishment impulse comes up time and again in daily life and psychology experiments.

Take this classic trust game: You give a group of people some money--$20, say--and a set of rules. Players can contribute any amount to a common pool with the promise of a modest return, or they can "free ride," pocketing their initial stake plus a share in the group profits. If all of the players cooperate fully, everyone comes out ahead. But if one player acts selfishly, he'll do even better. You don't have to be a psychologist to guess how soon the whole system breaks down. Allow honest players to punish cheaters with a fine, however, and most will jump at the chance--even if doing so costs a significant portion of their profits. "The tendency to punish free riders is very confusing," says James Fowler, a political scientist at the University of California-Davis, "because if there are only a few punishers, the cost is very high." . . .

Humans . . . regularly cooperate with complete strangers, even when there's no reasonable expectation of a personal reward, genetic or otherwise. Increasingly, researchers say, it's looking as if our tendency to sanction breaches of social norms is the key to human cooperation.

Posted by Daniel Solove on June 11, 2005 at 12:43 PM in Culture, Daniel Solove | Permalink | Comments (4) | TrackBack

Thursday, June 09, 2005

In the Shadow of the Law

Shadow_1 Our guest blogger Kim Roosevelt has done something only a few law professors have done -- write a novel.  I just checked out the page for the book on Amazon.com and it sounds terrific.  Here's a review from Publisher's Weekly:

Starred Review. This outstanding debut goes behind the scenes at Morgan Siler, one of Washington, D.C.'s most powerful K Street law firms, as several lawyers become embroiled in two difficult cases: a pro bono death penalty case in Virginia and a class action suit brought against a Texas chemical corporation after an explosion kills dozens of workers. Assigned to the pro bono case is the earnest, rumpled first-year associate Mark Clayton, who wonders, as he struggles with sleep deprivation and trying to reach his billable-hours target, if he hasn't made a terrible career choice. Also on the case is the brilliant, cocksure young lawyer Walker Eliot. Leading the Hubble Chemical defense is the ferocious litigator Harold Fineman, and lording over them all is Peter Morgan, the supremely confident, never-satisfied managing partner of the firm. Though the novel features plenty of satisfying twists and turns, the book transcends the legal thriller genre. Roosevelt, who practiced and teaches law and who once clerked for Justice Souter, offers a fascinating insider's look into the culture of a high-stakes firm, while also presenting a considered meditation on the law itself and its potential to compromise those driven to practice it. Most of all it's the vividness and complexity of the characters—drawn with the precision and authority of a winning legal argument—that heralds the arrival of an exciting new voice.

I'll be getting a copy. 

Posted by Daniel Solove on June 9, 2005 at 11:34 PM in Books, Daniel Solove | Permalink | Comments (2) | TrackBack

Biometrics and the "Titanic Phenomenon"

Biometrics_1 A Washington Post article discusses the growing use of biometric identification, which involves authenticating identity by using immutable characteristics of the human body.  Some methods include fingerprint readers, iris scanners, and facial recognition systems.  According to the article:

Three or four days a week, Darren Hiers gets lunch at a Sterling, Va., convenience store near the car dealership where he works. He grabs a chicken sandwich and a soda and heads to the checkout counter, where a little gadget scans his index finger and instantly deducts the money from his checking account.

Hiers doesn't have to pull out his wallet to buy lunch -- and if it were up to him, he'd never have to write a check or swipe a credit card again.

The finger scan used at the shop in Sterling, known as a biometric payment system and made by a Herndon, Va., firm, is just starting to be installed at convenience stores and supermarket chains around the country, another step in a revolution that is turning the human body into the ultimate identification card.

Already faces and fingerprints are used to track visitors coming into the country. Computer passwords are being replaced by thumbprints at some companies and iris scans are giving consumers in England and Germany access to their bank accounts at ATMs.

The owner of BioPay LLC, which makes the technology used at the store, predicts the finger scan soon will be ubiquitous, offering speed and convenience for consumers. But civil libertarians have raised privacy concerns, citing some recent problems. In February, ChoicePoint Inc., a background-screening company that collects personal information -- including biometric data -- said it accidentally sold more than 100,000 individual profiles to identity thieves. . . .

Biometric payment systems work by connecting images of an individual's fingerprint to his bank account. At the Sterling convenience store, a BP gas station owned by Rich Gladu, users enroll by handing the cashier a personal check (verified with a driver's license) that is scanned into the computer. Then they place each index finger on a tennis-ball-sized reader that captures the unique characteristics of their fingerprints.

Biometrics have been touted as a more reliable form of identification.  The technology does have some promise, but there is a dark side.  A lot of faith is being invested in biometric technology without much thought about the potential risks.  One risk is that there are scant legal restrictions from the government accessing private sector data.  As more businesses begin to use biometric identifiers, the government will have ready access to this information.  This issue should be addressed before biometric identification methods proliferate.

Another major problem is

what I call the "Titanic Phenomenon."  This is having too much faith in technology, in believing that technology is foolproof.  The problem is that although identification based on passwords or cards may not be as relaible as biometrics, the consequences are much less severe if the a password or identification card falls into the wrong hands.  If one loses a credit card, it can be readily replaced.  But if an identity thief gets one's fingerprint or picture of one's eye, these cannot be replaced.  What then? 

As security expert Bruce Schneier observes in Beyond Fear, a thief can obtain biometric information by hacking into a database where the data is stored.  Moreover, people leave fingerprints wherever they touch (p. 187)  Given the fact that companies are having such a difficult time keeping people's information secure these days, I wonder whether adding biometric information into the mix is a wise idea.  And the law provides very little guidance in this area, as there is no standard for the accuracy or security of biometric data.

Posted by Daniel Solove on June 9, 2005 at 03:49 PM in Daniel Solove, Information and Technology | Permalink | Comments (4) | TrackBack

Wednesday, June 08, 2005

How Blogging Changed My Life

An inspirational true story. 

Cartoon_blog_5_1 I’ve been blogging for roughly a month now, and I thought it would be a good time to take stock and reflect.  “Only blogging a month?” the grizzled veterans of blogging might ask, “What insights could such a neophyte have?”  I don’t have much of a response, except to note that if a 15-year old ice skater can write an autobiography, my posting about my blogging experiences is far less audacious.  So here are my reflections:

1. I read many more blogs now.  I read a lot more news articles.  I surf the Internet virtually 24-7 (pardon the pun).  Me and the Internet – we have become one.  Why?  The need for blog grist is immense.  The blog is a hungry monster.

2. I’m beginning to categorize everything I read or hear into two categories: bloggable or not-bloggable.

3. I write with a different voice when blogging than in my scholarship.  More specifically, my blog posts allow me to write in a more informal and witty way.  I really enjoy this.  I like the “blogging me.”  I wish I could meet this person in real life. 

4. I now have a permanent record of my stupid thoughts and ideas on the Internet.  This probably disqualifies me from ever being canonized as a great legal thinker . . . as if that would ever happen anyway, but I always liked having the dream.  Imagine if Oliver Wendell Holmes had a blog and he blogged about Star Wars.  This would take away his gravitas, don’t you think?  On the other hand, his blog would be great dark comedy, and his posts would be quite well-written.  I’d probably bookmark it.      

5. People actually read my posts each day.  Some even write comments.  Who are these people?  Why don’t they have lives? 

6. There is a dark side to blogging.  I think that blogging is more addictive than crack.  If I go a few days without blogging, I start to go into convulsions.  Somebody told me that the best answer to the question, “Why don’t you have a blog?” is “I have a life.” 

7. I now suffer from a new illness – an anxiety caused by not having an idea to blog about.  I will term this affliction blogiety. I worry: “What if all my ideas dry up?  What if there are no interesting articles out there to blog about or even link to?  What if there’s just nothing left to say?”  I snap out of these moments, but they can be quite scary. 

 

8. I’ve learned to express ideas more succinctly and to write more quickly.  I hope that this will have a positive impact on my scholarly writing.  After all, the law reviews are now enforcing page limits, so my days of writing 80-page clunkers are over. 

More thoughts later.  After all, posting thoughts about blogging is a great cure for blogiety. 

Posted by Daniel Solove on June 8, 2005 at 03:20 AM in Blogging, Daniel Solove | Permalink | Comments (10) | TrackBack

Tuesday, June 07, 2005

Blogospherics

Orin Kerr asks:

[S]omeone needs to come up with a name for discussions about the blogosphere's gender/political/racial breakdown. These sorts of questions seem to pop up pretty frequently, and always lead to lots of discussion. Ideas, anyone?

I recommend "blogospherics," which I arrive at by combining "blogosphere" with "demographics."

Posted by Daniel Solove on June 7, 2005 at 10:03 PM in Blogging, Daniel Solove | Permalink | Comments (8) | TrackBack

Soup for Me at $5 but No Soup for You (Or Maybe at $10)

There is still more interesting grist from the national telephone survey by the Annenberg Public Policy Center at the University of Pennsylvania.  The report has an extensive discussion of price discrimination – offering different prices for the same product or service to different customers based on behavioral profiling.

 

This practice is already happening.  Supermarket discount cards are an example of price discrimination.  The report notes: “[B]eing a loyal customer doesn’t automatically mean getting the lowest prices.  Computer analyses of shopping histories might determine that a person’s allegiance to some products means he or she would buy them even without the discounts, or with smaller discounts than others might get for the same items at the same time.” 

But the future potential for discriminatory pricing is vast.  Ponder this:

Merchants consider the online environment a particularly ripe are for such “dynamic pricing” – that is, for . . . price discrimination driven by behavioral targeting.  Writing in Harvard Business Review, associates from McKinsey & Company chided online companies that they are missing out on a “big opportunity” if they are not tracking customers’ behavior and adjusting prices accordingly.  Consultants urge retailers to tread carefully, though, so as not to alienate customers.  The most public revelation of price discrimination online centered on customer anger at Amazon.com in September 2000 when it offered the same DVDs to different customers at discounts of 30%, 35% or 40% off the manufacturer’s suggested retail price.  Amazon insisted that its discounts were part of a random “price test” and not based on customer profiling.  After weeks of customer criticism, the firm offered to refund the difference to buyers who had paid the higher prices. 

Angeldemon One marketing book suggests that companies begin to treat consumers differently.  The book notes that certain customers (“angel” customers) are very profitable, but that there are other rather unprofitable customers (“demon” customers).  For example, demon customers return items frequently or call customer service a lot.  They can actually cost a company money.  Thus, the book recommends that companies find ways to slough off the demons and retain the angels.

What if, based on profiles, companies started charging higher prices based on people who appeared to be wealthier?  Or people who were determined to have a particular need for a product or service?  Or based on how often people called to complain about products or how often people returned items?  Are such practices uncouth?  Illegal? 

Well . . . not illegal.  But that’s not what most people think:

· 68% of American adults who have used the internet in the past month believe incorrectly that “a site such as Expedia or Orbitz that compares prices on different airlines must include the lowest airline prices.”

· 64% of American adults who have used the internet recently do not know it is legal for “an online store to charge different people different prices at the same time of day.”  71% don’t know it is legal for an offline store to do that.

As for whether such practices are unseemly, that’s for you to decide.  Some might say that price discrimination is fine so long as it makes economic sense.  If you’re willing to pay more than me, why not charge you more?  On the other hand, decisions about who pays what are based on personal information plugged into a profile.  The argument for consumer profiling is that it enables marketers to better target advertisements to interested consumers, thus bringing consumers more information about things that they will find of interest.  This seems quite innocuous.  But what if every little thing we buy, return, or complain about is tracked and then used as a way to treat customers differently, to charge them different rates for products and services?  Things begin to look a bit more problematic.

Posted by Daniel Solove on June 7, 2005 at 03:31 AM in Daniel Solove, Information and Technology | Permalink | Comments (20) | TrackBack

Don’t Know Much About Privacy . . .

Annenberg_2 More interesting results from a recent national telephone survey by the Annenberg Public Policy Center at the University of Pennsylvania.  The report states:

The survey further reveals that the majority of adults who use the internet do not know where to turn for help if their personal information is used illegally online or offline.  The study’s findings suggest a complex mix of ignorance and knowledge, fear and bravado, realism and idealism that leaves most internet-using adult American shoppers open to financial exploitation by retailers.

Some statistics:

· 66% could not correctly name even one of the three U.S. credit reporting agencies (Equifax, Experian, and TransUnion). . . .

· 72% do not know that charities are allowed to sell their names to other charities even without permission.

· 64% do not know that a supermarket is allowed to sell other companies information about what they buy.

· 75% do not know the correct response—false—to the statement, “When a website has a privacy policy, it means the site will not share my information with other websites or companies.”

Yikes! 

The current approach toward protecting consumer privacy is, in many contexts, largely self-regulatory.  It consists of a company informing consumers of the use of their personal information via privacy policies and allowing consumers to choose whether or not to do business with that company.   But if so many people are misinformed, does this system really work?  And if the onus is on individuals to protect themselves against identity theft by monitoring their credit reports, how effective can this be if most consumers don’t know about the credit reporting agencies? 

Posted by Daniel Solove on June 7, 2005 at 03:29 AM in Daniel Solove, Information and Technology | Permalink | Comments (0) | TrackBack

Monday, June 06, 2005

Just How Gullible Are We?

Phish Why do we keep getting that Nigerian money scam email?  Who could possibly fall for it?  One would think that by now, the gig wouldn’t work – people would be on to it – and those pesky spammers would move on to another scam.  But alas, somebody out there must be falling for it.  A recent national telephone survey by the Annenberg Public Policy Center at the University of Pennsylvania reveals some startling statistics about gullibility in all its splendor:

49% could not detect illegal “phishing”—the activity where crooks posing as banks send emails to consumers that ask them to click on a link wanting them to verify their account.

Phishing is not really all that new.  It’s just con-artistry in the digital age.  Other studies reveal that offline, people are just as gullible.  According to an article in The New York Times:

Alas, we appear to be no better equipped in the real world. In a survey conducted alongside the Infosecurity Europe trade show earlier this year, more than 90 percent of roughly 200 people approached on the street were duped into giving away enough information to steal their identities - all for the chance at winning some theater tickets.

We often hear the refrain that people must be more careful with their personal data, and we like to think we’re above being duped.  After all, one has to be really dumb to fall for these scams, right?  Perhaps not, if these studies are correct.  So next time you fall for the email from the eBay billing department that says you need to re-enter your membership data in order to prevent the termination of your account . . . well . . . it appears you’re not alone.  Oh, and by the way, please don’t forget to wire $1000 to our PrawfsBlawg bank account in the Cayman Islands.  We promise that if you do, you’ll we'll get very rich. 

Posted by Daniel Solove on June 6, 2005 at 11:18 PM in Daniel Solove, Information and Technology | Permalink | Comments (5) | TrackBack

Data Leaks: Déjà Vu All Over Again

Citigroup Déjà vu.  All over again.  And again.  Yet another data security break, as if the scores of breaches announced earlier weren't already enough.  A short while ago, I posted about a tally of the security breaches indicating that the personal data of over 5 million people had been leaked or improperly accessed.  Now this, from the AP:

CitiFinancial, the consumer finance division of Citigroup Inc., said Monday it has begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts -- including Social Security numbers and payment histories -- have been lost.

Citigroup, which is based in New York, said the tapes were lost by the courier UPS Inc. in transit to a credit bureau.

That puts the tally at over 8 million people.  Something is seriously wrong with the way personal data is maintained and used.  Back in 2004, I wrote in my book: "Companies collect and maintain our information; they often use it for a myriad of new purposes; and they are frequently careless about the security of our data."  It would be nice to say that I was making a profound point, but it was an obvious observation -- even back before the news of all the data leaks.   Hopefully, lawmakers will recognize it as obvious now.

Posted by Daniel Solove on June 6, 2005 at 04:01 PM in Daniel Solove, Information and Technology | Permalink | Comments (0) | TrackBack

Identity Thief Professors?

If you're a professor, want to make a quick buck?  Apparently, some professors have joined the ranks of identity thieves.  A community college professor stole the identities of three of his students and used them to fill out credit card applications in the students' names.  According to a CNN story:

Slosberg had asked his students to write their names and Social Security numbers on a sign-in sheet, students said. "We all signed it," Amanda Bracewell said. "We figured, 'He's a teacher, what is he going to do with it?"'

Many schools use student Social Security Numbers (SSNs) as identification numbers.  For example, I get a printout of my student names and SSNs after I grade their exams, as students' exam identification numbers are their SSNs.  A number of schools put student SSNs on identification cards.  The practice of using SSNs as identifiers by schools and other institutions exposes students to a risk of identity theft.  Beyond professors gone bad, SSNs can wind up in the hands of identity thieves when documents with student names and SSNs are discarded or when a student ID card gets lost.  So for all the student readers of this blog, be extra kind to us professors . . . or else.

Posted by Daniel Solove on June 6, 2005 at 11:57 AM in Daniel Solove, Information and Technology | Permalink | Comments (1) | TrackBack

Sunday, June 05, 2005

Judge Posner on Mandatory Mental Acuity Tests for Judges and Profs Age 70+

Judge Richard Posner has a provocative post on the Becker-Posner blog about a proposal to require mandatory mental acuity tests for judges and professors over 70 years of age:

I wish to make a suggestion that would achieve the principal benefits of mandatory retirement without the principal costs. It is simply this: beginning at age 70, require every life-tenured professor and every life-tenured judge to take a test of mental acuity every five years. (I use these simply as examples of "light" jobs from which the occupant is unlikely to be forced to retire by the demands that the job places on him.) The test results would be available to the members of the professor’s department or the judge’s court but to no others. The results would not be a basis for a determination of incapacity; they would not even be admissible in a competence hearing. The expectation rather is that a poor test result would persuade the individual, perhaps by persuading his colleagues who would in turn persuade him, or persuade members of his family to persuade him, to retire voluntarily.

I am skeptical of this proposal.  Beyond difficulties in designing the test, which Posner duly notes, I wonder whether the primary problem with older judges and professors is the loss of mental acuity.  Is there really a widespread problem here?  I suspect the reason why institutions may want older colleagues to retire is because some of these colleagues may have simply overstayed their welcome.  When there’s life tenure, as on the federal bench and with law school professorships, retirement is often the most effective remedy for dealing with a lazy or problem-generating judge or faculty member.  I believe that tenure is very important, and folks sticking around when they’re not wanted anymore is one of the costs.  There are certainly cases where mental acuity becomes an issue, but I do not see much evidence from Posner that this is really a central problem requiring much attention.  Making faculty members 70 and over take a mental acuity test seems like a needless and demeaning exercise unless it really delivers significant benefits.  The real problem is how to preserve tenure while at the same time dealing more effectively with problematic colleagues.  My speculation is that mental infirmity is only a small percentage of the problems encountered with a judge or professor.  Without examining the scope or nature of the problem, Posner has not made a convincing case.

Posted by Daniel Solove on June 5, 2005 at 10:01 PM in Daniel Solove, Law and Politics | Permalink | Comments (0) | TrackBack