21 December 2013

Surveillance and the social

'The Legality of the National Security Agency's Bulk Data Surveillance Programs' by John Yoo in Harvard Journal of Law and Public Policy argues that
Controversy has arisen again over the federal government’s electronic surveillance efforts to gather intelligence on foreign terrorist groups. Recent disclosures, both authorized and illicit, have described two secret National Security Agency (NSA) programs. The first collects telephone “metadata” such as calling records — but not the content of phone calls — both inside and outside the United States. A second NSA program intercepts the e-mails of non U.S. persons outside the United States.
Despite the claims of critics, these programs do not violate the Foreign Intelligence Surveillance Act (FISA), as recently amended by Congress, or the Fourth Amendment to the Constitution. Concerns about the proper balance between these surveillance programs and individual privacy may be appropriate, but they properly fall within the province of Congress and the President to set future national security policy.
Part I of this paper describes the surveillance efforts against al Qaeda within a broader historical and legal context. Part II argues that the programs, as described publicly by authoritative sources, appear to meet statutory requirements. Part III addresses whether the NSA programs are constitutional along two dimensions. It argues that even if some aspect of the NSA programs does not fall within Congress’s authorization for foreign intelligence and counter-terrorism surveillance, it would most likely rest within the President’s Commander-in-Chief authority over the management of war. Second, even if the federal government has the internal authority to conduct surveillance, the Bill of Rights, through the Fourth Amendment, may still prohibit its application to citizens or non-citizens present in the territorial United States. Part III argues, however, that the NSA programs do not violate the Fourth Amendment, as currently interpreted by the federal courts.
A perspective on Yoo is provided in the mordant article noted here.

'Regulating Electronic Identity Intermediaries: The 'Soft eID' Conundrum' by Tal Zarsky and Norberto Nuno Gomes de Andrade in (2013) 74(6) Ohio State Law Journal comments that
Online intermediation platforms, such as Facebook and Amazon, are traditionally defined by their roles in enabling the publication, sharing and distribution of information, as well as the purchase of products and services. Nonetheless, these platforms have assumed an additional role, which has yet to be fully discussed and acknowledged: the role of identity intermediation. This new function can be defined as the process of creating, authenticating, verifying and guiding stable identities used for interacting in the digital realm. This Article explains and demonstrates this role, along with the disputes and tensions it generates. It further discusses a set of specific legal rules, duties and responsibilities for regulating identity intermediaries.
After a brief introduction (Part I), The Article (in Part II) provides the background and terminology for understanding the role of identity intermediaries in the digital age. It notes the recent rise of “soft eID” intermediaries. These are defined as entities which provide for identity intermediation, yet do so incidentally, remotely and in a lightly regulated environment. Part III moves to further address soft eID intermediation, distinguishing between intermediations which rely upon the use of “Real Names” and “Stable Pseudonyms” — each category employing a different set of technologies and verification methods, and generating unique benefits and concerns.
Part IV explores the benefits and risks associated with soft eIDs. Identity intermediation secures economic benefits, protects personality and identity interests, enhances autonomy and promotes free speech. Yet it also raises security and privacy concerns, as soft eIDs might be hacked, used for impersonation or identity misrepresentation. In addition, identity intermediaries may also abuse their power by terminating accounts or limiting their interoperability and mobility.
Seeking the proper legal regime, Part V briefly examines related regulatory frameworks for identity intermediation, namely the EU Electronic Signature (eSig) Directive and its future developments under the current revision process, and the US National Strategy for Trusted Identities in Cyberspace (NSTIC). On the basis of this analysis, Part VI provides recommendations for legal responses, examining a variety of policy moves specific to soft eID intermediaries, such as requiring mandatory approval, setting up a voluntary accreditation system and assigning tort liability. After generally discarding the first two options, the Article closely examines whether and how tort liability should normatively be assigned to these identity intermediaries. Finally, this Part examines the role law should take in curbing the intermediaries’ excessive ability to impede on the individual’s identity interests.
The same issue of the journal features 'Social Data' by Woodrow Hartzog, arguing that
As online social media grow, it is increasingly important to distinguish between the different threats to privacy that arise from the conversion of our social interactions into data. One well-recognized threat is from the robust concentrations of electronic information aggregated into colossal databases. Yet much of this same information is also consumed socially and dispersed through a user interface to hundreds, if not thousands, of peer users.
In order to distinguish relationally shared information from the threat of the electronic database, this essay identifies the massive amounts of personal information shared via the user interface of social technologies as “social data.” The main thesis of this essay is that, unlike electronic databases, which are the focus of the Fair Information Practice Principles (FIPPs), there are no commonly accepted principles to guide the recent explosion of voluntarily adopted practices, industry codes, and laws that address social data.
This essay aims to remedy that by proposing three social data principles — a sort of FIPPs for the front-end of social media: the Boundary Regulation Principle, the Identity Integrity Principle, and the Network Integrity Principle. These principles can help courts, policymakers, and organizations create more consistent and effective rules regarding the use of social data.