30 January 2015

Freedoms

'Privacy and Intellectual Freedom' by Neil M. Richards and Joanna F. Cornwell in Mark Alfino (ed) The Handbook of Intellectual Freedom (Unwin 2014) offers a
n account of the complex ways intellectual freedom and privacy are interrelated. We pay particular attention to both the constitutional dimensions of these important values, as well as the important roles that social and professional norms play in their protection in practice.  
Our examination of these issues is divided into three parts. 
Part I lays out the law and legal theory governing privacy as it relates to intellectual freedom. Part II examines a special context in which law and professional norms operate together to protect intellectual freedom through privacy – the library. Finally, Part III discusses how government actions and other threats can infringe individuals’ privacy, potentially threatening intellectual freedom.

28 January 2015

GINA

'Protecting Posted Genes: Social Networking and the Limits of GINA' by Sandra Soo-Jin Lee and Emily Borgelt in (2014) 14(11) The American Journal of Bioethics 32-44 comments
The combination of decreased genotyping costs and prolific social media use is fueling a personal genetic testing industry in which consumers purchase and interact with genetic risk information online. Consumers and their genetic risk profiles are protected in some respects by the 2008 federal Genetic Information Nondiscrimination Act (GINA), which forbids the discriminatory use of genetic information by employers and health insurers; however, practical and technical limitations undermine its enforceability, given the everyday practices of online social networking and its impact on the workplace. In the Web 2.0 era, employers in most states can legally search about job candidates and employees online, probing social networking sites for personal information that might bear on hiring and employment decisions. We examine GINA's protections for online sharing of genetic information as well as its limitations, and propose policy recommendations to address current gaps that leave employees’ genetic information vulnerable in a Web-based world.
The authors state -
 In 2006, TIME Magazine made the surprise announcement that its “Person of the Year” award would go to “You” (Grossman 2006). Heralding the arrival of Web 2.0, TIME reveled in the unprecedented ease of connecting “citizen to citizen” and the productive potential of sharing information online. Two years later, TIME bestowed its “Invention of the Year” award onto the direct-to-consumer (DTC) personal genetic test kit offered by startup company 23andMe, predicting it would “transform not only how we take care of ourselves but also what we mean by personal information” (Hamilton 2008). And in 2010, Mark Zuckerberg, founder and chief executive officer (CEO) of Facebook, became TIME's “Person of the Year” for transforming “the way human beings relate to one another on a species-wide scale” (Grossman 2010). The 21st century ushered in a new era of ubiquitous online connectivity and sharing with social networking portals such as Facebook, LinkedIn, and Twitter that are now embedded into the daily rituals of more than a billion users across the globe  — an experience expanding to even areas of limited Internet connectivity through partnerships between social media and mobile device conglomerates (Goel 2013). At the same time, an explosion in genetic research has allowed greater access to personal genetic information (PGI) than ever before and online platforms have emerged to facilitate PGI-based social networking. With new norms for personal information exchange and the proliferation of consumer tools for Web-based health and PGI management, the existing regulatory protections of PGI online demand a careful, pragmatic consideration that has been missing from discussions about personal genetic testing. 
In 2008, federal legislation entitled the Genetic Information Nondiscrimination Act (GINA) outlawed discrimination, harassment, or retaliation on the basis of genetic information in employment and health insurance decisions (Pub.L. 110–233, 122 Stat. 881). Here, we focus on the protections stipulated in Title II of GINA (§201–213), which prevents employers, health insurers, labor groups, training programs, and employment agencies from requesting or purchasing protected information from employees and job candidates. While protections took effect in 2009 following GINA's 2008 passage, the final federal regulations implementing Title II were issued in November 2010 and included provisions for social networking in its regulations about acquisition of genetic information, exceptions for inadvertent acquisition, and permissions (29 CFR 1635). In the context of social networking sites, websites, blogs, and the like, the regulations disallow intentional acquisition of genetic information unless it is acquired inadvertently, not sought on sites where it is likely to be, and/or the employee or candidate grants the employer permission to access the information. These regulations raise practical and ethical issues, which we examine in detail below. On- and offline, GINA protects genetic information defined as “(i) such individual's genetic tests, (ii) the genetic tests of family members of such individual, and (iii) the manifestation of a disease or disorder in family members of such individual” (Pub.L. 110–233, §201, 122 Stat. 881). The definition of genetic information also includes records of activities such as requesting or receiving genetic services and participating in clinical research. Protected genetic information is defined broadly by the statute and includes data collected from genetic tests pertaining to an individual or related family members and family medical history; the latter is included as a proxy for traditional genetic information because it can be used to determine inherited risk for certain health conditions. As such, genetic information encompasses a broad swath of data that can be used to discern genetic predisposition or health risk.
Per GINA, genetic information extends beyond common understandings of what is genetic, and has far-reaching implications for social networking, sharing, privacy, and protection of such online. All 50 states and the District of Columbia have passed laws that coincide with GINA in some capacity. Legislation at the state level, in many cases, preceded GINA and afforded similar protections. Some state laws attempt additional protections, for example, against discrimination in the domains of life and disability insurance, housing, or education, even though these do not all necessarily extend enforceable protections significantly beyond the purview of GINA (National Human Genome Research Institute [NHGRI] 2013a). To date, no state actions directly protect employees against discrimination from genetic information collected through Web-based social networks.
Given the nature of social connectivity and the recent pathways for individuals to obtain PGI, it is timely that GINA addresses the need for employee protection from accessing and using genetic information in employment-related decisions. The federal regulations acknowledge the need to negotiate tension between commenting groups that either championed employer exemption protection in accessing social media sites of employees or advocated for maximizing user protections online:
In general, civil rights groups and groups promoting genetic research, as well as others, indicated that excepted sources should be limited to widely available media with no heightened risk for containing genetic information, providing a variety of arguments in support of this position. See Comments of ACLU, APA, CGF, FDIC, GPPC, Genetic Alliance, LCCR, Members of PGEP, and World Privacy Forum. Several of these groups also noted that employers who access commercially and publicly available materials with a specific intent of searching for genetic information should not be permitted to take advantage of the exception. See Comments of CGF, FDIC, GPPC, Genetic Alliance, LCCR and World Privacy Forum. Employers and employer groups, on the other hand, maintained that media formats such as personal web pages, social networking sites, and blogs should be part of the exception arguing, among other things, that such sources are publicly available and that employers have legitimate reasons to access them. (Federal Register 2010, 29 CFR 1635.1)
Although the final rule provides forward-thinking provisions for the protection of genetic information acquired through online spaces and social networking media, the practical challenges of GINA in providing protections for employees and job candidates remain uncharted in the literature. Serious challenges include the blurring boundary between professional and personal networks and the dual use of mobile devices—for example, smartphones, tablets, and portable computers—for both business and private purposes. GINA specifies narrow exceptions to its prohibition of the collection of employee/candidate genetic information, granting employers reprieve from liability in circumstances such as inadvertent acquisition. It is, in all cases, illegal for employers to use genetic information in a manner that could be construed to be discriminatory or retaliatory. However, the public nature of social networking combined with the surreptitious nature of Web-based surveillance creates a climate in which an apparently wronged party may have tremendous difficulty meeting the burden of proof required for recourse if genetic information were obtained via social media.
In 2009 Lee and Crawley discussed how increasing social connectivity around PGI demands empirical investigation and careful consideration of the social and ethical implications for this new mode of biosociality. Here we address an issue that flows out of our findings, published elsewhere (Lee 2013a; Lee 2013b; Lee 2014; Lee et al. 2013; Vernez et al. 2012), from an in-depth qualitative study of social networking and direct-to-consumer (DTC) personal genomics. Our interviews and focus groups with consumers of DTC personal genomics company 23andMe, Inc., described extensive, dynamic sharing practices both on- and offline. Many of these consumers cited, in relationship to other motivations, a comfort in sharing and social networking due to the belief that GINA offers sufficient and broad protection from discrimination, even online. Most attention and controversy surrounding personal genetic testing have revolved around the practice of DTC testing, our study included. Indeed, this is one—increasing popular—avenue for access to personal genetic information, and, as a formidable contributor to the problems we raise here, we consider its connection to social media. However, the issue of limited protections for genetic discrimination online extends well beyond the realm of DTC genetic testing. Given the broad definition of genetic information laid out in GINA, it also includes posting information about health or family history, family members’ past or ongoing health issues, personal ancestry information with health implications, and even sharing personal motivations for involvement in disease communities or research efforts. Thus, we examine GINA's provisions for online activity in the current mobile, Web-based culture of sharing and social networking; in doing so, we identify points of ambiguity, practical and technical limitations, and shortcomings of enforceability that require renewed regulatory attention and recourse, to fully realize the spirit of GINA's protections for the throngs of social media users who otherwise may be inadequately protected against genetic discrimination.

Internet of Things

The US Federal Trade Commission has released a staff report [PDF] on The Internet of Things - Privacy and Security in a Connected World.

 It states -
The Internet of Things (“IoT”) refers to the ability of everyday objects to connect to the Internet and to send and receive data. It includes, for example, Internet-connected cameras that allow you to post pictures online with a single click; home automation systems that turn on your front porch light when you leave work; and bracelets that share with your friends how far you have biked or run during the day. Six years ago, for the first time, the number of “things” connected to the Internet surpassed the number of people. Yet we are still at the beginning of this technology trend. Experts estimate that, as of this year, there will be 25 billion connected devices, and by 2020, 50 billion.
Given these developments, the FTC hosted a workshop on November 19, 2013 – titled The Internet of Things: Privacy and Security in a Connected World. This report summarizes the workshop and provides staff’s recommendations in this area. Consistent with the FTC’s mission to protect consumers in the commercial sphere and the focus of the workshop, our discussion is limited to IoT devices that are sold to or used by consumers. Accordingly, the report does not discuss devices sold in a business-to-business context, nor does it address broader machine-to- machine communications that enable businesses to track inventory, functionality, or efficiency.
Workshop participants discussed benefits and risks associated with the IoT. As to benefits, they provided numerous examples, many of which are already in use. In the health arena, connected medical devices can allow consumers with serious medical conditions to work with their physicians to manage their diseases. In the home, smart meters can enable energy providers to analyze consumer energy use, identify issues with home appliances, and enable consumers to be more energy-conscious. On the road, sensors on a car can notify drivers of dangerous road conditions, and software updates can occur wirelessly, obviating the need for consumers to visit the dealership. Participants generally agreed that the IoT will offer numerous other, and potentially revolutionary, benefits to consumers.
As to risks, participants noted that the IoT presents a variety of potential security risks that could be exploited to harm consumers by:
(1) enabling unauthorized access and misuse of personal information; 
(2) facilitating attacks on other systems; and 
(3) creating risks to personal safety.
Participants also noted that privacy risks may flow from the collection of personal information, habits, locations, and physical conditions over time. In particular, some panelists noted that companies might use this data to make credit, insurance, and employment decisions. Others noted that perceived risks to privacy and security, even if not realized, could undermine the consumer confidence necessary for the technologies to meet their full potential, and may result in less widespread adoption.
In addition, workshop participants debated how the long-standing Fair Information Practice Principles (“FIPPs”), which include such principles as notice, choice, access, accuracy, data minimization, security, and accountability, should apply to the IoT space. The main discussions at the workshop focused on four FIPPs in particular: security, data minimization, notice, and choice. Participants also discussed how use-based approaches could help protect consumer privacy.
1. Security
There appeared to be widespread agreement that companies developing IoT products should implement reasonable security. Of course, what constitutes reasonable security for a given device will depend on a number of factors, including the amount and sensitivity of data collected and the costs of remedying the security vulnerabilities. Commission staff encourages companies to consider adopting the best practices highlighted by workshop participants, including those described below.
First, companies should build security into their devices at the outset, rather than as an afterthought. As part of the security by design process, companies should consider:
(1) conducting a privacy or security risk assessment; 
(2) minimizing the data they collect and retain; and 
(3) testing their security measures before launching their products.
Second, with respect to personnel practices, companies should train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization. 
Third, companies should retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers. 
Fourth, when companies identify significant risks within their systems, they should implement a defense-in- depth approach, in which they consider implementing security measures at several levels. 
Fifth, companies should consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network. 
Finally, companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.
2. Data Minimization
Data minimization refers to the concept that companies should limit the data they collect and retain, and dispose of it once they no longer need it. Although some participants expressed concern that requiring data minimization could curtail innovative uses of data, staff agrees with the participants who stated that companies should consider reasonably limiting their collection and retention of consumer data. Data minimization can help guard against two privacy-related risks. First, larger data stores present a more attractive target for data thieves, both outside and inside a company – and increases the potential harm to consumers from such an event. Second, if a company collects and retains large amounts of data, there is an increased risk that the data will be used in a way that departs from consumers’ reasonable expectations.
To minimize these risks, companies should examine their data practices and business needs and develop policies and practices that impose reasonable limits on the collection and retention of consumer data. However, recognizing the need to balance future, beneficial uses of data with privacy protection, staff’s recommendation on data minimization is a flexible one that gives companies many options. They can decide not to collect data at all; collect only the fields of data necessary to the product or service being offered; collect data that is less sensitive; or de-identify the data they collect. If a company determines that none of these options will fulfill its business goals, it can seek consumers’ consent for collecting additional, unexpected categories of data, as explained below.
3. Notice and Choice
The Commission staff believes that consumer choice continues to play an important role in the IoT. Some participants suggested that offering notice and choice is challenging in the IoT because of the ubiquity of data collection and the practical obstacles to providing information without a user interface. However, staff believes that providing notice and choice remains important.
This does not mean that every data collection requires choice. The Commission has recognized that providing choices for every instance of data collection is not necessary to protect privacy. In its 2012 Privacy Report, which set forth recommended best practices, the Commission stated that companies should not be compelled to provide choice before collecting and using consumer data for practices that are consistent with the context of a transaction or the company’s relationship with the consumer. Indeed, because these data uses are generally consistent with consumers’ reasonable expectations, the cost to consumers and businesses of providing notice and choice likely outweighs the benefits. This principle applies equally to the Internet of Things.
Staff acknowledges the practical difficulty of providing choice when there is no consumer interface and recognizes that there is no one-size-fits-all approach. Some options include developing video tutorials, affixing QR codes on devices, and providing choices at point of sale, within set-up wizards, or in a privacy dashboard. Whatever approach a company decides to take, the privacy choices it offers should be clear and prominent, and not buried within lengthy documents. In addition, companies may want to consider using a combination of approaches. Some participants expressed concern that even if companies provide consumers with choices only in those instances where the collection or use is inconsistent with context, such an approach could restrict unexpected new uses of data with potential societal benefits. These participants urged that use limitations be considered as a supplement to, or in lieu of, notice and choice. With a use-based approach, legislators, regulators, self-regulatory bodies, or individual companies would set “permissible” and “impermissible” uses of certain consumer data.
Recognizing concerns that a notice and choice approach could restrict beneficial new uses of data, staff has incorporated certain elements of the use-based model into its approach. For instance, the idea of choices being keyed to context takes into account how the data will be used: if a use is consistent with the context of the interaction – in other words, it is an expected use – then a company need not offer a choice to the consumer. For uses that would be inconsistent with the context of the interaction (i.e., unexpected), companies should offer clear and conspicuous choices. In addition, if a company collects a consumer’s data and de-identifies that data immediately and effectively, it need not offer choices to consumers about this collection. Furthermore, the Commission protects privacy through a use-based approach, in some instances. For example, it enforces the Fair Credit Reporting Act, which restricts the permissible uses of consumer credit report information under certain circumstances. The Commission also applies its unfairness authority to challenge certain harmful uses of consumer data.
Staff has concerns, however, about adopting a pure use-based model for the Internet of Things. First, because use-based limitations are not comprehensively articulated in legislation, rules, or widely-adopted codes of conduct, it is unclear who would decide which additional uses are beneficial or harmful. Second, use limitations alone do not address the privacy and security risks created by expansive data collection and retention. Finally, a pure use-based model would not take into account consumer concerns about the collection of sensitive information. The establishment of legislative or widely-accepted multistakeholder frameworks could potentially address some of these concerns. For example, a framework could set forth permitted or prohibited uses. In the absence of consensus on such frameworks, however, the approach set forth here – giving consumers information and choices about their data – continues to be the most viable one for the IoT in the foreseeable future.
4. Legislation
Participants also discussed whether legislation over the IoT is appropriate, with some participants supporting legislation, and others opposing it. Commission staff agrees with those commenters who stated that there is great potential for innovation in this area, and that IoT-specific legislation at this stage would be premature. Staff also agrees that development of self-regulatory programs designed for particular industries would be helpful as a means to encourage the adoption of privacy- and security-sensitive practices.
However, in light of the ongoing threats to data security and the risk that emerging IoT technologies might amplify these threats, staff reiterates the Commission’s previous recommendation for Congress to enact strong, flexible, and technology-neutral federal legislation to strengthen its existing data security enforcement tools and to provide notification to consumers when there is a security breach. General data security legislation should protect against unauthorized access to both personal information and device functionality itself. For example, if a pacemaker is not properly secured, the concern is not merely that health information could be compromised, but also that a person wearing it could be seriously harmed.
In addition, the pervasiveness of information collection and use that the IoT makes possible reinforces the need for baseline privacy standards, which the Commission previously recommended in its 2012 privacy report. Although the Commission currently has authority to take action against some IoT-related practices, it cannot mandate certain basic privacy protections – such as privacy disclosures or consumer choice – absent a specific showing of deception or unfairness. Commission staff thus again recommends that Congress enact broad- based (as opposed to IoT-specific) privacy legislation. Such legislation should be flexible and technology-neutral, while also providing clear rules of the road for companies about such issues as how to provide choices to consumers about data collection and use practices.
In the meantime, we will continue to use our existing tools to ensure that IoT companies continue to consider security and privacy issues as they develop new devices. Specifically, we will engage in the following initiatives:
• Law enforcement: The Commission enforces the FTC Act, the FCRA, the health breach notification provisions of the HI-TECH Act, the Children’s Online Privacy Protection Act, and other laws that might apply to the IoT. Where appropriate, staff will recommend that the Commission use its authority to take action against any actors it has reason to believe are in violation of these laws. 
• Consumer and business education: The Commission staff will develop new consumer and business education materials in this area. 
• Participation in multi-stakeholder groups: Currently, Commission staff is participating in multi-stakeholder groups that are considering guidelines related to the Internet of Things, including on facial recognition and smart meters. Even in the absence of legislation, these efforts can result in best practices for companies developing connected devices, which can significantly benefit consumers. 
• Advocacy: Finally, where appropriate, the Commission staff will look for advocacy opportunities with other agencies, state legislatures, and courts to promote protections in this area.

25 January 2015

Regulation

'How the WTO Shapes the Regulatory State' by Gregory Shaffer (UC Irvine School of Law Research Paper No. 2015-10) comments -
The World Trade Organization (WTO) arguably shapes regulatory governance in more countries to a greater extent than any other international organization. This chapter provides a new framework for assessing the broader regulatory implications of the WTO within nation states, as opposed to viewing the WTO as a form of global governance above the nation state.
It first examines seven types of changes required for national law and legal practice, which affect how the state raises revenue, how the state spends it, and the principles the state applies to regulation. The chapter then assesses four broader dimensions of regulatory change catalyzed by WTO rules:
(i) changes in the boundary between the market and the state (involving concomitantly market liberalization and growth of the administrative state);
(ii) changes in the relative authority of institutions within the state (promoting bureaucratized and judicialized governance);
(iii) changes in professional expertise engaging with state regulation (such as the role of lawyers); and
(iv) changes in normative frames and accountability mechanisms for national regulation (which are trade liberal and transnational in scope).
In practice, these four dimensions of change interact and build on each other. The chapter presents what we know to date and a framework for conducting further empirical study.

Tax Tales (The AAT has fun with Dick and Dora)

Noting [1] through [7] and [9] of WT86/1506, WT86/1507 and Commissioner of Taxation [1988] AATA 396; (1988) 19 ATR 3270; 88 ATC 355 as a quirky example of legal writing -
1. Once upon a time, there were two little children called Dick and Dora. They had a Mummy, a Daddy and a Family Trust. The Family Trust was very fond of Dick and Dora and, in 1979, it gave each of them $1000. That is called a "distribution". Their Mummy and Daddy also loved Dick and Dora very much. That is why Mummy and Daddy lent each of them $19,000. This involved a great sacrifice, for no matter how hard Mummy and Daddy searched through the house, they couldn't find the cash, so they had to borrow it, and that is a bad thing. So, with cap in hand, Mummy and Daddy went to the Family Trust and pleaded: "Please Mr Trust, can we borrow some money for our little children?" And the Trust, which was a good-natured trust, replied: "Sure buddy, that's OK". So they borrowed the money, onlent it to their children, who lent it back to the trust and they all lived happily ever after. The End
2. But even in fairy tales, there is usually a fly in the ointment. The "fly" in this tale is the fact that the trust didn't have the money either. Now that WAS a blow. But, as Milton once observed, when the devil is desperate, he'll eat flies, whether in the ointment or out. Now it so happened that Daddy, who owned a Finance Company, was a wizard with books of account. All he needed was a book, a pen and a few mirrors. If you watch carefully, you'll see how it is done.
3 It all began on June 2 1977, when the family trust credited Daddy's and Mummy's loan accounts with a lot of money, money that the trustee didn't have. That caused the trust account to be what grown-ups call "in the red" or "overdrawn". Now trustees who allow their trust account to be overdrawn are known as "naughty" trustees. This trustee knew that he was naughty, so he made himself a hot lemon drink, added an aspirin, stirred mightily and drank the magic potion down to the last drop. This is a well-known cure for overdrawn trust accounts and, hey presto, the account was in credit again. The whole process only took a few seconds and can be done by anyone who has a lemon, an aspirin, a clever trustee and an obliging bank manager. Watch how the trick was done in slow motion.
4. Mummy and Daddy each wrote out a cheque for $19,000 and gave one cheque to Dick and the other one to Dora. Then Dick, who was nearly four, and Dora who was not yet two, took these cheques and toddled off to the Bentley branch of the Australia and New Zealand Savings Bank Limited, looking to the left, looking to the right and left again to get to 1136 Albany Highway where they each opened a savings account. They signed the application forms and deposit slips and then put all that money in the hank in the cutest little handwriting you have ever seen. Young toddlers opening bank accounts, it seems, so counsel for the applicant assured me, is not at all unusual: "Banks encourage that sort of thing". Dick, who was a bright little lad, and streetwise beyond his years, asked the bank manager what rate of interest he and his sister could expect on their money. The rate was disappointing and, doing a quick calculation on his cute little fingers, he concluded that he and Dora could make a much more profitable investment with the family trust. "Let's lend the money back to the trust" he whispered to his sister, hoping the manager could not hear him. After all, they had just opened two accounts and it WAS a bit embarrassing to close them down again so soon. But Dora, less worldlywise than her brother, and saving up for her second birthday party, was not convinced. It all seemed rather, well, disloyal. To cut a long story short, after some highpowered financial discussion between brother and sister, they agreed on a compromise - they would lend the family trust $18,995, and each leave $5 with the bank for lollies and other necessaries. As luck would have it, and by sheer coincidence, the family trust also had its bank account with the same bank and at the same branch so that the money didn't have far to travel. All of it - save the $5 left in the accounts - had time to play "Here We Go Round The Mulberry Bush" and "Round Robin Hood" and other children's games and still be home in time for dinner. It was all a lot of fun. So much fun in fact, that everyone played the same games the next year (1979), and the next year and the So that on June 15 1979, to be exact, each child was "paid" an amount of $23,743.75, which was, it seems, made up of the loan monies lent to the trust together with interest (not quantified) and something extra (presumably another "loan"). Each child then waddled off to the bank again to pay in the money, draw out $23,740, play Round Robin and go home. 5. No one was called to depose to these events, I have been asked to assume them because the various amounts referred to appeared as credits and debits in Dick's and Dora's accounts. The only variation from the 1978 year was that this time the withdrawal was credited, not to the family trust, but to Daddy's Finance Company, which duly recorded the loans for each child in its books and resolved to repay them on demand with interest at 11.95% in advance. Dick's savings bankbook, which was made an exhibit, shows - however fleetingly - a credit of $26,575 for 18 April 1980, which accurately reflects a "repayment" of the loan, together with interest at 11.95%. Meanwhile, back at the bank, the lolly money ($5) attracted interest, and each child's account was credited with 18 cents on 7 June 1979.
6. The events recorded above disclose that in the relevant year, each child received as income
(i) 18 cents bank interest
(ii) $1000 from the family trust
(iii) interest on money lent.
7. It is tempting to treat these events as a fairy tale and to dismiss it good-humouredly as an interesting variation on a fiscal theme in A minor; alternatively, one could equally conclude that the various acts done and entries made had no other purpose than to give the appearance of creating between the parties legal rights and obligations which the parties had no intention of creating and - in the case of Dick and Dora - had no legal capacity to create. However, this was not argued by the Crown, presumably because such a finding would result in revealing a tax liability against a party from whom the tax is no longer recoverable. In the result, the case was fought pragmatically, as a salvage operation, on the basis that the interest received by Dick and Dora constituted the net income from a trust estate, so that, when taken in conjunction with the distribution from the family trust, sec. 7A of the Income Tax (Rates) Act 1976 would apply in respect of the multiple trusts. ...
9. If one ignores all the hanky panky involved in these transactions in the year now under review (1979) and starts from first principles, we find two parents "lending" some $38,000 to two toddlers barely able to walk. These funds are then onlent to the father's finance company. I have not been informed about the mechanics by which these transactions were achieved other than being assured that it was all done by the infants themselves. So be it. Nevertheless, whilst I am prepared to assume that Dick and Dora are bright little children and well advanced for their age, I am taking notice of what must surely be notorious, viz that children of such tender years are incapable of engaging in such transactions unaided. I am therefore satisfied that there was at all times a person or persons unknown who manipulated these funds on behalf of these infants. I can think of no better description for such person(s) than "trustee".

Hayekian Constitutionalism

'Radicalising Hayekian Constitutionalism' by Jonathan Crowe in (2014) 33(2) University of Queensland Law Journal 379-389 comments
The work of Friedrich A Hayek presents a compelling theory of the normative basis for constitutionalism and other related notions, such as the rule of law. It is difficult, however, to avoid a sense of incongruity when seeking to apply Hayekian notions within the context of the modern administrative state. Hayek is widely regarded as a conservative figure, although he famously rejected the label. A comparison between Hayek’s theory and modern modes of governance makes Hayek seem more radical than conservative, since deep reforms would be needed to instantiate anything like his preferred model. How radical, then, is Hayekian constitutionalism? That is the question I explore in this article.
The article begins by unpacking the normative foundations for Hayek’s theory of constitutionalism. I then examine the wider implications of the theory for politics and governance, focusing particularly on the role of the state in securing important social goods. I argue that Hayek provides a nuanced account of the place of the rule of law in social governance. However, his account of constitutionalism turns out to have more radical implications than he acknowledges. The article concludes by examining the relationship of Hayekian constitutionalism to the anarchist tradition in political philosophy. I suggest that Hayek’s arguments, considered in light of the striking failures of the contemporary corporatist state, give us reason to question his commitment to statism. Hayekian constitutionalists may have to become reluctant anarchists.
Crowe's 'Law Without the State' in (2014) 30(2) Policy 7-11 asks -
Could there be law without the state? This strikes many people as a strange question. Law is so closely associated today with the edicts of government authorities that it is hard to disentangle the two ideas. This article begins by exploring the conception of law that underpins this mindset. It offers an alternative understanding of law that makes it possible to conceive of a legal order without state authority. The article then asks what legal institutions might look like in the absence of the state and discusses some challenges to law in a stateless society. I argue that it is at least plausible to think that stable sources of legal order could be maintained in a stateless environment. This conception of law without the state provides a useful framework for thinking critically about the limitations of current state-centred legal institutions.

Consumers

'Passive Consumers vs. The New Online Disclosure Rules of the Consumer Rights Directive' by Joasia Luzak (Amsterdam Law School Research Paper No 2015-02) comments -
Despite the growing academic criticism of using mandatory information duties as one of the main consumer protection measures in consumer law, the recently adopted Consumer Rights Directive (hereafter, the ‘CRD’) maintains this trend in Europe. The long and detailed list of information duties provided for traders in Articles 5 and 6 of the CRD applies to any sale and services consumer contracts that falls under the scope of application of the CRD. For traders, however, fulfilling this obligation may seem to be an exercise in futility due to little evidence that consumers read these disclosures and actually benefit from them. Instead of understanding the duty to disclose as a duty to inform consumers we could see it as a duty to reach consumers with the disclosure, so that consumers possessed the information contained in it when they needed it for reference. With this in mind it is important to inquire what efforts traders must undertake to ascertain that the disclosure reaches consumers and whether they could rely on an, at least partially, active behaviour of consumers in obtaining this information. This conundrum plays a special role in online transactions. The Consumer Rights Directive was adopted, among others, to update the so-far existing rules on consumer distance selling contracts to the modern technologies, especially the Internet. Recital 5 CRD specifically recognizes the importance of the future increase in online trade and for the first time in European consumer law the Internet is clearly mentioned as one of the means of concluding distance selling contracts in Recital 20 CRD.