21 March 2015

Passwords and Devices at NZ Borders

The New Zealand Customs Service has released a discussion paper [PDF] regarding a review of the Customs and Excise Act 1996.

The paper proposes an amendment of the Act to give Customs personnel the power to require people to disclose passwords to their electronic devices when entering New Zealand, with failure to do so in the absence of a reasonable excuse would be an offence punishable with three months imprisonment. The rationale is that the power would be useful in 'helping detect objectionable material' and 'evidence of other offending, such as drugs offences'. It would also allow officials to verify an individual's travel plans, given that tickets and booking details are often held on computers and smartphones.

Officials would also be authorised to compel people to empty their pockets, currently not permitted unless those officials have "reasonable cause". The discussion paper indicates that it is rare for people to refuse to empty their pockets when asked, but "even a small proportion of people refusing to do so can present a significant threat to New Zealand".

Interestingly, enterprises would be permitted to hold their business records overseas with prior approval by Customs, something that would make it easier for "trusted businesses" to take advantage of overseas cloud computing services.

The paper states
When Customs does examine a person’s electronic device, the owner is not legally obliged to provide us with a password or encryption key to access the device. We have found that it is relatively uncommon for someone to refuse to provide this, but if they do refuse it can mean we have no way of uncovering evidence of criminal offending even when we know the device does hold this evidence.
If a person refuses to provide access, it is likely that Customs will seize the device for forensic examination and not return it immediately to the owner (unless there is nothing to suggest the device contains prohibited material). However, some devices cannot be accessed and examined by our Electronic Forensics Unit without password or encryption access. If Customs cannot require access to an electronic device, it is not possible to treat the device in the same way that we treat the examination of accompanying baggage. This undermines the purpose of examining electronic devices and is a barrier to us effectively investigating and prosecuting criminal offending.
The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 empowers us to require a person to provide access (such as passwords, codes and encryption keys) to an electronic device in relation to the movement of cash in breach of that Act. The Search and Surveillance Act also imposes this obligation on owners of devices where a search is performed under that Act; however, searches under that Act usually take place only if criminal offending is suspected.
The paper goes on to discuss options -
Our preferred solutions
Examining electronic devices: Explicitly include electronic devices in the scope of routine baggage searches This option would include an explicit reference to electronic devices in the new Act. Customs officers would continue to be able to examine electronic devices as part of a routine baggage search (if required), but there would be greater transparency for the public. This option would continue the practice of performing an initial examination on electronic devices without a threshold having to be met. This would confirm that Customs treats electronic devices and their content in the same way as physical goods accompanying a person across the border. In our view, this would allow us to adapt to changing technology and new methods of concealing prohibited material, such as objectionable material.
This option would also continue the practice of only performing full forensic examinations of electronic devices and copying the material when evidence of prohibited material or illegal activities is discovered on the device. The search is then escalated to a full forensic search of the device (see the diagram on page 133 for the current escalation process). This aligns with our personal search powers, where there may be an escalation from a routine baggage search to a personal search.
Customs does not examine the content of electronic devices outside of a routine baggage or personal search, and this would not change under this option.
This option is consistent with similar powers available to customs agencies in Australia, Canada, the United States and the United Kingdom. However, developing law in other countries is beginning to place greater weight on the privacy implications associated with information contained on electronic devices, including at the border.
Passwords and encryption: Require a person to provide a password or encryption key on request
Under this option, a new power would be included in the new Act to authorise Customs officers to require access to an electronic device in order to examine that device effectively. Access is likely to be in the form of a password, encryption key, or identification access.
A new offence and penalty would be included for failing to provide the relevant access when required to do so.
This option is consistent with the powers that Customs has under the Search and Surveillance Act 2012, and also the Anti-Money Laundering and Countering Financing of Terrorism Act 2009, to require people to provide access to an electronic device. It also aligns with comparable countries, such as Australia, the United States, Canada and the United Kingdom.
Other solutions we are considering
Examining electronic devices: Allow for the examination of electronic devices but with a threshold
This option would include an explicit reference to electronic devices in the new Act, as with our preferred option for examining electronic devices. But it would only allow Customs officers to examine electronic devices once a threshold has been met (rather than as part of a routine baggage search).
It is likely that this threshold would be similar to that currently provided for invoking our personal search powers, which is a reasonable suspicion that a person is hiding certain material on or about their person. In this case the threshold could instead be reasonable suspicion that an electronic device holds certain material. We believe that having a threshold that must be met before we can examine an electronic device does not allow us to meet the changing risks that electronic goods pose at the border. Under this option, electronic devices would not be treated in the same way as physical goods accompanying a person across the border; instead they would be treated in the same way as people suspected of hiding prohibited goods on their person.
A more practical alternative may be to limit a threshold to escalated searches. For example, a preliminary or cursory search of a device could be conducted as part of a routine baggage search, but any further search, such as cloning, forensic analysis, and copying of the content on the device, could be subject to a threshold. This threshold would probably be based on what material is found on the device during the preliminary examination.
Passwords and encryption: Apply the Search and Surveillance Act to Customs’ powers to examine electronic devices
This option would extend the scope of section 130 of the Search and Surveillance Act 2012 to apply to Customs’ examinations of electronic devices at the border. That particular section places a duty on a person to assist with access to an electronic device when required to do so by an officer exercising a search power that relates to data held on the device. This section does not currently apply to Customs’ examination of goods powers.
This option would extend section 130 to cover whichever option is adopted for the examination of electronic devices. This would enable Customs to require a person to provide the relevant access to the electronic device without the need for a separate provision in the Customs and Excise Act.
The offence for failing to comply with this obligation without reasonable excuse would also apply, and, if convicted, the person would be liable to a maximum prison term of three months.
Reporting requirements also accompany the search powers in the Search and Surveillance Act: any person who exercises a warrantless search power (such as searching an electronic device) must report in writing on the search as soon as practicable. Customs’ chief executive would also be required by that Act to report on the exercise of these powers in every annual report to Parliament under this option.
However, these reporting requirements would create unrealistic obligations for Customs, as there could potentially be electronic device examinations a number of times each day. When the Search and Surveillance Act was passed, Parliament deliberately did not extend that Act to all of Customs’ powers because the border environment is unique. If this option is adopted it may be possible to exclude the reporting requirements from Customs’ use of this power.
Status quo
Retaining the status quo would mean that Customs would be hampered in responding to changing risks related to technology. Because the Customs and Excise Act does not explicitly refer to electronic devices, it can be difficult for the public to identify when Customs can search these devices.
This option would not restrict Customs from continuing to examine electronic devices as part of routine baggage searches at the border. But we would not have the power to require a person to provide access to that device, and there could be a lack of transparency for the public.
Currently, there are costs and other impacts associated with us not being able to require access to electronic devices, both for Customs and for the device’s owner. These include: prolonged questioning by Customs officers; devices being seized for extended periods; and Customs being unable to examine the devices efficiently to identify evidence of criminal offending. In some cases, searches may be escalated unnecessarily because a person has refused to provide a password.
Who would be affected by change
The issue of access to electronic devices mainly affects international air passengers.
Most people voluntarily give Customs access to their electronic device when requested, and options involving legislative change would target the handful of people who refuse to provide access. However, the number who refuse may increase as technology continues to develop.
Customs recognises that accessing a person’s smartphone or laptop can be a sensitive and personal matter, as many people will have personal items such as family photos or emails on their devices. The options we have identified raise issues of individual privacy and the need for protection against unreasonable search, and those considerations need to be balanced against the need to protect the community from harm.
Whichever option is adopted, the power to examine electronic devices will continue to be constrained by the protection in the New Zealand Bill of Rights Act 1990 against unreasonable search. The collection or use of any personal information will also continue to be governed by the Privacy Act 1993. Specifically, personal information collected from electronic devices will be used only for the purposes for which it was collected. This is achieved by limiting any initial examination to a cursory screening, rather than a full forensic analysis.


I shudder to think what Karl Kraus would have made of the following abstract
The implicate or quantum connectivity of the coevolving phenomena of the cosmos, the ontohermeneutic complementarity relations between ourselves and the vast and minute systems we coconstitutingly participate, observe, prolong, and contextualize, and the eco-reciprocities among all forms of life afford us an understanding of ourselves as fractal or microcosmic embodiments and performances of what is irreducibly nondual anthropo-cosmogenesis. And if cosmogenesis is a self-referential process having nothing external to itself from which to obtain gain or satisfaction, we may analogously interpret our noninstrumentalizing contemplative experiences in complete attentiveness without regard to external payoffs as the fractal play of its creatively emergent self-delighting anthropocosmic self-awareness in the human dimensionality. Our attentive, noninstrumentalizing, and nonobjectifying contemplativity aconceptually presences connectivity and reciprocity in an aperspectivally transparent enactment of anthropocosmic ongoing-wholing whose meaning is the being of its own self-delighting. The sustainability of cocreative anthropocosmogenesis on Earth flourishes where our conduct and intrinsically rewarding contemplativity are consonant with and recreate the spontaneous coevolutionary play of intrinsically rewarding creatio continua unreduced, unobstructed, unfragmented, and uneclipsed by partial, excessively dualizing perspectives and related efforts for extrinsic gain.

Bugs in the beef

'Global trends in antimicrobial use in food animals' by Thomas P. Van Boeckel, Charles Brower, Marius Gilbert, Bryan T. Grenfell, Simon A. Levin, Timothy P. Robinson, Aude Teillant and Ramanan Laxminarayan in (2015) Proceedings of the National Academy of Science comments
Demand for animal protein for human consumption is rising globally at an unprecedented rate. Modern animal production practices are associated with regular use of antimicrobials, potentially increasing selection pressure on bacteria to become resistant. Despite the significant potential consequences for antimicrobial resistance, there has been no quantitative measurement of global antimicrobial consumption by livestock. We address this gap by using Bayesian statistical models combining maps of livestock densities, economic projections of demand for meat products, and current estimates of antimicrobial consumption in high-income countries to map antimicrobial use in food animals for 2010 and 2030. We estimate that the global average annual consumption of antimicrobials per kilogram of animal produced was 45 mg.kg, 148 mg.kg, and 172 mg.kg for cattle, chicken, and pigs, respectively. Starting from this baseline, we estimate that between 2010 and 2030, the global consumption of antimicrobials will increase by 67%, from 63,151 ± 1,560 tons to 105,596 ± 3,605 tons. Up to a third of the increase in consumption in livestock between 2010 and 2030 is imputable to shifting production practices in middle-income countries where extensive farming systems will be replaced by large-scale intensive farming operations that routinely use antimicrobials in subtherapeutic doses. For Brazil, Russia, India, China, and South Africa, the increase in antimicrobial consumption will be 99%, up to seven times the projected population growth in this group of countries. Better understanding of the consequences of the uninhibited growth in veterinary antimicrobial consumption is needed to assess its potential effects on animal and human health.
 The authors note that
Antimicrobials are used in livestock production to maintain health and productivity. These practices contribute to the spread of drug-resistant pathogens in both livestock and humans, posing a significant public health threat. We present the first global map (228 countries) of antibiotic consumption in livestock and conservatively estimate the total consumption in 2010 at 63,151 tons. We project that antimicrobial consumption will rise by 67% by 2030, and nearly double in Brazil, Russia, India, China, and South Africa. This rise is likely to be driven by the growth in consumer demand for livestock products in middle-income countries and a shift to large-scale farms where antimicrobials are used routinely. Our findings call for initiatives to preserve antibiotic effectiveness while simultaneously ensuring food security in low- and lower-middle-income countries. 


'Does Sharing Mean Caring? Regulating Innovation in the Sharing Economy' by Sofia Ranchordas in (2015) Minnesota Journal of Law, Science & Technology comments 
Sharing economy practices have become increasingly popular in the past years. From swapping systems, network transportation to private kitchens, sharing with strangers appears to be the new urban trend. Although Uber, Airbnb, and other online platforms have democratized the access to a number of services and facilities, multiple concerns have been raised as to the public safety, health and limited liability of these sharing economy practices. In addition, these innovative activities have been contested by professionals offering similar services that claim that sharing economy is opening the door to unfair competition. Regulators are at crossroads: on the one hand, innovation in sharing economy should not be stifled by excessive and outdated regulation; on the other, there is a real need to protect the users of these services from fraud, liability and unskilled service providers.
This dilemma is far more complex than it seems since regulators are confronted here with an array of challenging questions: firstly, can these sharing economy practices be qualified as "innovations" worth protecting and encouraging? Secondly, should the regulation of these practices serve the same goals as the existing rules for the equivalent commercial services (e.g. taxi regulations)? Thirdly, how can regulation keep up with the evolving nature of these innovative practices? All these questions, come down to one simple problem: too little is known about the most socially effective ways of consistently regulating and promoting innovation. The solution of these problems implies analyzing two fields of study which still seem to be at an embryonic stage in the legal literature: the study of sharing economy practices and the relationship between innovation and law in this area.
In this article, I analyze the challenges of regulating sharing economy from an ‘innovation law perspective’, i.e., I qualify these practices as innovations that should not be stifled by regulations but should not be left unregulated either. I start at an abstract level by defining the concept of innovation and explaining it characteristics. The "innovation law" perspective adopted in this article to analyze sharing economy implies an overreaching study of the relationship between law and innovation. This perspective elects innovation as the ultimate policy and regulatory goal and defends that law should be shaped according to this goal. In this context, I examine the multiple features of the innovation process in the specific case of sharing economy and the role played by different fields of law. Electing innovation as the ultimate policy target may however be devoid of meaning in a world where law is expected to pursue many other — and often conflicting — values. In this article, I examine the challenges of regulating innovation from the lens of sharing economy. This field offers us a solid case study to explore the concept of "innovation", think about how regulators should look at the innovation process, how inadequate rules may have a negative impact on innovation, and how regulators should fine tune regulations to ensure that the advancement of innovation is balanced with other values such as public health or safety. I argue that the regulation of innovative sharing economy practices requires regulatory "openness": less, but broader rules that do not stifle innovation while imposing a minimum of legal requirements that take into account the characteristics of innovative sharing economy practices, but that are open for future developments.

Data Protection

'The Trouble with European Data Protection Law' by Bert-Jaap Koops in International Data Privacy Law (Forthcoming) comments
The trouble with Harry, in Alfred Hitchcock’s 1955 movie, is that he's dead, and everyone seems to have a different idea of what needs to be done with his body. The trouble with European data protection law is the same. In several crucial respects, data protection law is currently a dead letter. The current legal reform will fail to revive it, since its three main objectives are based on fallacies. The first fallacy is the delusion that data protection law can give individuals control over their data, which it cannot. The second is the misconception that the reform simplifies the law, while in fact it makes compliance even more complex. The third is the assumption that data protection law should be comprehensive, which stretches data protection to the point of breaking and makes it meaningless law in the books. Unless data protection reform starts looking in other directions — going back to basics, playing other regulatory tunes on different instruments in other legal areas, and revitalising the spirit of data protection by stimulating best practices — data protection will remain dead. Or, worse perhaps, a zombie.

20 March 2015

Healthcare IoT

The thin 'The Healthcare Internet of Things: Rewards and Risks' by Jason Healey, Neal Pollard and Beau Woods for the Atlantic Council and Intel Security [PDF] comments
The Internet of Things (IoT) of digital, networked technology is quickly moving to the forefront of society, the global economy, and the human experience.
The IoT sometimes refers to colossal, impersonal concepts like connecting electricity grids to the Internet for economic or environmental considerations. But the IoT can be intensely personal as well. In the world of healthcare, software engineers are weaving networked medical devices into the fabric of the IoT. These devices, which can be worn or even implanted inside the body, are used to medicate, treat diseases, and maintain general health and wellness.
This report, a collaboration between Intel Security and Atlantic Council’s Cyber Statecraft Initiative at the Brent Scowcroft Center on International Security, explores security risks and opportunities that networked medical devices offer to society. It also provides recommendations for industry, regulators, and medical professionals to maximize value to patients while minimizing security risks arising from software, firmware, and communication technology across these devices.
Individuals wear networked devices to learn more about themselves, their diet, their exercise regimen, and their vital signs. Doctors can adjust and optimize implanted medical devices, such as pacemakers, quickly and accurately— and often with no need for intrusive medical procedures. In hospitals, new devices network to provide more effective and less expensive monitoring and treatments. According to one estimate, these technologies could save $63 billion in healthcare costs over the next fifteen years, with a 15-30 percent reduction in hospital equipment costs.
The analysis in this report draws attention to the delicate balance between the promise of a new age of technology and society’s ability to secure the technological and communications foundations of these innovative devices. The rewards of networked healthcare come with four main overlapping areas of concern, including accidental failures that erode trust. Should any high-profile failures take place, societies could easily turn their backs on networked medical devices, delaying their deployment for years or decades. Protecting patient privacy and sensitive health data is a second immediate concern, as malicious online hackers consider healthcare information especially valuable. A case in point: the number of information security breaches reported by healthcare providers soared 60 percent from 2013 to 2014—almost double the increase seen in other industries—according to PricewaterhouseCooper’s (PwC) Global State of Information Security Survey 2015.
Intentional disruption is also a concern because networked medical devices face the same technological vulnerabilities as any other networked technology. Hacktivists, thieves, spies, and even terrorists seek to exploit vulnerabilities in information technologies (IT) to commit crimes and cause havoc. However, when a networked device is literally plugged into a person, the consequences of cybercrime committed via that device might be particularly personal and threatening.
Even more dangerous than the potential for targeted killings, though also far less likely, is the threat of widespread disruption. Theoretically, a piece of targeted malware could spread across the Internet, affecting everyone with a vulnerable device. Such a scenario has materialized in business IT and industrial control systems; the sophisticated Stuxnet attack against Iran’s nuclear program is one example of this.
The current focus in medical device development and production is on manufacturers’ preferences and patients’ needs. Industry and government should also focus on implementing an overarching set of security standards or best practices for networked devices to address underlying risks.
Several recommendations will help foster innovation while minimizing security risks. This report makes the case that industry must build security into devices from the outset, rather than as an afterthought. As McAfee’s then-CTO Stuart McClure testified before the US House Committee on Homeland Security in 2012, “Cybersecurity has to be baked into the equipment, systems and networks at the very start of the design process.”
The report recommends continued improvements to private-private and publicprivate collaboration. More coordination, not more regulation, is warranted. Regulators do not always keep pace with technological progress. They should have feedback from a full set of stakeholders through transparent collaborative forums that assure the regulator’s independent functioning without creating concerns of collusion with industry. Likewise, industry officials should continue to improve communication among themselves.
The ultimate aim of enhanced cooperation is to change the current approach to the security elements of these devices. Security considerations, along with the devices’ ability to improve patients’ lives, must become an integral part of the process of conceiving and manufacturing these devices.
The report also recommends an evolutionary change to the regulatory approval paradigm for medical devices in order to encourage innovation while meeting regulatory policy goals and protecting the public interest. Some medical device makers continue to push old technologies and resist innovation because they know regulators will approve the old technology. A more streamlined regulatory approval process could remedy this problem. An improved process should encourage security by design, as well as the ability to patch systems after they are deployed.
Lastly, this report recommends an independent voice for the public, especially patients and their families, to strike a better balance between effectiveness, usability, and security when devices are implemented and operated.

Red Tape Rhetoric

Under the rubric 'Reinventing the approach to regulation' the Australian Government Annual Deregulation Report 2014 states
For a long time there has been a concern within the Australian community that businesses, community organisations, families and individuals are being burdened with unnecessary regulation. Between 1990 and 2013, the Commonwealth Parliament created an average of 170 new acts each year. The proliferation of new laws has produced too high a compliance burden on the community. Although it is important to note that the Commonwealth Parliament is not the sole rule maker in Australia, clearly the Commonwealth has a major role to play in addressing community concerns and perceptions. 
The need for cultural change 
As part of a comprehensive response to tackling Australia's economic and fiscal challenges, the Coalition Government committed to a concise plan to reduce the regulatory burden and change the culture towards regulation in government and the community. This plan to boost productivity and reduce regulation aims to strike the best balance between necessary and appropriate regulation that supports markets, innovation and investment in the economy while also strengthening the efforts of the Government to remove costly red tape where it is unwarranted or unnecessary. 
The Government's plan entails a number of commitments to directly improve the development, administration and assessment of regulation and to establish processes to reduce the overall red tape burden. These include:
  • relocating the Government's deregulation functions to the Department of the Prime Minister and Cabinet (PM&C) so that reducing red tape becomes a high policy priority;
  • a clear measurable commitment to reduce the cost to businesses, community organisations, families and individuals of complying with Commonwealth regulations by new decisions totalling at least $1 billion annually; 
  • setting aside at least two full parliamentary days each year which are dedicated to repealing counterproductive, unnecessary or redundant legislation; 
  • undertaking a stocktake to assess the overall stock of Commonwealth regulations; establishing Ministerial Advisory Councils (MACs) for each portfolio Minister to consult on deregulation; 
  • providing incentives to motivate the Australian Public Service (APS) to cut red tape, such as linking remuneration of senior executive service (SES) public servants to quantified and proven reductions in regulations; 
  • improving Australian Government regulatory gate keeping requirements, including the introduction and compliance with a requirement that all submissions to Cabinet must be accompanied by a Regulation Impact statement (RIs); 
  • establishing deregulation as a standing item on the Council of Australian Governments (COAG) agenda; and 
  • clarifying the Government's expectations for each regulator and establishing a Regulator Performance Framework to assess and audit the performance of individual regulators.
In addition to these overarching changes, the Government also made a number of specific, substantive commitments to reduce regulation in particular areas. These have included:
  • abolishing the Carbon Tax to ease the administrative burden of taxation compliance for Australian business and households while continuing to reduce growth in emissions; 
  • repealing the Minerals Resource Rent Tax to remove the significant administrative and compliance burden on mining companies, including those not even liable for the tax; 
  • reducing the red tape burden on business by removing the requirement for employers to be the paymaster in the Paid Parental Leave scheme and instead make payments through the Department of Human services; 
  • reduce the compliance costs for small business financial advisers and consumers who access financial advice; streamlining grant application processes; and 
  • establishing a One-stop shop for environmental approvals.
Since coming to office, the Government has also committed to the general principle that Australia should adopt international standards and risk assessments to reduce the need for duplicative Australian approvals when products or services have already been approved by trusted overseas regulators. The changes, which were announced as part of the Government's Industry Innovation and Competitiveness Agenda in October 2014, are aimed at removing duplication and reducing delay for Australian businesses and consumers. To monitor progress in meeting its red tape objectives, the Government pledged to detail its progress in an annual report on deregulation to the Parliament. This report provides an overview of the Government's progress against these commitments in 2014.4

Pharma Colours, Flavours, Shapes and Trade Dress

'Heart Pills Are Red, Viagra Is Blue — When Does Pill Color Become Functional? An Analysis of Utilitarian and Aesthetic Functionality and Their Unintended Side Effects in the Pharmaceutical Industry' by Signe Naeve in (2010) 27(2) Santa Clara Computer and High Technology Law Journal 299-332 comments
As consumers, we often associate pill color and shape with particular medications. Should that trade dress be protected beyond the expiration of the patent? Legal scholars have recognized some of the tensions and inconsistencies in court opinions when it comes to trade dress protection for pill shape and color. This article focuses on the specific tensions between requiring secondary meaning and nonfunctionality, as well as the potential of "genericide" when generic pharmaceuticals enter the market. Ultimately this article makes some novel recommendations to assess functionality at the time of FDA approval for the pharmaceutical and to have the FDA responsible for determining when a shape and color should be an industry standard, creating an exception to trade dress protection. Some exceptions for allowing protection for pill shape and color could be for flavor and colors that indicate flavor, for medications that indicate dosage, or for medications that are associated with a particular patient compliance or psychosomatic effect.
Naeve writes
Imagine a world without the little blue pill or the purple pill. For pharmaceuticals, colors and shapes not only signify the type of medication to a consumer, they can also represent the source of each medication. Most consumers would identify a shiny, round, brown pill not just as an anti-inflammatory medication or even as Ibuprofen, but as Advil. "The purple pill" is Nexium and the light blue angular pill, Viagra. Relying on trade dress to protect the pill color and shape after the patent term has expired enables the manufacturer to extend its market power via another form of intellectual property protection. Like most medications, however, trade dress protection can have unintended side effects. 
To obtain trade dress protection for shape and color, the design cannot be functional and the owner must demonstrate that it has acquired secondary meaning in the minds of consumers. A problem arises because, as the brand owner develops secondary meaning in the trade dress, the color and shape can begin to cross the line into functionality, which would then exclude it from protection. "The purple pill" not only signifies the brand Nexium, but it also identifies the pill for acid reflux. In other cases, a shape or color may become associated with a particular dosage, efficacy, result or soothing effect. 
Sometimes an element of the medication that was not "functional" in its original design begins to serve a purpose over time and the manufacturer is now potentially a victim of its own success. Additionally, a form of trade dress "genericide" has the potential of occurring to allow generic drugs to enter the market. 
This article will first briefly explain the history of trademark and trade dress protection for color and shape. Second, it will introduce the functionality limitations that have arisen in relation to pill shape and color and introduce the concept of aesthetic functionality. Third, it will consider public interest considerations that justify allowing or disallowing protection. Fourth, it will examine more deeply the protection that has been afforded pill shape and color and assess whether trade dress protection is being preempted in the pharmaceutical context due to functionality, aesthetic functionality, and genericness concerns.
Ultimately, this article will argue that color and shape should not become functional or be subject to genericide as a result of creating secondary meaning; that substitution for generic drugs should not be a reason to find that a color and/or shape are functional or generic; that functionality could be determined when the color and/or shape are adopted, not at the time of assessing secondary meaning; that using color and/or shape to indicate a general type of medication should not be considered functional, unless they are industry-regulated by the FDA; that using industry-accepted color and/or shape to indicate dosage is an acceptable functionality limitation, but it too should be regulated by the FDA; and finally that flavor and colors that indicate flavors should be considered functional due to scarcity concerns. …
"Unlike in other industries, several courts have denied protection where it can be demonstrated that the product design serves any useful purpose to the doctor or patient-including the ability to distinguish the product from others in the marketplace." This useful purpose is being called a functional feature, even when it does not fit the traditional notions ofutilitarian or aesthetic functionality.
My proposed solution is to clearly separate secondary meaning and genericide from functionality so that they serve complementary rather than opposing purposes. Accordingly, one possible solution is to assess functionality at the time when the color/shape is adopted, not at the time of assessing secondary meaning. In addition, if generic drug companies or other competitors are allowed to use the same trade dress as the pioneer company, then this determination should be made by the FDA, not the courts or the USPTO. The FDA could also determine industry standards for a particular medication rather than a determination of genericide by the courts. In addition, the FDA could make decisions regarding industry standards regarding acceptable trade dress for dosage specifications.
Ultimately, a pill's shape or color should be determined to be functional because it meets traditional definitions of utilitarian and aesthetic functionality, not because a court determines that it is functional as a result of the effort expended to create secondary meaning or that there is an "industry standard" because the second comers have intentionally copied the pioneer.

Prisons, Mental Health and Human Rights

'Human Rights Protections for People with Mental Health and Cognitive Disability in Prisons' by Anita Mackay in (2015) Psychiatry, Psychology and Law comments
 People with a mental health or cognitive disability are vastly over-represented in the Australian prison system. Investigatory reports by Ombudsmen and similar organisations reveal that there is considerable scope for improving the treatment of this cohort. One avenue for doing so is using a human rights framework, given that Australia’s international human rights law obligations require (among other things) that imprisoned people be treated with respect for their human dignity and, furthermore, recent international research demonstrating that fair and respectful treatment in prison may improve psychological well-being. However, there are considerable challenges involved in implementing this requirement in overcrowded and hierarchical prison settings. It is even more difficult to comply with the legal requirements given the web of provisions at the international, national and State/Territory levels, causing complexity and a lack of clarity as to their interrelationship. This article condenses the requirements into four principles and discusses how these have been applied by courts in relevant international and domestic cases. This analysis aims to assist correctional managers and policy makers seeking to comply with these legal requirements. Such compliance should form part of a multifaceted approach to protecting these vulnerable individuals from further harm.


'Cannibal Laws' by Rene Provost comments
There is a tension in the very association of cannibalism and law, which speaks to our conception of law as much as it reflects the common reaction to the practice of cannibalism. There are three ways of interrogating that tension, three cannibal laws that each highlights a distinct facet of our understanding of law as a social practice. All three can be read into the jurisprudence of the Sierra Leone Special Court, in both the occurrences and the absences of cannibalism in the proceedings. 
The first cannibal law is the law that seeks to repress the practice of cannibalism. In this relation, law constructs the practice as an object to be regulated. Despite its extreme rarity, a number of domestic criminal codes define cannibalism as a crime. In several SCSL trials, witnesses testified of several occasions of cannibalistic acts of the accused, but no one was specifically convicted or even charged with this act. This reflects a general silence in international criminal law regarding cannibalism, despite the documented occurrence of the practice in several conflicts over the last century. The recent emergence of a much broader concept of war crimes that covers many ‘other violations of the laws and customs of war’ that could arguably cover cannibalism raises new questions about international law’s silence. I argue that the transcultural nature of international criminal law sets one of the limits of formal law in this context. That limit reflects a combination of post-colonial malaise before the law’s civilizing aspiration as well as the law’s inability to construct a rationalized version of cannibalism that permits its reduction to legal fact. 
The second cannibal law is the law that the cannibals make. In this relation, law offers a normative framework for understanding the practice of cannibalism not merely as an irrational or depraved act, but as a part of a system of norms that fulfills a specific function in the context of an internal armed conflict such as Sierra Leone. Anthropologists have shown that the practice of cannibalism is very often linked to magic, as the provider of the most potent ingredients to make ‘medicine’ to make a person bullet-proof, able to fly, all-powerful, and many more wondrous things. Those who engage in this practice claim not only the language of science (witch-doctors speaking of ‘research and development’ to make medicine more effective) but also of law (witch-doctors ‘give the law’ to fighters to explain prohibitions the breach of which will break the magic spell). Cannibalism can be understood as not necessarily the acts of drug-crazed primitive bush fighters, but as a system of norms that communicates meaning, constitutes communities, and regulates certain relationships. This is a provocative expansion of a legal pluralist understanding of law, which tests the limits of social practices which we are willing to construct as law. 
The third cannibal law is the way in which legal discourse relates to other forms of social discourse. In this relation, cannibalism stands as a metaphor for the manner in which legal discourse consumes all other ways of understanding, which are digested and transformed to aliment legal analysis. That which the law cannot digest and transform is simply rejected as irrelevant. There is a degree of circularity to legal reasoning in that law claims an interpretive monopoly over what constitutes legal discourse. There is a need to step out of law’s all-encompassing culture in order to consider it as an artifact of modernity, marked in the field of international criminal law by its nearly exclusively western origins. As a classical trope of savagism, cannibalism stands as international law’s anti-modern other. While some have argued that we must distance ourselves from the law to suspend unquestioned belief in its necessity and centrality, it may be that cannibalism’s radical anti-modernity stands as altogether distant for that purpose. As a concept, cannibalism would be too dyspeptic for law, marking again a limitation of the concept of law as embodied in an international criminal tribunal like the SCSL

Pathology Spycams

Ina nice illustration of problems with narrowly-drafted and device-specific privacy legislation an internal review of SA Pathology - the state's troubled public sector pathology group, being readied for privatisation - has found that covert workplace surveillance of staff using CCTV was inappropriate but not illegal.

During December last year SA Health, the group's parent, admitted that from October two cameras had been hidden in smoke detectors to monitor  staff at SA Pathology's Frome Road premises. The cameras were used as part of an investigation into processing delays for pathology reports. The cameras were removed in December, with replacement by 'regular cameras.

The Health Minister Jack Snelling referred to 'a lapse in judgement' by SA Pathology management, with SA Health's  chief executive David Swan being asked to investigate.

Swan has now stated that the investigation found the use of the covert cameras  breached no laws -
The investigation has found that the camera equipment was installed due to suspicion of tampering with pathology results, therefore putting patient care at risk
The cameras did not have the capability to record audio and therefore did not breach the Listening and Surveillance Devices Act 1972.
However the decision to use covert surveillance equipment was made without consultation or approval from executive level management or human resources.
There is no indication as to whether junior heads have rolled. A formal report regarding the investigation does not yet appear to be publicly available.

Swan indicated that "We're now in the process of developing a new policy governing the use of surveillance equipment across SA Health to ensure this kind of situation does not happen again,"

Under that policy any workplace cameras must be clearly visible, with staff being alerted to their presence. Where criminal activity or misconduct is suspected covert surveillance can be undertaken following guidance from SAPOL and under the SA Health CEO's authority.


The Adelaide Advertiser reports that South Australian Attorney-General John Rau is moving ahead with legislation criminalising a refusal of a police request for an on-the-spot fingerprint scan. The penalty will be up to three months’ prison or a fine of up to $1250.

Rau indicates that scanning will not be random and that strict criteria must be met before any scan is conducted.

Under current SA law the state's police currently only use mobile fingerprint scanners once a person has been arrested. The proposed legislation would authorise on the spot scanning, underpinned by criminalisation, of any person on the basis that police have to have "reasonable cause" to suspect that the person has committed, is committing or is about to commit an offence or may be able to assist in the investigation of an offence.

Rau is reported as justifying the legislation on the basis that in field trials police were 'able to make arrests instantly', something that
demonstrated that legislative reform is necessary to enable police to use the scanners in wider circumstances, where a person does not have to give consent and police can scan for prints without the need to arrest.
Given the A-G's recurrent disregard of civil liberties and surrender to hyperbole we might wonder whether he'll shortly embrace bureaucratic convenience on a more extensive scale, with comprehensive collection of (and access to) everyone's fingerprints and DNA.

Property, Privacy and the Public

'Privacy as Quasi-Property' by Lauren Henry in (forthcoming) Iowa Law Review comments
Courts and commentators struggle to apply privacy law in a way that conforms to the intuitions of many. It is often thought that the reason for this is the absence of an agreed upon conceptual definition of privacy. In fact, the lack of a description of the interest invaded in a privacy matter is the more substantial hurdle. This article, Privacy as Quasi-Property, fills this gap in the literature.
Quasi-property is a relational entitlement to exclude, that is, the right to exclude specific actors from a resource given a specific event, a given type of behavior, or a given relationship between the actors. There is no freestanding right to exclude from a quasi-property interest; the right to exclude must be trigged by behaviors of the plaintiff and defendant. A defendant is identified based on a trigger arising from a relationship, action, or harm to plaintiff. The law communicates that an actor must not interfere with a quasi-property interest with an exclusionary signal that is independent of the resource. Prominent examples of doctrinal areas that employ the quasi-property model are information misappropriation and trade secret law.
I argue that quasi-property provides the essential model for assessing the interest held by a privacy claimant against a defendant, and whether it has been infringed. The quasi-property model can account for the four privacy torts first advanced by William Prosser and adopted as law in the vast majority of states, and liberate them from the ossification that have stunted their development and ability to adapt to modern conditions. What’s more, the approach has implications for developing privacy rules for enforcement by other actors, such as administrative agencies, and even in conceptualizing other areas of privacy law outside of tort law, such as Fourth Amendment jurisprudence.
'The Self, the Stasi, the NSA: Privacy, Knowledge, and Complicity in the Surveillance State' by Robert H. Sloan and Richard Warner comments
We focus on privacy in public. The notion dates back over a century, at least to the work of the German sociologist, Georg Simmel. Simmel observed that people voluntarily limit their knowledge of each other as they interact in a wide variety of social and commercial roles, thereby making certain information private relative to the interaction even if it is otherwise publicly available. Current governmental surveillance in the US (and elsewhere) reduces privacy in public. But to what extent?
The question matters because adequate self-realization requires adequate privacy in public. That in turn depends on informational norms, social norms that govern the collection, use, and distribution of information. Adherence to such norms is constitutive of a variety of relationships in which parties coordinate their use of information. Examples include student/teacher, and journalist/confidential source. Current surveillance undermines privacy in public by undermining norm-enabled coordination. The 1950 to 1990 East German Stasi illustrates the threat to self-realization. The “hidden, but for every citizen tangible omnipresence of the Stasi, damaged the very basic conditions for individual and societal creativity and development: Sense of one’s self, Trust, Spontaneity.” The United States is not East Germany, but it is on the road that leads there. And that raises the question of how far down that road it has traveled.
To support the “on the road” claim and answer the “how far” question, we turn to game-theoretic studies of the Assurance Game (more popularly known as the Stag Hunt). We combine our analysis of that game with a characterization of current governmental surveillance that in terms of five concepts: knowledge, use, merely knowing, complicity, and uncertainty. All five combine to undermine norm-enabled coordination. The Assurance Game shows how use — both legitimate and not legitimate — leads to discoordination. Enough discoordination would lead to a Stasi-like world. But will that happen? A comparison with the Stasi shows cause for concern. The United States possess a degree of knowledge about its citizens that the Stasi could only dream of. Moreover — perhaps — it arguably surpasses the Stasi in complicity, even though Stasi informants “spied on friends, workmates, neighbours and family members. Husbands spied on wives.” The Stasi only clearly exceeded the United States in repressive use. While it is difficult to predict the future of surveillance, we conclude with three probable scenarios. In only one is there an adequate degree of privacy in public.

19 March 2015


'The Divorce Bargain: The Fathers' Rights Movement and Family Inequalities' by Deborah Dinner comments 
A vast literature documents the history of the women’s and gay liberation movements in the late twentieth century, but we still know little about how heterosexual men navigated dramatic change in the legal regulation of families. This Article provides the first legal history of the fathers’ rights movement. It analyzes how middle-class white men responded to rising divorce rates by pursuing reform in both family law and welfare policy. This history offers novel insight into the relationship between the private law of divorce, which regulates largely middle-class families, and public welfare state policies, which have the greatest effect on poor families. This Article challenges the assumption that these private and public family law systems operate in parallel, showing instead that they are interdependent.
Through the mid-twentieth century, marriage shaped the relationship not only between men and women but also between middle-class men and the state: men supported children and wives in exchange for legal protection of male familial authority. In the 1960s and 1970s, escalating divorce rates and the emergence of no-fault divorce laws upset this balance. By the mid-1980s, activists and federal and state legislators forged a new political compromise: fathers’ rights activists conceded ongoing child support obligations in exchange for greater access to custody upon divorce. This “divorce bargain” catalyzed a shift from common law presumptions favoring maternal custody to statutory recognition of joint custody. In so doing, it reinforced private rather than public responsibility for children living in nonmarital families.
The divorce bargain promoted formal equality and sex neutrality within private family law, but also entrenched gender and class inequalities. The bargain failed to challenge women’s disproportionate responsibility for childrearing within marriage, yet enabled men to use custody rights as leverage in child support and spousal maintenance negotiations. In addition, tying paternal responsibilities to custody rights advanced middle-class men’s caregiving interests but hurt those of low-income fathers who could not afford to pay child support. The state vilified these men as “deadbeat dads” who did not merit legal protection. The history of fathers’ rights advocacy for the divorce bargain, therefore, reminds us not to confuse liberalism with equality.


'The Difficulties of Democratic Mercy' by Aziz Z. Huq comments 
Dean Martha Minow’s wide-ranging and learned Jorde lecture “Forgiveness, Law, and Justice” is characteristic in its unstinting ambition.1 The lecture does not only sweep in complex normative and empirical questions concerning the relationship of legal institutions and rules to a capaciously defined concept of “forgiveness.” It furthermore aspires beyond the sublunary scholarly task of delimiting and describing. Unconfined to the desiccated philological minutia of a Casaubon, Dean Minow instead approaches her topic with dauntless optimism and eyes fixed firmly on empyrean-minded aspiration. To follow her argument is to be apprised of the possibility of a stronger loving world, and to have one’s own parochial and reflexive skepticism—the coin of the realm in the law school workshop—put to shame.
Yet to speak in aspirational terms should not mean dispensing with the question of how a given vision of justice can be attained, or diagnosing with precision the barriers to its realization. So while I share Dean Minow’s large ambitions for law as a catalyst for interpersonal and social reform, my commentary here will focus narrowly on the impediments to that ambition. My aspirations here are modest along several margins. To begin with, my aim is narrow in both conceptual and geographical terms. Although Dean Minow anchors her topic with a parsimonious definition of forgiveness as “a conscious, deliberate decision to forego rightful grounds for grievance against those who have committed a wrong or harm,” her discussion overflows that definition to touch on several related, but nonetheless distinct, normatively infused concepts. In the course of her exegesis, moreover, she ranges through a set of geographically disparate examples that include transitional justice mechanisms in South Africa, Liberia and Sierra Leone; the exercise of prosecutorial discretion in the International Criminal Court; the treatment of former child soldiers; and the discharge of sovereign debt obligations under the so-called “odious debt” doctrine.
Eschewing that conceptual and geographic breadth, I will focus on only one of the concepts that Dean Minow seriatim conjures. I will also invoke solely the vulgar demotic of American law. More specifically, this commentary homes concentrates upon our domestic experience with what Dean Minow’s colleague Carol Steiker terms “legal institutions of mercy” to examine the conditions under which democratic mercy is feasible. These institutions have either wholesale or retail power to mitigate civil or criminal liability. The simple claim that I want to advance is that our own rich experience under the U.S. Constitution suggests that it is extraordinarily difficult to institutionalize such official forbearance—especially on democratic soil—and especially when our political economy, in its superfluously punitive modalities, generates the need for forgiveness. Rather than seeking for redemptive reforms through democratic process, I suggest that the institutional installation of merciful discretion often requires a dispensation from, and limits to, the otherwise democratic order.
My response proceeds in three steps. I begin by offering some analytic clarification by disentangling three distinct concepts at work across Dean Minow’s examples—forgiveness, mercy, and excuse—and by showing how the law can play different functions depending on which of these normative concepts is at stake. I next explain why a domestic focus, as opposed to the international lens that Dean Minow employs, may reap dividends for her project. The third—and most substantial—element of the commentary examines the operation of mercy in the domestic domain with an eye to understanding why its dispensation is so impoverished. I conclude by pointing to the nettlesome trade-offs, most importantly between democracy and mercy, that Dean Minow’s proposals invite—tradeoffs that, in my view, admit of no easy solution.


The Queen v Rudd [2015] NTCCA 3 features instances of misuse of information and access, as part of offences relating to the administration of justice and the supply of drugs.

The judgment notes
The respondent trained to be a prison officer and graduated in 2009. She then worked at the Darwin Correctional Centre until her arrest on 14 June 2013. During this period she was a regular user of methylamphetamine, some of which was supplied to her by Philip Kaye. In March 2013 police commenced an operation which targeted Mr Kaye and some of his associates. The operation involved the utilisation of covert surveillance devices, including telephone interceptions and surveillance cameras. This investigation obtained evidence of the respondent’s involvement in the offences the subject of the charges.
The counts were
Count 1  On 25 March 2013 the respondent made a telephone call to a fellow prison officer, Dwayne Reicheldt, and asked him to access the prison database for information about Mr Kaye and another known drug user to determine if they were in custody. She wished to contact them to obtain drugs. They were not in custody. The respondent pleaded guilty to the offence of having procured Mr Reicheldt to unlawfully communicate confidential information. The maximum penalty for this offence is imprisonment for three years.
Count 2 [ On 16 April 2013 the respondent contacted James Hau on behalf of a remand prisoner, Jarrod Davis, and asked him to contact Mr Kaye to organise the supply of cannabis for Mr Davis at the Darwin Correctional Centre. Mr Davis was known to be a member of the Rebels outlaw motorcycle gang. The respondent pleaded guilty to the offence of unlawfully supplying cannabis contrary to the terms of the Misuse of Drugs Act 1990 (NT). The maximum penalty for this offence is imprisonment for five years.
Count 3  On 16 April 2013 the respondent again contacted Mr Hau on behalf of Mr Davis. She outlined the evidence that Mr Hau should give at any hearing of the charges pending against Mr Hau for receiving firearms from Matthew Evans. Mr Evans had stolen firearms from a navy vessel and was supplying those firearms to Mr Hau, who was to give them to Mr Davis in exchange for dangerous drugs. On 24 April 2013 the respondent passed a message to Mr Hau on behalf of Mr Davis thanking him for the information he provided to the court. The respondent pleaded guilty to a charge of attempting to induce a person to give false testimony. The maximum penalty for this offence is imprisonment for seven years.
Count 4  On or about 22 April 2013 the respondent procured a work colleague to access the prison database and obtain the personal mobile telephone number of Richard Carter, who was the President of the Rebels outlaw motorcycle gang. The respondent obtained the number. She pleaded guilty to having procured another to unlawfully communicate confidential information. The maximum penalty for the offence is imprisonment for three years.
Count 5  On 24 April 2013 the respondent told Mr Kaye that investigating police officers had visited the Darwin Correctional Centre and spoke with a female inmate about an assault charge pending against him, made by his ex-partner, Sharna Bromham. On 15 May 2013 the respondent told Mr Kaye that a drug dealing associate of his was on remand at the Darwin Correctional Centre and had been visited by detectives. She said the prisoner had been moved within the prison and that she had “personally offered her services” to him. On 20 May 2013 the respondent received information from a prisoner to the effect that a named “Southern drug dealer” was dealing large quantities of methamphetamine in the Darwin area, and she conveyed that information to Mr Kaye. She pleaded guilty to having unlawfully communicated the confidential information to Mr Kaye. The maximum penalty for this offence is imprisonment for three years.
Count 6 On 23 April and 24 April 2013 the respondent participated in several telephone conversations with Mr Kaye in which she negotiated the purchase of the drug MDMA for her flatmate and work colleague, Page Watteau. She pleaded guilty to unlawfully supplying a dangerous drug. The maximum penalty for this offence is imprisonment for five years.
Count 7 On 30 May and 31 May 2013 Mr Kaye was before the Court of Summary Jurisdiction for a bail application for a charge of aggravated assault upon Ms Bromham. The respondent performed escort duties on those occasions. At the request of Mr Kaye she contacted his business partner, Anthony Heta, and asked him to make contact with Ms Bromham to tell her to withdraw the charge. The respondent pleaded guilty to having attempted to induce a person being called as a witness in a judicial proceeding, to withhold true testimony. The maximum penalty for this offence is imprisonment for seven years.
Count 8 On 31 May 2013 the respondent made contact with Zailey Ainslie, who was Mr Kaye’s partner at the time. Mr Kaye was in the Darwin Correctional Centre on remand. She instructed Ms Ainslie that Mr Kaye wanted to be supplied with cannabis and she described a method by which cannabis could be smuggled into the prison. The following day Ms Ainslie attempted to smuggle a small amount of cannabis into the prison whilst visiting Mr Kaye. The respondent pleaded guilty to the offence of unlawful supply of cannabis. The maximum penalty for the offence is imprisonment for five years.
Count 9 On 11 May 2013 the respondent returned from a trip to Thailand with her partner. Her partner purchased steroids in Thailand and gave them to her to smuggle through customs. The drugs were subsequently found at her premises. She pleaded guilty to unlawful possession of testosterone and stanazol. The maximum penalty for the offence is a fine.
Count 10 On 12 June 2013, whilst off duty, the respondent called Ms Watteau who was working at the prison and had her look at the database to see if Mr Kaye was in custody. She pleaded guilty to having counselled or procured Ms Watteau to unlawfully communicate confidential information. The maximum penalty for the offence is imprisonment for three years.
Counts 11 and 12  On 14 June 2013 the respondent attended at a car park in Winnellie to collect drugs from a motor vehicle that had been parked there. The vehicle belonged to Mr Kaye. She was arrested at the scene and denied any knowledge of drugs. She eventually produced the drugs from within her vagina. A drug analysis revealed that there were 12 tablets containing 3.15 g of MDMA and a powder containing 1.46 g of methylamphetamine. Count 11 related to the unlawful possession of the methylamphetamine and the maximum penalty for this offence is two years imprisonment or a fine. Count 12 related to the unlawful possession of the MDMA and the maximum penalty for this offence is imprisonment for five years.
 The respondent pleaded guilty to each of the charges, being sentenced in November last year.
In relation to counts 1, 4, 5 and 10, offences relating to unlawful communication of confidential information, her Honour imposed an aggregate term of imprisonment for 6 months. In relation to counts 2, 6 and 8, offences relating to drug matters, her Honour imposed an aggregate sentence of imprisonment for 12 months. In relation to counts 3 and 7, offences of attempting to induce a person to withhold true testimony, her Honour imposed an aggregate sentence of imprisonment for 12 months. In relation to count 9, the offence of possessing steroids, the respondent was fined $500. In relation to counts 11 and 12, the offences of possessing methamphetamine and MDMA, she was fined $1000. It was directed that the individual sentences of imprisonment be served cumulatively, giving a total period of imprisonment for two years and six months.

18 March 2015

Pricing and the Internet of Things

'Hello Barbie: First They Will Monitor You, Then They Will Discriminate Against You. Perfectly' by Irina D. Manta and David S. Olson argues 
that the evolution of software — and the looming age of the “Internet of Things” — will allow manufacturers of software and of consumer goods to make use of consumer monitoring technologies and restrictive software licenses to more perfectly price discriminate. A number of commentators are urging changes in the law to prevent monitoring and restrictive software licenses.
This Article takes a novel and contrarian view by explaining that the current law surrounding software licensing, which will facilitate more perfect price discrimination as technology evolves, is mostly beneficial. Because the marginal cost of software distribution approaches zero, facilitating more perfect price discrimination is particularly valuable to society because it facilitates much more widespread distribution of software — especially to poorer consumers. Some commentators worry that as more and more consumer goods contain software, manufacturers will use restrictive software licenses in an attempt to control consumers’ abilities to use and resell consumer goods.
This Article explains that this generally will not happen because it would be against the manufacturers’ financial interests. We show that in some cases, manufacturers will indeed restrict use of a product to facilitate their ability to engage in price discrimination. The Article argues that such price discrimination will likely be welfare enhancing and will definitely improve cross-subsidization from rich to poor so that poor consumers can get more products for lower prices.
The Article also demonstrates that the traditional policy reasons to disallow restraints on personal property do not apply to software-enabled devices. We conclude that rather than discouraging the use of restrictive software licenses, the law should adapt to better facilitate such licenses and the more perfect price discrimination that goes with them.


The Office of the Australian Information Commissioner has - alongside self-congratulation about the "commitment of a dedicated and skilled group of staff who worked tirelessly" - announced that
The OAIC will release a Privacy management framework during Privacy Awareness Week. This framework will assist entities meet their compliance and accountability requirements in the most efficient manner — through a top-down commitment to embed a culture of privacy and establish robust and effective privacy practices.
PAW is an initiative of the Asia Pacific Privacy Authorities forum (APPA) and is the primary privacy awareness campaign of the Asia Pacific region.
The theme for 2015 is Privacy everyday. Privacy should be an essential component of everyday life, including transactions such as internet banking, social media and online shopping. The theme emphasises the need for organisations to embed privacy practices into business as usual processes, and for individuals and the community to think about how to protect privacy in their everyday lives.
The OAIC has concurrently offered selected entities, on a non-public basis, "an opportunity to comment on a draft" of the Privacy Management Framework. It refers to "selected representatives from private sector organisations and government agencies".

Given recurrent statements by OAIC about the importance of transparency you might expect some disclosure of how the organisation identified the "selected representatives". You would, alas, be disappointed.

The OAIC so far has resisted any disclosure as to how it selects “the selected” and how it determines whether the “representatives” are representative. Privacy everyday, transparency rarely?

Given the OAIC's problematical view of consultation - which it appears to regard as a tiresome matter of form rather than substance and in the past has involved signs of regulatory capture - it is unsurprising to see that if you are one of the fortunate entities chosen for consultation a copy of the draft framework was to be provided on 17 March and that the OAIC "will require comments by COB Tuesday 24 March 2015".

The draft Framework will of course "be provided on a confidential basis".

Transparency and Territoriality

'Transparency and the Performance of Outsourced Government Services' (QOIC/ANZSOG Occasional Paper No. 5, 2015) by Richard Mulgan comments
The outsourcing or contracting out of government services has increased significantly over the last quarter century, into areas that were previously considered to be core government functions. These include the provision of security for government installations, the hiring and firing of public servants, the administration of prisons, the printing of government documents, and the provision of publicly funded social services. The latest OECD survey reports that in 2011, on average across all member countries, 44% of government production costs were consumed by outsourcing, compared with 47% by government employees. On average, outsourcing represented 10% of GDP (OECD 2013). (Outsourcing, it should be remembered, does not necessarily reduce the level of government spending, only the proportion of government spending consumed by government employees.)
Though generally viewed as a source of improved efficiency and effectiveness, outsourcing has always had its critics. The empirical evidence for the cost savings arising from outsourcing has been challenged, particularly the extrapolation from a few well- documented successes such as rubbish collection and cleaning to more complex services (the so-called 20% rule (Domberger et al. 1986; Domberger et al. 1993; Hodge 1996; Hodge 1998)). Some infrastructure projects championed as delivering major savings to taxpayers have failed to do so (e.g. Bloomfield et al. 1998; Greve and Ejersbo 2002; Johnston 2010) and the value-for-money verdict on public-private partnerships (PPPs) remains mixed (Hodge 2010).
Concerns have also been raised about the broader constitutional and political effects of transferring important government functions from the public to the private arena.
Outsourcing has been seen as potentially undermining important democratic values such as accountability and transparency and the wider pursuit of the public interest (Taggart 1993; Minow 2003; Hodge and Coghill 2007).
Government transparency, the subject of this paper, can be valued both for reasons of democratic principle and also instrumentally, as a means of improving the efficiency and effectiveness of government performance (Heald 2006). The paper focuses on the latter, instrumental concerns. It examines whether restrictions on government transparency sometimes associated with outsourcing can be shown to impair the quality of government performance in relation to efficiency and effectiveness and, conversely, whether greater transparency of government outsourcing will lead to better performance.
In this context, it is sometimes useful to distinguish different levels or degrees of government transparency, ranging from ‘internal transparency’, which refers to transparency within the contracting relationship, particularly access by government officials to information held by private contractors; through ‘limited public transparency’, including confidential access by agents of public accountability, such as independent auditors or reviewers, without full public disclosure; to full public transparency which implies availability to any members of the public. While full public disclosure is often the most desirable form of transparency, the lesser stages may be beneficial, both in themselves and as stepping stones to wider publicity.
The paper begins by briefly identifying the main types of outsourcing contract before giving an overview of the main restrictions on transparency caused by moving from in-house provision of public services to outsourcing from private contractors. It then examines arguments and evidence suggesting that lack of transparency relating to various aspects of the contracting process can have a harmful effect on government performance and that, by the same token, increased transparency can lead to positive improvements. Discussion centres on three aspects of outsourcing; value-for-money efficiency, effectiveness of performance, and publicity of performance information. Finally, a number of lessons are drawn out for both government and public managers on how to increase the extent of transparency, and thereby the quality of outsourced performance (see Boxes 1 and 2).
Box 1: Transparency in Outsourcing: Lessons for Governments
Lesson 1: List online details of all government contracts above a certain value (with minimum threshold set at around $10,000).
Lesson 2: Strictly define commercial-in-confidence criteria and provide independent audit of government agency compliance with criteria.
Lesson 3: Maximise access of government auditors to design and implementation of outsourcing contracts.
Lesson 4: Require all major government contracts to adopt open-book accounting among contracting parties.
Lesson 5: Provide access for administrative monitors such as ombudsmen to private contractors delivering services to the public.
Lesson 6: Facilitate Freedom of Information access to information held by private contractors that is relevant to the provision of a publicly funded service.
Box 2: Transparency in Outsourcing: Lessons for Public Managers
Lesson 1: Recognise that public access to information about outsourcing is generally in the public interest.
Lesson 2: Recognise that value-for-money estimates of outsourcing proposals are always analytically contestable and subject to manipulation by vested interests.
Lesson 3: Recognise the value of ongoing consultation not only with contractors but also with affected stakeholders and communities.
Lesson 4: Recognise the value of publishing appropriate performance information.
The relevant evidence is often not conclusive and calls for judgment in weighing its significance. There have been a number of general empirical studies on the relative costs of outsourcing, generalising from reasonably-sized samples of individual cases, for example the research that demonstrated the reduced costs of outsourcing certain easily specified functions (Hodge 1996, 1998). More recently, PPPs have attracted considerable academic attention in relation to their costs (Hodge 2010). But these studies do not directly address the issue of transparency. For example, there is no research formally contrasting the costs or effectiveness of a large number of outsourcing arrangements differentiated by varying degrees of transparency. Indeed, the number and complexity of transparency mechanisms and the limited number of comparable examples make such multivariate research impracticable.
Instead, evidence in this area relies on the analysis and interpretation of individual cases or small sets of cases from which reasonable inferences may be drawn. Some of the case studies focus on the absence of transparency and the adverse effect of such a deficiency on performance, leading to a judgment that greater transparency would have improved performance. Others are more positive in emphasis, seeking to show examples of where the presence of transparency mechanisms has contributed to superior performance. Overall, this evidence can be seen to support a conclusion that improved transparency leads to improved performance. But it is a conclusion that depends more on the qualitative interpretation and judgment of individual cases than on any hard quantitative data.
'The Un-Territoriality of Data' by Jennifer C. Daskal in Yale Law Journal (2015/2016 Forthcoming) comments
(American University - Washington College of Law) has posted ) on SSRN. Here is the abstract: Territoriality looms large in our jurisprudence, particularly as it relates to the government’s authority to search and seize. Fourth Amendment rights turn on whether the search or seizure takes place territorially or extraterritorially; the government’s surveillance authorities depend on whether the target is located within the United States or without; and courts’ warrant jurisdiction extends, with limited exceptions, only to the border’s edge. Yet the rise of electronic data challenges territoriality at its core. Territoriality, after all, depends on the ability to define the relevant “here” and “there,” and it presumes that the “here” and “there” have normative significance. The ease and speed with which data travels across borders, the seemingly arbitrary paths it takes, and the physical disconnect between where data is stored and where it is accessed, critically test these foundational premises. Why should either privacy rights or government access to sought-after evidence depend on where a document is stored at any given moment? Conversely, why should State A be permitted to unilaterally access data located in State B, simply because technology allows it to do so, without regard to State B’s rules governing law enforcement access to data held within its borders?
This article tackles these challenges. It explores the unique features of data, and highlights the ways in which data undermines long-standing assumptions about the link between data location and the rights and obligations that ought to apply. Specifically, it argues that a territorial-based Fourth Amendment fails to adequately protect “the people” it is intended to cover. On the flip side, the article warns against the kind of unilateral, extraterritorial law enforcement that electronic data encourages — in which nations compel the production of data located anywhere around the globe, without regard to the sovereign interests of other nation-states.

17 March 2015


'Administrative War' by Mariano-Florentino CuĂ©llar in (2014) 82(5) George Washington Law Review comments 
This Article takes up an issue with major implications for American administrative law, political development, and security studies: what happened to the American administrative state during and immediately after World War II, and what were the consequences of this period? As the Roosevelt Administration rushed to align domestic affairs with American geostrategic priorities at the outset of World War II, it confronted a host of now largely forgotten legal and organizational challenges. These ranged from a federal income tax base that encompassed less than ten percent of the labor force to unresolved legal questions about the scope of agencies’ power to issue subpoenas. For policymakers, organized interests, and the public, these challenges created uncertainty about the success of mobilization and the scale of the changes that the Administration would pursue. In response, the Administration and its legislative supporters made strategic choices to expand the administrative state without pursuing direct public control of industry. They created agencies such as the War Production Board, the Office of Price Administration, and the Office of Economic Stabilization. Within a few years, these organizations became part of a broader structure for legally sanctioned agency action that facilitated price regulation and consumer rationing, mass taxation on an unprecedented scale, and industrial mobilization and coordination.
By 1944, the American economy was producing forty percent of the world’s armaments, and by 1945, the United States was the wealthiest society in history. Americans had witnessed an evolutionary transformation of their administrative state — involving greater exposure among the public to powerful, adaptive federal agencies of nationwide scope; newly permissive legal doctrines legitimizing the delegation of legislative authority and routine compliance investigations; new arrangements for mass taxation; White House supervision of agency action; and further entrenchment of procedural constraints meant to shape agencies’ weighing of the consequences of official decisions. The resulting framework was defined by high-capacity regulatory agencies and contractual arrangements, but it was also subject to political, ideological, and legal constraints. It reflected an avoidance of radical changes in the American political economy in favor of a circumscribed vision of administrative action relative to private markets. With these features in place, the federal administrative state became a fixture of American life.

15 March 2015

Hospitals and privacy in Australia and Canada

Two perspectives on privacy in the health sector ...

The SMH reports that the St Vincent's Hospital group has "banned unauthorised photography on its campuses in a bid to protect the privacy of its patients". A spokeswoman for NSW Health is reported as stating that there are no plans to ban photography in public hospitals.

At St Vincent's
Patients and their visitors will now have to seek permission from staff members before taking photographs in all wards except for the maternity ward at the Mater Hospital on the north shore ....
The policy follows several episodes where patient privacy has been compromised, including two occasions in which the victims of high-profile assaults were filmed – once by a member of the public – and broadcast on television.
In a separate incident, a psychiatric patient published information about other patients and staff on social media.
St Vincent's has indicated that
"We don't want to turn into some draconian campus." "We understand and appreciate that from time to time people really do want to take photographs for all the right reasons and so we just want to have that happen in a controlled environment."
It will accordingly post signs on windows near high-traffic areas warning visitors not to take photographs without authorisation, contingent for example on a nurse drawing a curtain between beds.

The SMH notes that
Psychiatric wards have long been concerned about information posted to the internet by disinhibited or delusional patients.
Psychiatrist Sarah Michael said the scenario arose every few months that patients used the internet to broadcast information about themselves or others without considering the implications. "The 'no photographs' is a good first step, but it still doesn't cover things like what if they tweet things that are inappropriate or put something on Facebook," Dr Michael said. "Once you've put something up there, it's up there."
Hospitals expose themselves to litigation under the NSW Privacy Act should they fail to protect patient privacy. The paparazzi photograph of Mick Jagger's girlfriend Marianne Faithfull lying comatose in St Vincent's Hospital, published in Sydney's Daily Mirror during the 1969 Rolling Stones tour, is the nightmare scenario.
Legal historians might recall Kaye v Robertson [1991] FSR 62.

Meanwhile in Canada we await the results of litigation following Hopkins v. Kay 2015 ONCA 112, in which the Ontario Court of Appeal has held that Hopkins as representative in a class action against data breach involving Peterborough Regional Heath Centre - is able to bring a common law claim for intrusion upon seclusion.

Such a claim was recognised in Jones v. Tsige 2012 ONCA 32, discussed here and in an article in Privacy Law Bulletin.

Peterborough argued that a claim was precluded by the Ontario Personal Health Information Protection Act, with health privacy violations being solely the domain of the province's Information & Privacy Commissioner.

In this instance the Court dismissed Peterborough’s appeal, meaning that patients will be able to sue hospitals and other health information custodian. A health privacy breach will accordingly be addressable in both a civil court case and as the subject of investigation by the privacy commissioner. Peterborough bears the C$24,000 costs of the appeal.

It is alleged that the medical records of 280 patients, including Erkenraadje Wensvoort (representative in class action against Peterborough), were wrongfully accessed between 2011 and 2012. Wensvoort alleges she left an abusive relationship after 51 years of marriage (including hospitalisation at Peterborough) and went into hiding with an unlisted phone number and address. On admission to Peterborough her identity was supposed to be safeguarded, with information only being provided to the staff treating her.

She claims that she suffered psychiatric harm when the hospital revealed that her medical records had been improperly accessed; she worried that her husband had paid a hospital employee in an attempt to find her. (That fear is consistent with coverage of separate litigation by 14,450 patients of the Rouge Valley Health System following allegations that employees sold patient records).

Health sector in peril? Under PHIPA there is a requirement for evidence of 'actual harm', with damages for mental anguish limited to C$10,000. (Compare the quantum with the recent Hammond award in New Zealand.) Damages under common law in Ontario without proof of actual harm, following Jones, are not spectacular. Further, the Court noted that the test from Jones is difficult to satisfy. Under s. 72(5) of the PHIPA the province's Attorney General may commence a prosecution regarding wilful contravention of the Act, punishable by a C$50,000 fine re individuals and C$250,000 for institutions.

In the current judgment the Court emphasised that PHIPA centres on systemic issues that should be addressed through systemic improvements. It noted
the broad discretion conferred on the Commissioner by PHIPA means that complainants would face an expensive and uphill fight on any judicial review challenging a decision not to review or proceed with an individual complaint.  
The Ontario Information & Privacy Commissioner supported the position of the respondent, with the Court  clearly noting comments by the Commissioner.