05 July 2014

PCLOB on FISA s 702

In January I noted the report by the US Privacy and Civil Liberties Oversight Board (PCLOB), an entity advising the President, on implementation of the Foreign Intelligence Surveillance Act Amendments Act of 2008.

Under section 215 of the USA PATRIOT Act, the NSA collects domestic telephone metadata (ie traffic records) in bulk. Under section 702 of the Foreign Intelligence Surveillance Act (FISA) the government collects the contents - rather than metadata - of electronic communications, including telephone calls and emails, where the target is reasonably believed to be a non-US personlocated outside the United States.

PCLOB has now released a 190 page report [PDF] regarding intelligence gathering under FISA s 702.

The Board comments that
During the course of this study, it became clear to the Board that each program required a level of review that was best undertaken and presented to the public in a separate report. As such, the Board released a report on the Section 215 telephone records program and the operation of the FISA court on January 23, 2014. Subsequently, the Board held an additional public hearing and continued its study of the second program. Now, the Board is issuing the current report, which examines the collection of electronic communications under Section 702, and provides analysis and recommendations regarding the program’s implementation.
The Section 702 program is extremely complex, involving multiple agencies, collecting multiple types of information, for multiple purposes. Overall, the Board has found that the information the program collects has been valuable and effective in protecting the nation’s security and producing useful foreign intelligence. The program has operated under a statute that was publicly debated, and the text of the statute outlines the basic structure of the program. Operation of the Section 702 program has been subject to judicial oversight and extensive internal supervision, and the Board has found no evidence of intentional abuse.
The Board has found that certain aspects of the program’s implementation raise privacy concerns. These include the scope of the incidental collection of U.S. persons’ communications and the use of queries to search the information collected under the program for the communications of specific U.S. persons. The Board offers a series of policy recommendations to strengthen privacy safeguards and to address these concerns.
It goes on to state that
This Report consists of six parts. After this introduction and the Executive Summary, Part 3 contains a factual narrative that explains the development of the Section 702 program and how the program currently operates. Part 4 consists of legal analysis, including the Board’s statutory and constitutional analyses, as well as a discussion of how the program affects the legal rights of non-U.S. persons. Part 5 examines the policy implications of the program, including an assessment of its efficacy and its effect on privacy, while Part 6 outlines and explains the Board’s recommendations.
The Board presents this Report in an effort to provide greater transparency and clarity to the public regarding the government’s activities with respect to the Section 702 program. The recommendations reflect the Board’s best efforts to protect the privacy and civil liberties of the public while considering legitimate national security interests. The Board welcomes the opportunity for further discussion of these pressing issues.
The Board states, in summary -
In 2008, Congress enacted the FISA Amendments Act, which made changes to the Foreign Intelligence Surveillance Act of 1978. Among those changes was the addition of a new provision, Section 702 of FISA, permitting the Attorney General and the Director of National Intelligence to jointly authorize surveillance conducted within the United States but targeting only non-U.S. persons reasonably believed to be located outside the United States. The Privacy and Civil Liberties Oversight Board (PCLOB) began reviewing implementation of the FISA Amendments Act early in 2013, shortly after the Board began operations as an independent agency. The PCLOB has conducted an in-depth review of the program now operated under Section 702, in pursuit of the Board’s mission to review executive branch actions taken to protect the nation from terrorism in order to ensure “that the need for such actions is balanced with the need to protect privacy and civil liberties.”
A. Description and History of the Section 702 Program
Section 702 has its roots in the President’s Surveillance Program developed in the immediate aftermath of the September 11th attacks. Under one aspect of that program, which came to be known as the Terrorist Surveillance Program (TSP), the President authorized interception of the contents of international communications from within the United States, outside of the FISA process. Following disclosures about the TSP by the press in December 2005, the government sought and obtained authorization from the Foreign Intelligence Surveillance Court (FISA court) to conduct, under FISA, the collection that had been occurring under the TSP. Later, the government developed a statutory framework specifically designed to authorize this collection program. After the enactment and expiration of a temporary measure, the Protect America Act of 2007, Congress passed the FISA Amendments Act of 2008, which included the new Section 702 of FISA. The statute provides a procedural framework for the targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence information.
Section 702 permits the Attorney General and the Director of National Intelligence to jointly authorize surveillance targeting persons who are not U.S. persons, and who are reasonably believed to be located outside the United States, with the compelled assistance of electronic communication service providers, in order to acquire foreign intelligence information. Thus, the persons who may be targeted under Section 702 cannot intentionally include U.S. persons or anyone located in the United States, and the targeting must be conducted to acquire foreign intelligence information as defined in FISA. Executive branch authorizations to acquire designated types of foreign intelligence under Section 702 must be approved by the FISA court, along with procedures governing targeting decisions and the handling of information acquired.
Although U.S. persons may not be targeted under Section 702, communications of or concerning U.S. persons may be acquired in a variety of ways. An example is when a U.S. person communicates with a non-U.S. person who has been targeted, resulting in what is termed “incidental” collection. Another example is when two non-U.S. persons discuss a U.S. person. Communications of or concerning U.S. persons that are acquired in these ways may be retained and used by the government, subject to applicable rules and requirements. The communications of U.S. persons may also be collected by mistake, as when a U.S. person is erroneously targeted or in the event of a technological malfunction, resulting in “inadvertent” collection. In such cases, however, the applicable rules generally require the communications to be destroyed.
Under Section 702, the Attorney General and Director of National Intelligence make annual certifications authorizing this targeting to acquire foreign intelligence information, without specifying to the FISA court the particular non-U.S. persons who will be targeted. There is no requirement that the government demonstrate probable cause to believe that an individual targeted is an agent of a foreign power, as is generally required in the “traditional” FISA process under Title I of the statute. Instead, the Section 702 certifications identify categories of information to be collected, which must meet the statutory definition of foreign intelligence information. The certifications that have been authorized include information concerning international terrorism and other topics, such as the acquisition of weapons of mass destruction.
Section 702 requires the government to develop targeting and “minimization” procedures that must satisfy certain criteria. As part of the FISA court’s review and approval of the government’s annual certifications, the court must approve these procedures and determine that they meet the necessary standards. The targeting procedures govern how the executive branch determines that a particular person is reasonably believed to be a non-U.S. person located outside the United States, and that targeting this person will lead to the acquisition of foreign intelligence information. The minimization procedures cover the acquisition, retention, use, and dissemination of any non–publicly available U.S. person information acquired through the Section 702 program.
Once foreign intelligence acquisition has been authorized under Section 702, the government sends written directives to electronic communication service providers compelling their assistance in the acquisition of communications. The government identifies or “tasks” certain “selectors,” such as telephone numbers or email addresses, that are associated with targeted persons, and it sends these selectors to electronic communications service providers to begin acquisition. There are two types of Section 702 acquisition: what has been referred to as “PRISM” collection and “upstream” collection.
In PRISM collection, the government sends a selector, such as an email address, to a United States-based electronic communications service provider, such as an Internet service provider (ISP), and the provider is compelled to give the communications sent to or from that selector to the government. PRISM collection does not include the acquisition of telephone calls. The National Security Agency (NSA) receives all data collected through PRISM. In addition, the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) each receive a select portion of PRISM collection.
Upstream collection differs from PRISM collection in several respects. First, the acquisition occurs with the compelled assistance of providers that control the telecommunications “backbone” over which telephone and Internet communications transit, rather than with the compelled assistance of ISPs or similar companies. Upstream collection also includes telephone calls in addition to Internet communications. Data from upstream collection is received only by the NSA: neither the CIA nor the FBI has access to unminimized upstream data. Finally, the upstream collection of Internet communications includes two features that are not present in PRISM collection: the acquisition of so-called “about” communications and the acquisition of so-called “multiple communications transactions” (MCTs). An “about” communication is one in which the selector of a targeted person (such as that person’s email address) is contained within the communication but the targeted person is not necessarily a participant in the communication. Rather than being “to” or “from” the selector that has been tasked, the communication may contain the selector in the body of the communication, and thus be “about” the selector. An MCT is an Internet “transaction” that contains more than one discrete communication within it. If one of the communications within an MCT is to, from, or “about” a tasked selector, and if one end of the transaction is foreign, the NSA will acquire the entire MCT through upstream collection, including other discrete communications within the MCT that do not contain the selector.
Each agency that receives communications under Section 702 has its own minimization procedures, approved by the FISA court, that govern the agency’s use,retention, and dissemination of Section 702 data.11 Among other things, these procedures include rules on how the agencies may “query” the collected data. The NSA, CIA, and FBI minimization procedures all include provisions permitting these agencies to query data acquired through Section 702, using terms intended to discover or retrieve communications content or metadata that meets the criteria specified in the query. These queries may include terms that identify specific U.S. persons and can be used to retrieve the already acquired communications of specific U.S. persons. Minimization procedures set forth the standards for conducting queries. For example, the NSA’s minimization procedures require that queries of Section 702–acquired information be designed so that they are “reasonably likely to return foreign intelligence information.”
The minimization procedures also include data retention limits and rules outlining circumstances under which information must be purged. Apart from communications acquired by mistake, U.S. persons’ communications are not typically purged or eliminated from agency databases, even when they do not contain foreign intelligence information, until the data is aged off in accordance with retention limits.
Each agency’s adherence to its targeting and minimization procedures is subject to extensive oversight within the executive branch, including internal oversight within individual agencies as well as regular reviews conducted by the Department of Justice (DOJ) and the Office of the Director of National Intelligence (ODNI). The Section 702 program is also subject to oversight by the FISA court, including during the annual certification process and when compliance incidents are reported to the court. Information about the operation of the program also is reported to congressional committees. Although there have been various compliance incidents over the years, many of these incidents have involved technical issues resulting from the complexity of the program, and the Board has not seen any evidence of bad faith or misconduct.
B. Legal Analysis
The Board’s legal analysis of the Section 702 program includes an evaluation of whether it comports with the terms of the statute, an evaluation of the Fourth Amendment issues raised by the program, and a discussion of the treatment of non-U.S. persons under the program.
In reviewing the program’s compliance with the text of Section 702, the Board has assessed the operation of the program overall and has separately evaluated PRISM and upstream collection. On the whole, the text of Section 702 provides the public with transparency into the legal framework for collection, and it publicly outlines the basic structure of the program. The Board concludes that PRISM collection is clearly authorized by the statute and that, with respect to the “about” collection, which occurs in the upstream component of the program, the statute can permissibly be interpreted as allowing such collection as it is currently implemented.
The Board also concludes that the core of the Section 702 program — acquiring the communications of specifically targeted foreign persons who are located outside the United States, upon a belief that those persons are likely to communicate foreign intelligence, using specific communications identifiers, subject to FISA court–approved targeting rules and multiple layers of oversight — fits within the “totality of the circumstances” standard for reasonableness under the Fourth Amendment, as that standard has been defined by the courts to date. Outside of this fundamental core, certain aspects of the Section 702 program push the program close to the line of constitutional reasonableness. Such aspects include the unknown and potentially large scope of the incidental collection of U.S. persons’ communications, the use of “about” collection to acquire Internet communications that are neither to nor from the target of surveillance, and the use of queries to search for the communications of specific U.S. persons within the information that has been collected. With these concerns in mind, this Report offers a set of policy proposals designed to push the program more comfortably into the sphere of reasonableness, ensuring that the program remains tied to its constitutionally legitimate core.
Finally, the Board discusses the fact that privacy is a human right that has been recognized in the International Covenant on Civil and Political Rights (ICCPR), an international treaty ratified by the U.S. Senate, and that the treatment of non-U.S. persons in U.S. surveillance programs raises important but difficult legal and policy questions. Many of the generally applicable protections that already exist under U.S. surveillance laws apply to U.S. and non-U.S. persons alike. The President’s recent initiative under Presidential Policy Directive 28 on Signals Intelligence (PPD-28) will further address the extent to which non-U.S. persons should be afforded the same protections as U.S. persons under U.S. surveillance laws.Because PPD-28 invites the PCLOB to be involved in its implementation, the Board has concluded that it can make its most productive contribution in assessing these issues in the context of the PPD-28 review process.
C. Policy Analysis
The Section 702 program has enabled the government to acquire a greater range of foreign intelligence than it otherwise would have been able to obtain — and to do so quickly and effectively. Compared with the “traditional” FISA process under Title I of the statute, Section 702 imposes significantly fewer limits on the government when it targets foreigners located abroad, permitting greater flexibility and a dramatic increase in the number of people who can realistically be targeted. The program has proven valuable in the government’s efforts to combat terrorism as well as in other areas of foreign intelligence. Presently, over a quarter of the NSA’s reports concerning international terrorism include information based in whole or in part on Section 702 collection, and this percentage has increased every year since the statute was enacted. Monitoring terrorist networks under Section 702 has enabled the government to learn how they operate, and to understand their priorities, strategies, and tactics. In addition, the program has led the government to identify previously unknown individuals who are involved in international terrorism, and it has played a key role in discovering and disrupting specific terrorist plots aimed at the United States and other countries.
The basic structure of the Section 702 program appropriately focuses on targeting non-U.S. persons reasonably believed to be located abroad. Yet communications of, or concerning, U.S. persons can be collected under Section 702, and certain features of the program implicate privacy concerns. These features include the potential scope of U.S. person communications that are collected, the acquisition of “about” communications, and the use of queries that employ U.S. person identifiers. The Board’s analysis of these features of the program leads to certain policy recommendations.
The government is presently unable to assess the scope of the incidental collection of U.S. person information under the program. For this reason, the Board recommends several measures that together may provide insight about the extent to which communications involving U.S. persons or people located in the United States are being acquired and utilized.
With regard to the NSA’s acquisition of “about” communications, the Board concludes that the practice is largely an inevitable byproduct of the government’s efforts to comprehensively acquire communications that are sent to or from its targets. Because of the manner in which the NSA conducts upstream collection, and the limits of its current technology, the NSA cannot completely eliminate “about” communications from its collection without also eliminating a significant portion of the “to/from” communications that it seeks. The Board includes a recommendation to better assess “about” collection and a recommendation to ensure that upstream collection as a whole does not unnecessarily collect domestic communications.
The Report also assesses the impact of queries using “United States person identifiers.” At the NSA, for example, these queries can be performed if they are deemed “reasonably likely to return foreign intelligence information.” No showing of suspicion that the U.S. person is engaged in any form of wrongdoing is required, but procedures are in place to prevent queries being conducted for improper purposes. The Board includes two recommendations to address the rules regarding U.S. person queries.
Overall, the Board finds that the protections contained in the Section 702 minimization procedures are reasonably designed and implemented to ward against the exploitation of information acquired under the program for illegitimate purposes. The Board has seen no trace of any such illegitimate activity associated with the program, or any attempt to intentionally circumvent legal limits. But the applicable rules potentially allow a great deal of private information about U.S. persons to be acquired by the government. The Board therefore offers a series of policy recommendations to ensure that the program appropriately balances national security with privacy and civil liberties.
The report features several  recommendations -
A. Targeting and Tasking
Recommendation 1: The NSA’s targeting procedures should be revised to (a) specify criteria for determining the expected foreign intelligence value of a particular target, and (b) require a written explanation of the basis for that determination sufficient to demonstrate that the targeting of each selector is likely to return foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court.
The NSA should implement these revised targeting procedures through revised guidance and training for analysts, specifying the criteria for the foreign intelligence determination and the kind of written explanation needed to support it. We expect that the FISA court’s review of these targeting procedures in the course of the court’s periodic review of Section 702 certifications will include an assessment of whether the revised procedures provide adequate guidance to ensure that targeting decisions are reasonably designed to acquire foreign intelligence information relevant to the subject of one of the certifications approved by the FISA court. Upon revision of the NSA’s targeting procedures, internal agency reviews, as well as compliance audits performed by the ODNI and DOJ, should include an assessment of compliance with the foreign intelligence purpose requirement comparable to the review currently conducted of compliance with the requirement that targets are reasonably believed to be non-U.S. persons located outside the United States.
B. U.S. Person Queries
Recommendation 2: The FBI’s minimization procedures should be updated to more clearly reflect the actual practice for conducting U.S. person queries, including the frequency with which Section 702 data may be searched when making routine queries as part of FBI assessments and investigations. Further, some additional limits should be placed on the FBI’s use and dissemination of Section 702 data in connection with non–foreign intelligence criminal matters.
Recommendation 3: The NSA and CIA minimization procedures should permit the agencies to query collected Section 702 data for foreign intelligence purposes using U.S. person identifiers only if the query is based upon a statement of facts showing that it is reasonably likely to return foreign intelligence information as defined in FISA. The NSA and CIA should develop written guidance for agents and analysts as to what information and documentation is needed to meet this standard, including specific examples.
C. FISA Court Role
Recommendation 4: To assist in the FISA court’s consideration of the government’s periodic Section 702 certification applications, the government should submit with those applications a random sample of tasking sheets and a random sample of the NSA’s and CIA’s U.S. person query terms, with supporting documentation. The sample size and methodology should be approved by the FISA court.
Recommendation 5: As part of the periodic certification process, the government should incorporate into its submission to the FISA court the rules for operation of the Section 702 program that have not already been included in certification orders by the FISA court, and that at present are contained in separate orders and opinions, affidavits, compliance and other letters, hearing transcripts, and mandatory reports filed by the government. To the extent that the FISA court agrees that these rules govern the operation of the Section 702 program, the FISA court should expressly incorporate them into its order approving Section 702 certifications.
D. Upstream and “About” Collection
Recommendation 6: To build on current efforts to filter upstream communications to avoid collection of purely domestic communications, the NSA and DOJ, in consultation with affected telecommunications service providers, and as appropriate, with independent experts, should periodically assess whether filtering techniques applied in upstream collection utilize the best technology consistent with program needs to ensure government acquisition of only communications that are authorized for collection and prevent the inadvertent collection of domestic communications.
Recommendation 7: The NSA periodically should review the types of communications acquired through “about” collection under Section 702, and study the extent to which it would be technically feasible to limit, as appropriate, the types of “about” collection.
E. Accountability and Transparency
Recommendation 8: To the maximum extent consistent with national security, the government should create and release, with minimal redactions, declassified versions of the FBI’s and CIA’s Section 702 minimization procedures, as well as the NSA’s current minimization procedures.
Recommendation 9: The government should implement five measures to provide insight about the extent to which the NSA acquires and utilizes the communications involving U.S. persons and people located in the United States under the Section 702 program. Specifically, the NSA should implement processes to annually count the following:
(1) the number of telephone communications acquired in which one caller is located in the United States; (2) the number of Internet communications acquired through upstream collection that originate or terminate in the United States; (3) the number of communications of or concerning U.S. persons that the NSA positively identifies as such in the routine course of its work; (4) the number of queries performed that employ U.S. person identifiers, specifically distinguishing the number of such queries that include names, titles, or other identifiers potentially associated with individuals; and (5) the number of instances in which the NSA disseminates non-public information about U.S. persons, specifically distinguishing disseminations that includes names, titles, or other identifiers potentially associated with individuals.
These figures should be reported to Congress in the NSA Director’s annual report and should be released publicly to the extent consistent with national security.
F. Efficacy
Recommendation 10: The government should develop a comprehensive methodology for assessing the efficacy and relative value of counterterrorism programs.
The report features two separate statements
Chairman David Medine and Board Member Patricia Wald wrote jointly to recommend requiring restrictions additional to those contained in Recommendation 3 with regard to U.S. person queries conducted for a foreign intelligence purpose. They also recommended that minimization procedures governing the use of U.S. persons’ communications collected under Section 702 should require the following:
(1) No later than when the results of a U.S. person query of Section 702 data are generated, U.S. persons’ communications should be purged of information that does not meet the statutory definition of foreign intelligence information relating to U.S. persons. This process should be subject to judicial oversight. (2) Each U.S. person identifier should be submitted to the FISA court for approval before the identifier may be used to query data collected under Section 702, for a foreign intelligence purpose, other than in exigent circumstances or where otherwise required by law.
The FISA court should determine, based on documentation submitted by the government, whether the use of the U.S. person identifier for Section 702 queries meets the standard that the identifier is reasonably likely to return foreign intelligence information as defined under FISA.
In addition, they wrote to further explain their views regarding Recommendation 2. Specifically, they believe that the additional limits to be placed on the FBI’s use and dissemination of Section 702 data in connection with non–foreign intelligence criminal matters should include the requirement that the FBI obtain prior FISA court approval before using identifiers to query Section 702 data to ensure that the identifier is reasonably likely to return information relevant to an assessment or investigation of a crime. U.S. person communications may also be responsive to queries using non-U.S. person identifiers. This review would not be necessary for queries seeking communications of U.S. persons who are already approved as targets for collection under Title I or Sections 703/704 of FISA and identifiers that have been approved by the FISA court under the “reasonable articulable suspicion” standard for telephony metadata under Section 215. It would also not be necessary if the query produces no results or the analyst purges all results from the given query as not containing foreign intelligence.  Subsequent queries using a FISA court–approved U.S. person identifier would not require court approval.

Globalisation

'Regulatory Capitalism, Globalization and the End of History' (RegNet Research Paper No. 2014/33) by the superb Peter Drahos comments 
Regulatory capitalism is a capitalist order in which actors, both state and non-state, use a wide array of techniques to influence market behaviour. Many actors find themselves in regulatory relationships, relationships in which they are sometimes the regulator and in other contexts the regulatee. Regulatory capitalism is characterized by webs of relationships and interactions that produce what scholars within the University of Hokkaido Global COE program term 'multi-agential governance'. The globalization of regulation has seen many more regulatory states become 'regulatees' in various domains, meaning they have taken on standards set elsewhere. Comparatively few states can claim to have been standard-setters as opposed to standard-takers in the process of regulatory globalization. Using as point of departure the study of regulatory globalization that I conducted with my colleague John Braithwaite, which was published in 2000 under the title of Global Business Regulation (GBR), I want to focus on the rise of Brazil, Russia, India, China and South Africa (BRICS) as agents of regulatory globalization rather than as emerging markets. ...
Someone with a lot of faith in regulatory capitalism might argue that it is only a matter of time before regulatory capitalism produces responsive strategies that secure a level of sustainability for the earth system that is consistent with continued human occupation and use of the system. Views about the future cannot be settled until it arrives. My caution about investing faith in the regulatory capacity of today’s capitalism lies in the extractive nature of what I take to be its central and driving institution – property rights. One of capitalism’s fundamental characteristics is ever higher levels of commodity production and exchange. Drawing on a distinction made by Marx between use value and exchange value some things, such as eco-systems, have a use value without necessarily having an exchange value. Capitalism as a system of commodity production relies on property rights in the process of converting things that have use values into commodities i.e. things with exchange values. The best illustration of this process is the way in which the ‘commons’ is rhetorically characterized as leading to a ‘tragedy’ of destructive overuse and the solution is seen to lie in its commodification through private property rights. The commodification solution tends to ignore the history of stateless societies of indigenous peoples. These societies, operating with very different systems of resource control and property to be found in capitalist societies, were not only able to avoid the tragedy of the commons, but in many cases were able to increase their surrounding levels of natural capital. The commodification solution also overlooks the centrality of the intellectual commons to human creativity and to freedom.
The role of exclusive property rights in capitalist systems of production is generally justified on the basis of some notion of efficiency, either allocative in the case of tangible goods or dynamic in the case of intangible goods. These efficiency arguments ignore a swathe of problems, including the real-world information problems in being able to internalize all externalities through property rights, as well as the presence of transaction costs and unequal distributions of power that disrupt efficient bargaining. As Yoshiyuki Tamura has argued there is a structural bias in favour of the expansion of intellectual property rights, an expansion that is difficult to justify in terms of efficiency.
Capitalism’s property solution to the so-called tragedy of the commons is not about saving multifunctional ecological systems, but rather about allowing a particular commodity system such as cattle production to follow an economies-of-scale logic. This economies-of-scale logic heightens rather than lessens the destructive impact of commodity production on vital use values being generated by different kinds of commons. The purpose of property rights in this commodity system is to maximize the rent extraction process or allow a more ‘efficient’ rent seeker to obtain a market transfer of the resource. Mainstream economics lends ideological legitimacy to these processes by giving very little recognition to the problems of natural resource constraints in devising production functions. Essentially regulatory capitalism, like other capitalist orders before it, prioritizes exchange value over use value. It is true that regulatory capitalism does more to regulate the process of commodity production, using principles such as polluter pays or through the invention of new managerialist techniques for natural resources. However, as data from the IPCC and the MA, along with many other sources, show the main game is the conversion and degradation of the earth system’s use values so that commodity production and exchange can march on. The real tragedy of capitalism has much less to do with the commons and much more to do with unsustainable levels of commodification.
The faithful optimist in the adaptive power of regulatory capitalism might point to some encouraging signs of systems adaptation. The emergence of ecological economics is allowing us to place dollar estimates on the use value of the earth’s systems and cycles. So, for example, the coastal wetlands of the US help to protect it from damage from cyclones and hurricanes. Economic modeling suggests that these storm protection services from the wetlands amounts to more than (US) $23 billion per year, making the preservation of wetlands a highly cost-efficient exercise. There are attempt to devise regulatory models for trade in ecological services. A number of countries have moved towards purchasing defined environmental services that have an environmental goal such as the reduction of the pollution of land or the maintenance of biodiversity. These are obviously encouraging signs. However, the problems that regulatory capitalism faces at the earth systems level are of a different order to those it has faced in individual industry sectors where it has progressively assembled a track record of, as Malcolm Sparrow puts it, picking important problems and solving them.
Drahos concludes -
Regulatory capitalism is a distinctive order of capitalism characterized by dense webs of relationships and an array of regulatory techniques in which the state and non-state actors can end up either as regulator or regulatee. The BRICS have in the last decade or so emerged as market powers confronting regulatory domains that have since World War II globalized to a significant degree. As section 3 of the paper suggested the BRICS have entered regulatory orders not of their own making and often under conditions of US and/or EU hegemony. To some extent individually, but clearly collectively they are now in a position to form an effective veto coalition to global regulatory agendas coming out of the US or EU. They have yet to translate their economic power into the networked hard and soft power that has seen the US state and US multinationals be such effective actors of global regulatory change. In the area of global financial regulation there is an urgent need for approaches that shift regulatory capitalism way from the instabilities being generated by US crony financialism. For the moment the BRICS can at best be described as taking modest steps in this direction. In section 4, I suggest that regulatory capitalism may represent the end of history, but not quite in the sense intended by Fukuyama. My central contention in this part of the paper is that addressing the problems of the earth system will require much more than the smart use of regulatory techniques. These techniques will not of themselves be enough to prevent the tragedies of commodification, the shadows of which loom ever larger. What is also needed is for us to re-think the operation of capitalism’s most fundamental institution – property. Whether the rise of the BRICS will help to bring about such a revolutionary process is hard to say. No doubt there will be much criticism of my claim, as well as different ideas on how to begin the task of re-thinking property. My own view is that we need to study more closely the idea of a property cosmos in which conditional permissions play a much more central role than exclusive rights. Examples and variants of such a property cosmos are to be found in the indigenous societies of Australia, societies that were able to adapt to the great droughts and ice ages that occurred during their 50,000 year occupation of Australia. Central to this extraordinarily long period of continuous occupation was the way in which these indigenous societies were able to integrate cosmology and property

Rights and Responsibility

'The Human Rights Declaration of the Association of Southeast Asian Nations: A Principle of Subsidiarity to the Rescue?' (University of Oslo Faculty of Law Research Paper No. 2013-39) by Andreas Follesdal examines
ome of the criticism against the 2012 Human Rights Declaration of the Association of Southeast Asian Nations (ASEAN), by the UN Commissioner for Human Rights, UN experts, and several civil society groups. The main concern is whether a principle of Subsidiarity can defend the controversial 'state centric' elements of the Declaration, since some authors have appealed to a principle of subsidiarity in order to defend similar features of international law generally. Different interpretations of subsidiarity have strikingly different institutional implications regarding the objectives of the polity, the domain and role of subunits, and the allocation of authority to apply the principle of subsidiarity itself. Five different interpretations are explored, drawn from Althusius, the US Federalists, Pope Leo XIII, and others. One conclusion is that the Principle of Subsidiarity cannot provide normative legitimacy to the state centric aspects of current international law, including the ASEAN Declaration of Human Rights.
'Retaining the Genetic Profile of Innocent People: A Difficult Balance Between Respecting the Individual’s Privacy and Public Security' by Luciana Caenazzo and Pamela Tozzo in (2013) 14 Synesis: A Journal of Science, Technology, Ethics, and Policy argues [PDF]
In the course of investigations related to a penal prosecution in Italy, biological material obtained from individuals considered directly involved in a crime, but neither suspected nor prosecuted, may be acquired without their knowledge and/or consent. Although scientific progress constantly provides greater potential to forensic investigations, new ethical implications arise from the need to balance the greater efforts towards justice which science allows against the protection of individual human rights. The issue that arises in our case is that a biological sample (and consequently a genetic profile) acquired without the consent and knowledge of the subject might become discriminatory and stigmatizing for the subjects involved (individuals involved in the life of the victim, but neither suspected of carrying out the crime, nor prosecuted) should the investigative activity enter the public domain. The protection of an individual’s privacy within the context of the investigations goes beyond normal parameters of guarantee, because the risk of placing the identification process outside the control of the individuals is real. This risk therefore has a social relevance, considering that the investigative process might become discriminating and stigmatizing should the investigation enter the public domain. The safeguarding of privacy rights and the guarantee of society security must not contradict, but rather complement, each other.
The authors conclude -
The Italian National Committee on Bioethics in the document “The Identification of The Human Body: Bioethical Aspects of Biometrics” (5), paragraph “The right to oblivion” reports: “Memory is a key element of individual identity and social relations. It is difficult to imagine any internal development and cultural progress without the conservation and organization of traces of the past, which may take many forms: memory, history, opinion, prejudice, etc.). Oblivion is just as important to make a selection within this set of elements, avoiding any unnecessary or harmful accumulation. To ensure social stability and to protect individuals’ fundamental rights and freedoms, juridical experience has had to develop artificial forms of oblivion (despite their diversity: removal from criminal records, prescription, amnesty, pardon, etc.), where morality entrusts to forgiveness the extreme inner effort to overcome the past”.
In our context “avoiding any unnecessary or harmful accumulation” should be considered on two levels: the storage of biological samples, and the storage of data on each individual in the prosecution files.
In the literature, the issue concerning the storage of DNA samples in forensic databases is considered by many as an infringement of civil liberties. It is also argued that the need for a relationship of trust between the government and society would favor the storage of just the genetic profiles, and the destruction of actual biological samples. The destruction of the samples immediately after the analysis should serve to guarantee to the public that their DNA will not be used for purposes unrelated to legitimate law enforcement. After the DNA sample is destroyed, the remaining information would consist of a series of numbers without diagnostic or prognostic interest (10,11). In the case we have presented, we think that there is no valid ethical reason to preserve a biological sample once it has been analyzed to obtain the individual genetic profile, and therefore the sample should be destroyed after the completion of profiling, as is done, for example, in some EU forensic databases.
Regarding the genetic profiles obtained from biological samples of the individuals involved, they should only be used for a “one-off comparison” against the crime scene samples. If the samples taken fail to match samples found at the crime scene, the samples and the related profiles should be destroyed. This would guarantee “the right to oblivion” and would therefore fully respect the privacy of this particular category of individuals, who are innocent and totally unaware of the investigation being conducted on them. We can consider in this context “the right of oblivion” as the right not to be filed, classified, and possibly irreversibly marginalized on the basis of information gathered without your knowledge through non-transparent criteria, avoiding the durability of findings.
An alternative strategy which can be outlined is a consensual negotiation between the authorities carrying out the investigation and the persons involved, with the aim of obtaining consent for the sampling and, especially, for the analysis of the sample. Such a procedure could legitimize sample collection, in a manner similar to the collection process of samples in case of the “DNA Dragnet” procedure. In this procedure, the police ask a number of individuals to give voluntary DNA samples in a effort to identify the perpetrator of a crime or a series of a crimes (13,14), and the biological materials are donated after informed consent, and voluntarily. In this way the persons involved in the investigation are informed about the collection of biological material as part of the procedure.
The issue arising in cases where the biological sample (and consequently the genetic profile) is acquired without the knowledge and/or consent of the subjects who are involved in the investigation, but are neither suspected nor prosecuted, is that it might become discriminating and stigmatizing for them, especially where the investigative activity enters the public domain. This constitutes a crucial point in the balance between the restriction of individual liberty in terms of privacy violation and promoting security.
The right to oblivion could represent a solution that justifies the practice adopted in our context, ensuring both the protection of individual privacy and the safeguarding of public security. This right should be considered regarding two aspects: the storage of the biological sample, and the storage of data of each individual in the prosecution files, in relation to the importance of the individual to the investigation and the protection of individual privacy, and in relation to different procedures which should be followed. When dealing with the investigation of severe crimes, it seems that the vast majority of the population in democratic countries is normally willing to cooperate with the police. Individuals should be requested to give up their right to privacy to the extent required to ensure public security, by giving the individuals assurance of clear definitions and behaviors, and by maintaining shared and transparent arrangements and procedures.
Furthermore, jurisprudence should seek to balance the rights of the individual against the need for public security, establishing appropriate provisions in the different contexts to achieve the protection of individuals’ privacy. The protection of the individual’s right to privacy and the public interest of security should not contradict but should carefully complement each other, in order to maximize the citizens’ trust in a coherent and transparent justice system.
'Voter Privacy in the Age of Big Data' by Ira Rubinstein comments 
In the past several election cycles, presidential campaigns and other well-funded races for major political offices have become data-driven operations. Presidential campaign organizations and the two main parties (and their data consultants) assemble and maintain extraordinarily detailed political dossiers on every American voter. These databases contain hundreds of millions of individual records, each of which has hundreds to thousands of data points. Because this data is computerized, candidates benefit from cheap and nearly unlimited storage, very fast processing, and the ability to engage in data mining of interesting voter patterns.
The hallmark of data-driven political campaigns is voter microtargeting, which political actors rely on to achieve better results in registering, mobilizing and persuading voters and getting out the vote on or before Election Day. Voter microtargeting is the targeting of voters in a highly individualized manner based on statistical correlations between their observable patterns of offline and online behavior and the likelihood of their supporting a candidate and casting a ballot for him or her. In other words, modern political campaigns rely on the analysis of large data sets in search of useful and unanticipated insights, an activity that is often summed up with the phrase “big data.” Despite the importance of big data in U.S. elections, the privacy implications of data-driven campaigning have not been thoroughly explored much less regulated. Indeed, political dossiers may be the largest unregulated assemblage of personal data in contemporary American life.
This Article seeks to remedy this oversight. It proceeds in three parts. Part I offers the first comprehensive analysis of the main sources of voter data and the absence of legal protection for this data and related data processing activities. Part II considers the privacy interests of individuals in both their consumer and Internet-based activities and their participation in the political process, organizing the analysis under the broad rubrics of information privacy and political privacy. That is, it asks two interrelated questions: first, whether the relentless profiling and microtargeting of American voters invades their privacy (and if so what harm it causes) and, second, to what extent do these activities undermine the integrity of the election system. It also examines three reasons why political actors minimize privacy concerns: a penchant for secrecy that clashes with the core precept of transparent data practices; a tendency to rationalize away the problem by treating all voter data as if it were voluntarily provided or safely de-identified (and hence outside the scope of privacy law) while (falsely) claiming to follow the highest commercial privacy standards; and, a mistaken embrace of commercial tracking and monitoring techniques as if their use has no impact on the democratic process.
Part III presents a moderate proposal for addressing the harms identified in Part II consisting in (1) a mandatory disclosure and disclaimer regime requiring political actors to be more transparent about their campaign data practices; and (2) new federal privacy restrictions on commercial data brokers and a complementary “Do Not Track” mechanism enabling individuals (who also happen to be voters) to decide whether and to what extent commercial firms may track or target their online activity. The article concludes by asking whether even this moderate proposal runs afoul of political speech rights guaranteed by the First Amendment. It makes two arguments. First, the Supreme Court is likely to uphold mandatory privacy disclosures and disclaimers based on doctrines developed and re-affirmed in the leading campaign finance cases, which embrace transparency over other forms of regulation. Second, the Court will continue viewing commercial privacy regulations as constitutional under longstanding First Amendment doctrines, despite any incidental burdens they may impose on political actors, and notwithstanding its recent decision in Sorrell v. IMS Health, which is readily distinguishable.

01 July 2014

Pragmatism and Gadamer

'The Social Dimension of Legal Uncertainty: Reconciling Law and Science in the Formative Years of Pragmatism' by Frederic Kellogg in (2013) V(2) European Journal of Pragmatism and European Philosphy comments that
Nineteenth-century references to the syllogism by J. S. Mill and Oliver Wendell Holmes Jr. reveal a distinct approach to the logic of inference in the formative years of pragmatism. In the latter may be found an element of the emergence of generals from particulars. Fallibilism in law and science reflects their social dimension as part of the communal ordering of experience. This implies a distinct approach to uncertainty, as experience yet to be integrated within a developing system of classification. 
Kellogg states
Almost everyone knows Lord Mansfield’s advice to a man of practical good sense, who, being appointed governor of a colony, has to preside in its courts of justice, without previous judicial practice or legal education. The advice was to give his decision boldly, for it would probably be right, but never to venture on assigning reasons, for they would almost infallibly be wrong. John Stuart Mill, A System of Logic, 1843 
The above passage, from J. S. Mill’s A System of Logic, is part of Mill’s contribution in the 19th century to a debate (with Bishop Whately) over whether the logical syllogism “is, or is not, a process of inference; a progress from the known to the unknown: a means of coming to a knowledge of something which we did not know before”. Mill employs a familiar story about Lord Mansfield to support his contention that reasoning is inaccurately depicted by the classic syllogistic form. Rather than being informed by generals, “[a]ll inference is from particulars to particulars”. The formal syllogism, says Mill, adds nothing to logical thought: “Not one iota is added to the proof by interpolating a general proposition” (Mill, 1862: 232). Mill continues: Since the individual cases are all the evidence we can possess, evidence which no logical form into which we choose to throw it can make greater than it is; and since that evidence is either sufficient in itself, or, if insufficient for the one purpose, can not be sufficient for the other; I am unable to see why we should be forbidden to take the shortest cut from these sufficient premises to the conclusion, and constrained to travel the “high priori road”, by the arbitrary fiat of logicians. (Mill, 1862: 232-3) The illustratory example chosen here is drawn from law – specifically from judicial practice. This passage introduces my subject, the social dimension of thought: in particular, with regard to the disparate fields of law and science, as conceived in the formative years of pragmatism. The Lord Mansfield story suggests the difficulty of applying syllogistic inference to unique disputes for the individual observer. The young Oliver Wendell Holmes Jr, immersed in the records of actual cases, suggested an explanation. The syllogism models how the mind operates to justify knowledge of undisputedly similar facts; but judges are engaged in resolving disputed facts. They are also part of a community of inquiry, consisting of other judges, lawyers, and indeed the parties affected by the disputes in question. Influenced by peers in Cambridge, perhaps also by his recent experience in the Civil War, Holmes looked to the effects of society on thought, and the question of how a community resolves doubt and reaches conclusions. In the period before the American Civil War, Mill was engaged in another celebrated debate, with William Whewell, over the nature and grounds of scientific discovery. The young post-war intellectuals in Cambridge, Massachusetts (the founders of pragmatism, gathering in the so-called “Metaphysical Club”) were keenly aware of it. Some were reading its main sources, including Mill’s Logic and Whewell’s Philosophy of the Inductive Sciences, even as they designed their own radical naturalist approach to knowledge that would later be called pragmatism.
The passage from Mill connects the pragmatist interest in the logic of science with the logic of law, in a common vision of social inquiry. Max Fisch noted in 1942 (Fish, 1942) that half the membership of the early Metaphysical Club consisted of scientists and half lawyers, and that the two perspectives informed each other. Some evidence of this may be found in the diary of reading kept by the young Oliver Wendell Holmes, Jr., recently returned from the battles of the Civil War. Even while immersing himself in legal treatises and a daunting revision of the encyclopedic Kent’s Commentaries on American Law, Holmes was discussing philosophy with William James and Chauncey Wright, and, after attending a lecture on Mill by Charles Peirce, slogging through Mill’s lengthy and dense System of Logic in 1866.
Holmes’s principal work, The Common Law (1881), notably begins with the famous passage, “The life of the law has not been logic: it has been experience. The felt necessities of the time, the prevalent moral and political theories, intuitions of public policy, avowed or unconscious, even the prejudices which judges share with their fellow-men, have had a good deal more to do than the syllogism in determining the rules by which men should be governed.”(1881: 1) This community-conscious comment warrants a look at the early period of Holmes’s writing to explore his thought about the syllogism.
In 1870 we find Holmes, in a formative essay on law, repeating Mill’s story of Lord Mansfield’s comment, in a text which addresses the relationship of particulars and generals in the law:
It is the merit of the common law that it decides the case first and determines the principle afterwards… In cases of first impression Lord Mansfield’s often-quoted advice to the business man who was suddenly appointed judge, that he should state his conclusions and not give his reasons, as his judgment would probably be right and the reasons certainly wrong, is not without its application to more educated courts. It is only after a series of determinations on the same subject-matter, that it becomes necessary to ‘reconcile the cases’, as it is called, that is, by a true induction to state the principle which has until then been obscurely felt. And this statement is often modified more than once by new decisions before the abstracted general rule takes its final shape. A well settled legal doctrine embodies the work of many minds, and has been tested in form as well as substance by trained critics whose practical interest it is to resist it at every step. (Holmes, 1870: 1)
Here, Holmes appears to have absorbed Mill’s rejection of the syllogism and his vision of “reasoning from particulars to particulars”. But the relation of particulars to generals is different. Holmes adds an element of the emergence of generals from particulars, entirely missing from Mill’s account. Whereas Mill had set forth his argument as a rejection of classical logical form, Holmes goes on to address how, in an historical simulation, general rules are attained in a progression from particular judgments to consensually negotiated generals. It would occupy a key place in his thought and career, a vision that he would much later characterize as showing the “morphology of human ideas” – or how the common law might be viewed as an historical study in the way society thinks.
What Holmes adds is an addendum to Mill’s “Not one iota is added to the proof by interpolating a general proposition” (1862: 232). Where Mill simply dismisses that assumption, Holmes seeks a deeper explanation of the relation of particular judgments to general propositions. Focusing on the nature and origin of the general itself, Holmes attributes its emergence to a “series of determinations on the same subject”. These are not already given, as they arguably are in the classic example “all men are mortal”, but represent separate judgments in varying circumstances by a community of inquirers, viz., the disparate courts of law.
The topic of interest to Mill was a simple confusion over logical form; the general proposition “all men are mortal” is but a set of unquestionably comparable particulars. But what if the particulars are not patently comparable, as in a set of novel situations or judgments? Then it is certainly not appropriate to “take the shortest cut from premises to conclusion”, as Mill puts it (1862: 233). Holmes has highlighted a distinct problem, that of social classification and the emergence of consensus. If the very “general” in question is yet unestablished, a new realm of issues is opened up. Instead of how the individual thinks, it is how society thinks, how new generalized beliefs are formed despite the inevitable conflict of perceptions and views.
The great debate between Mill and Whewell is nearly forgotten today, even though recently analyzed in detail by Snyder (2010). It was fresh in the minds of the early Metaphysical Club, and it is a necessary resource to put the origins of pragmatism in full perspective. Recovering this perspective now is difficult, especially given the recent transformation of pragmatist philosophy by a dominant analytical attitude, flourishing (even while diverse) with W. V. O. Quine, R. Rorty, R. Brandom and others. An aid to recovering the earlier perspective is Whewell’s own preface to the second edition of his Philosophy of the Inductive Sciences (1840), a passage in a book that Holmes appears to have listed in the diary of his reading in 1866-7:
On the subject of this doctrine of a Fundamental Analysis, which our knowledge always involves, I will venture here to add a remark, which looks beyond the domain of the physical sciences. This doctrine is suited to throw light upon Moral and Political Philosophy, no less than upon Physical. In Morality, in Legislation, in National Polity, we have still to do with the opposition and combination of two Elements; of Facts and Ideas; of History, and an Ideal Standard of Action; of actual character and position, and of the aims which are placed above the Actual. Each of these is in conflict with the other; each modifies and moulds the other. We can never escape the control of the first; we must ever cease to strive to extend the sway of the second. In these cases, indeed, the Ideal Element assumes a new form. It includes the Idea of Duty. The opposition, the action and re-action, the harmony at which we must ever aim, and can never reach, are between what is and what ought to be; between the past or present Fact, and the Supreme Idea. The Idea can never be independent of the Fact, but the Fact must ever be drawn towards the Idea. - The History of Human Societies, and of each Individual, is by the moral philosopher, regarded in reference to this Antithesis; and thus both Public and Private Morality becomes an actual progress towards an Ideal Form; or ceases to be a moral reality. (1840: x-xi)
The passage summarizes a thesis regarding the relation of the particular to the general in the historical progress of science, Whewell’s “doctrine of a Fundamental Analysis”, and claims that it should “throw light upon Moral and Political Philosophy, no less than upon Physical”. As such it might be seen as a call to joining the two disparate areas of inquiry that the club, and in particular Holmes, would follow. What was Whewell’s thesis? Without getting deeply into the body of his work, it is the idea of a reciprocal and research-centered growth of knowledge created by a tension between the particular and the general: the opposition, interaction, and eventual “colligation” (a form of combination or negotiation) of the two critical elements, “facts and ideas”. These, he says, tend to be seen as in “conflict” with each other, but over time “modify and mould” each other. Moreover, the tension between them is itself transformative; as inquiry progresses, “the Ideal Element assumes a new form”. Further, they progress toward a “harmony at which we must ever aim, and can never reach… The Idea can never be independent of the Fact, but the Fact must ever be drawn towards the Idea” (1840: xi).
The epistemic context implied by this is social, rather than strictly individual. Whewell implies a process engaging an extended community of inquirers, both physically and chronologically. Moreover, he insists that it is applicable not just to natural science but to moral and political philosophy. Given that Whewell’s work was read and discussed in the semi-organized meetings of Metaphysical Club members, and clearly influenced Peirce’s notion of abduction and fallibilism, it may also have supported Holmes’s 1870 idea of “successive approximation”. The precise genealogy of a common perspective among the Cambridge intellectuals is elusive, but my purpose here is to highlight a common thread: understanding the social dimensions of knowledge, and the relation of intersubjective classification to the resolution of doubt and uncertainty.
The epistemic context of social classification is diachronic and transitional, whereas the syllogism is synchronic and analytical. For the latter, doubt is largely a failure of fit. For the former, it is a matter of provisional responsive adjustment to the arrangement of a changing order. For Mill, the reason why Lord Mansfield’s hypothetical decision-maker should “never venture on assigning reasons” is his intuitive sense of similarity; but for Holmes, it is the distinctive future significance of a novel problem. The situation itself is new, a “case of first impression”, having key aspects yet to be classified. The bearing of particular to general for Holmes is not one of logical relation but consensual emergence, integration from repeated experience into a dynamic and always emergent system of order. This attitude implies a distinct approach to uncertainty, as experience yet to be integrated within a moving system of classification.
'Hermeneutics and Law' by Francis Joseph Mootz III in (forthcoming) The Blackwell Companion to Hermeneutics states that
After providing a hermeneutical phenomenology of legal practice that locates legal interpretation at the center of the rule of law, the chapter considers three important hermeneutical themes: (1) the critical distinction between a legal historian writing aboout a law in the past and a judge deciding a case according to the law; (2) the reinvigoration of the natural law tradition against the reductive characteristics of legal positivism by consturing human nature as hermeneutical; and (3) the role of philosophical hermeneutics in grounding critical legal theory rather than serving as a quiescent acceptance of the status quo, as elaborated by reconsidering the famous exchanges between Gadamer, Ricoeur and Habermas. I argue that these three important themes are sufficient to underwrite Gadamer's famous assertion that legal practice has exemplary status for hermeneutical theory. 
Mootz begins ...
Legal hermeneutics serves to remind us what the real procedure of the human sciences is. Here we have the model for the relationship between past and present that we are seeking. . . . . In reality . . . legal hermeneutics is no special case but is, on the contrary, capable of restoring the hermeneutical problem to its full breadth and so re-establishing the former unity of hermeneutics, in which jurist and theologian meet the philologist. . . . .
We can, then, distinguish what is truly common to all forms of hermeneutics: the meaning to be understood is concretized and fully realized only in interpretation, but the interpretive activity considers itself wholly bound by the meaning of the text. Neither jurist nor theologian regards the work of application as making free with the text. – Hans-Georg Gadamer (1989a; 327-28, 332)
Legal practice exemplifies the activity of hermeneutical understanding. The judge deciding a case by interpreting a law in the rich factual context before her provides a particularly vivid touchstone for philosophical reflection on the nature of understanding generally. Hans- Georg Gadamer and Paul Ricoeur – the two leading post-Heideggerian hermeneutical philosophers – both regarded law as a central focus for developing their wide-ranging and differing approaches to philosophical hermeneutics (Gadamer 1989, 324-41; Ricoeur 2000). The deep connections between law and hermeneutical philosophy are longstanding, running parallel to the tradition of religious hermeneutics from the time that religion and law were first distinguished from each other.
The quintessential hermeneutical task – discerning the meaning of a text from the past to provide guidance in the present – has long defined both theology and jurisprudence. Legal hermeneutics is now preeminent because law provides the institutionalized bedrock of social cohesion in a multi-cultural environment within which multiple religious traditions co-exist. Contemporary legal hermeneutics in the West operates within constitutional democracies, which are devoted to ensuring due process and consistent treatment of similar cases by reference to preexisting norms. This core value in modern legal systems often is summarized as governments “of law and not of men,” (see Dallmayr 1990, 1452) and “that government in all its actions is bound by rules fixed and announced beforehand – rules which make it possible to foresee with fair certainty how the authority will use its coercive powers in given circumstances” (von Hayek 1945, 54). The rule of law appears to be premised on legal texts that have a single, persistent meaning through time, but it is precisely this assumption that philosophical hermeneutics puts into question.
Legal texts are now central to the operation of the rule of law, but this is an historical development rather than a necessary feature of legality. The broad institutionalization of written sources of law in the Roman Empire – culminating in the Code of Justinian in the sixth century to serve as a basis for governing a geographically dispersed and diverse set of situations and people – set the course for law in the Western world. Before the advent of codified law that required interpretation by later actors, law was more commonly identified with rhetorical performances. Greek laws were deeply rooted in custom and tradition, and cases were pleaded orally before large groups of citizens. This rhetorical tradition gave way to a textual focus.
It is not so surprising that, in the shift to a more literate culture, rhetoric was more or less replaced by hermeneutics, that is, by an interest in interpreting texts. . . . The role of hermeneutics in jurisprudence was based on the realization that no general rule could ever cover all the particularities of legal experience and practice. Fitting a particular case under a general law is always an act of interpretation (Gadamer 1984, 56).
Notwithstanding this shift in emphasis, Gadamer recognizes the persistence of the rhetorical foundation of legal practice. He emphasizes that “the rhetorical and hermeneutical aspects of human linguisticality completely interpenetrate each other” (Gadamer 1976, 25), and concludes that “there is a deep inner convergence with rhetoric and hermeneutics” (Gadamer 1984, 54-55). Legal practice is a dialectic of hermeneutics and rhetoric, and so in this setting hermeneutical philosophy is inextricably yoked to rhetorical theory (see Jost and Hyde, 1997). Recovering this more expansive understanding of legal practice girds the insights of philosophical hermeneutics in criticizing the simplistic approaches to legal interpretation.

29 June 2014

Privacy By Design

‘Privacy by Design’: Nice-to-Have or a Necessary Principle of Data Protection Law?' by David Krebs in (2013) 4(1) Journal of Intellectual Property, Information Technology and Electronic Commerce Law comments
'Privacy by Design' is a term that was coined in 1997 by the Canadian privacy expert and Commissioner for Ontario, Dr Ann Cavoukian, but one that has recently been receiving more attention in terms of its inclusion as a positive requirement into EU, US and Canadian data protection frameworks. This paper argues that the right to personal privacy is a fundamental right that deserves utmost protection by society and law. Taking privacy into consideration at the design stage of a system may today be an implicit requirement of Canadian federal and EU legislation, but any such mention is not sufficiently concrete to protect privacy rights with respect to contemporary technology. Effective privacy legislation ought to include an explicit privacy-by-design requirement, including mandating specific technological requirements for those technologies that have the most privacy-intrusive potential. This paper discusses three such applications and how privacy considerations were applied at the design stages. The recent proposal to amend the EU data protection framework includes an explicit privacy-by- design requirement and presents a viable benchmark that Canadian lawmakers would be well-advised to take into consideration.
Krebs states
The threats to the individual right to privacy – or what is sometimes referred to as the right to ‘informational self-determination’ or simply the ‘right to be let alone’ – are currently being widely discussed, debated and analysed. This is particularly so where this right is impacted by new technologies or the incremental move of our daily activities online. New technologies that impact the way in which information about people,(‘PII’), is used, collected, stored and disseminated are appearing at a frequent and rapid pace. These may be ‘apps’, facial recognition technologies, smart electricity grids, Radio Frequency Technologies (RFID), cloud computing, mass and surreptitious surveillance, biometrics and private sector Internet marketing initiatives. Currently, for the most part at least, technology is being adjusted after the fact to patch privacy-related issues as they arise or after they have already had a negative impact.
To address these concerns and to move from a reactive to a proactive approach, Dr Ann Cavoukian, current Privacy Commissioner for Ontario, in 1997 had already developed the principles behind – and coined the phrase – ‘privacy by design’ (PbD). PbD recognizes that the deployment of technologies designed to achieve a certain commercial or public sector goal without having considered the privacy implications at the design stage of the technology being used or disclosed in ways that harm privacy rights permanently. PbD embodies the merger of two objectives: the protection and control of PII and privacy, and the advancement of the commercial application of technologies in a sustainable but competitive manner. The Protection of Information and Electronics Documents Act (‘PIPEDA’) (as well as the European Data Protection Directive) contains provisions relating to the adequacy of protective security measures and also, implicitly, privacy ‘by design’ requirements. At present, however, PbD is not an explicit part of the legislative scheme in Canada, the European Union (EU) or the United States of America (US), even though it is often cited as a best practice and perhaps even as the ‘gold standard’ in privacy protection.
Calls for an introduction of PbD into legislative frameworks have been receiving more attention recently, for example, within the proposal for an EU privacy framework, in proposed legislation in the US, as well as a resolution at the 32nd International Conference of Data Protection and Privacy Commissioners in Jerusalem. In Canada, there have been no such concrete proposals, only the vocal views of the Federal and Ontario Commissioners.
This paper argues that legislated PbD is the necessary next step in privacy law to protect a right that is fundamental to liberty, personal integrity and democracy. For this reason, PbD deserves explicit mention as a tenet of privacy and data protection law. However, the view that laws based on PbD principles alone would be sufficient in this regard is not tenable in a world of ubiquitous computing and transformative technologies in this regard is not tenable in a world of ubiquitous computing and transformative technologies. A broad, principled approach relies on organizations adopting appropriate measures without providing the necessary guidance necessary to prevent actions injurious to personal privacy such as data breaches, unwanted tracking or uncontrolled collection of ever-increasing amounts of PII. PbD needs to be incorporated into the privacy law framework in Canada (and elsewhere) as a general organizational requirement and, in appropriate circumstances, mandate specific technological solutions, such as ‘privacy enhancing technologies’ PETs), as well as the corresponding ability for the regulator to prevent a system or application from being initiated.
The first part of this paper will briefly describe the legal right to privacy in order to set the stage for why the design of systems that conform to this right is of such primal importance to its ultimate protection. The second part will turn to the current legislative framework to canvass the extent to which current provisions would satisfy the needs intended to be addressed by PbD. In this section, I will include examples from the EU framework because of its relevance to Canadian privacy laws. Canadian policy discussions often run in parallel and Canada and Europe share many relevant socio-cultural aspects. I will also be looking to the US, where there have been some significant developments in this regard. The third part will look at pertinent examples of systems to which PbD principles were applied, and without which the resulting systems would likely have been much more privacy-intrusive. The last part of the analysis will focus on the views of data protection authorities relating to incorporating PbD into legislative frameworks, including a close look at the legislative proposal from the Ontario Commissioner, Dr Ann Cavoukian, which was included as part of a very recent publication [in fact 2011] from her office. The final part of this article will make some recommendations and suggested points for future research in this regard.
'Privacy in the Post-NSA Era: Time for a Fundamental Revision?' by Bart van der Sloot in (2014) 5(1) Journal of Intellectual Property, Information Technology and Electronic Commerce Law comments 
Big Brother Watch and others have filed a complaint against the United Kingdom under the European Convention on Human Rights about a violation of Article 8, the right to privacy. It regards the NSA affair and UK-based surveillance activities operated by secret services. The question is whether it will be declared admissible and, if so, whether the European Court of Human Rights will find a violation. This article discusses three possible challenges for these types of complaints and analyses whether the current privacy paradigm is still adequate in view of the development known as Big Data.
Van der Sloot argues
The data collection by the NSA and other secret service organizations is part of a broader trend also known as Big Data, in which large amounts of personal data are being collected by means of cameras, telephone taps, GPS systems and Internet monitoring, stored in large databases and analysed by computer algorithms. These data are then aggregated, used to create group profiles and analysed on the basis of statistical relationships and mathematical patterns. Subsequently, the profiles are used to individualize persons that meet a certain pattern or group profile. This technique, called profiling, is used for a growing number of purposes, such as in the fight against terrorism, in which a person may be monitored or followed when he (in whole or in part) meets a certain profile (for example, male, Muslim, Arab origin and frequent trips to Yemen). Similarly, banks and insurance companies rely on risk profiles of customers to take certain decisions, and Internet companies like Google and Facebook use such profiles for advertising purposes. For example, if a person fits the profile “man, university degree, living in London”, he might get an advertisement for the latest Umberto Eco book or for an apartment in one of the richer suburbs.
In such processes, there is basically no demarcation in person, time and space, as simply everyone could be subjected to them. Data collection and processing do not start after a particular ground or reason has arisen, but the value and use of the information will only become apparent at a later stage. The gathered data are often meta-data – regarding the length of and participants to a telephone call, for example – but this often does not regard the content of the communication. Meta-data can be compared to the information visible on an envelope in the ordinary mail, such as the addressee, the size and the weight and possibly the sender. These data traditionally do not fall within the realm of privacy and the secrecy of communication. Still, through the use of modern techniques, these data can be used to generate increasingly detailed profiles.  Thus although they are not privacy-sensitive data initially, they may become identifying data at a later stage. In addition, the collected data are not linked directly to one person, but they are used to generate general group profiles and statistical correlations. These profiles may be applied to an individual if he meets one or several of the elements contained in the group profile. Finally, in these processes, no reasonable suspicion is needed to individualize someone. Even a 1% chance that someone will buy an expensive luxury product or will engage in terrorist activities may provide sufficient grounds to do so. Consequently, the individual element and the interests of specific persons are moved to the background in such systems.
Although it is clear that European citizens cannot challenge the activities of the US National Security Agency (NSA) as unveiled by Edward Snowden, Big Brother Watch and others have filed a complaint against the United Kingdom for similar practices by its secret services under the European Convention on Human Rights (ECHR),  specifically Article 8, which holds as follows:
Everyone has the right to respect for his private and family life, his home and his correspondence.
There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
In a reaction, the European Court for Human Rights has asked the parties to respond to three questions:
(1) Can the applicants claim to be victims of a violation of their rights under Article 8 ECHR?
(2) Have the applicants done all that is required of them to exhaust domestic remedies?
(3) If so, are the acts of the United Kingdom intelligence services in relation to the collection and processing of data in accordance with the law and necessary in a democratic society?
This article will try to answer questions (1) and (3) by assessing three general points. Does the complaint fall under the scope of Article 8 ECHR ratione personae, meaning have the applicants suffered from any personal damage? Does the complaint fall under the scope of Article 8 ECHR ratione materiae, meaning do the practices complained of constitute an infringement with the right to privacy? And if so, what would the likely outcome be in relation to whether the infringement was necessary in a democratic society; that is, how will the Court balance the right to privacy with the need for security? Not discussed are the questions related to the exhaustion of domestic remedies and to the matter of whether the governmental practices are “in accordance with the law”.
Although this complaint functions as the central theme, the findings will be extrapolated to the current development of Big Data. The general conclusion will be that, currently, the right to privacy is based on the individual and his interests in a threefold manner: (1) It provides the individual with a right to submit a complaint about a violation of his privacy. (2) It provides him with protection of his personal interests, related to human dignity and personal autonomy. (3) In concrete circumstances, a privacy infringement will be judged on its legitimacy by balancing the individual with the societal interest, for example related to security.
Subsequently, it will be argued that the new developments of Big Data, of which the NSA affair is a shining example, bring the following results: (1) it is increasingly difficult to demonstrate personal damage and to claim an individual right, (2) the value at stake in this type of process is a societal rather than an individual one and (3) the balance of different interests no longer provides an adequate test to determine the outcome of cases. Finally, some modest alterations of the current paradigm will be proposed.