07 September 2013

Safe Hands?

'Big Data in Small Hands' by Woodrow Hartzog and Evan Selinger in (2013) 66 Stanford Law Review Online 81 comments
“Big data” can be defined as a problem-solving philosophy that leverages massive data-sets and algorithmic analysis to extract “hidden information and surprising correlations." Not only does big data pose a threat to traditional notions of privacy, but it also compromises socially shared information. This point remains under appreciated because our so-called public disclosures are not nearly as public as courts and policymakers have argued — at least, not yet. That is subject to change once big data becomes user friendly.
Most social disclosures and details of our everyday lives are meant to be known only to a select group of people. Until now, technological constraints have favored that norm, limiting the circle of communication by imposing transaction costs — which can range from effort to money — onto prying eyes. Unfortunately, big data threatens to erode these structural protections, and the common law, which is the traditional legal regime for helping individuals seek redress for privacy harms, has some catching up to do.
To make our case that the legal community is under-theorizing the effect big data will have on an individual’s socialization and day-to-day activities, we will proceed in four steps. First, we explain why big data presents a bigger threat to social relationships than privacy advocates acknowledge, and construct a vivid hypothetical case that illustrates how democratized big data can turn seemingly harmless disclosures into potent privacy problems. Second, we argue that the harm democratized big data can inflict is exacerbated by decreasing privacy protections of a special kind — ever-diminishing “obscurity.” Third, we show how central common law concepts might be threatened by eroding obscurity and the resulting difficulty individuals have gauging whether social disclosures in a big data context will sow the seeds of forthcoming injury. Finally, we suggest that one way to stop big data from causing big, un-redressed privacy problems is to update the common law with obscurity-sensitive considerations.
'Big Data Proxies and Health Privacy Exceptionalism' by Nicolas Terry argues that
while “small data” rules protect conventional health care data (doing so exceptionally, if not exceptionally well), big data facilitates the creation of health data proxies that are relatively unprotected. As a result, the carefully constructed, appropriate, and necessary model of health data privacy will be eroded. Proxy data created outside the traditional space protected by extant health privacy models will end exceptionalism, reducing data protection to the very low levels applied to most other types of data. The article examines big data and its relationship with health care, including the data pools in play, and pays particular attention to three types of big data that lead to health proxies: “laundered” HIPAA data, patient-curated data, and medically-inflected data. It then reexamines health privacy exceptionalism across legislative and regulatory domains seeking to understand its level of “stickiness” when faced with big data. Finally the article examines some of the claims for big data in the health care space, taking the position that while increased data liquidity and big data processing may be good for health care they are less likely to benefit health privacy.
Terry concludes -
There is little doubt how the big data industry and its customers wish any data privacy debate to proceed. In the words of a recent McKinsey report the collective mind-­set about patient data needs to be shifted from “protect” to “share, with protections.” Yet these “protections” fall far short of what is necessary and what patients have come to expect from our history of health privacy exceptionalism. Indeed, some of the specific recommendations are antithetical to our current approach to health privacy. For example, the report suggests encouraging data sharing and streamlining consents, specifically that “data sharing could be made the default, rather than the exception.” However, McKinsey also noted the privacy-­based objections that any such proposals would face:
[A]s data liquidity increases, physicians and manufacturers will be subject to increased scrutiny, which could result in lawsuits or other adverse consequences.We know that these issues are already generating much concern, since many stakeholders have told us that their fears about data release outweigh their hope of using the information to discover new opportunities.
Speaking at a June 2013 conference FTC Commissioner Julie Brill acknowledged that HIPAA was not the only regulated zone that was being side-­stepped by big data as “new-­fangled lending institutions that forgo traditional credit reports in favor of their own big-­data-driven analyses culled from social networks and other online sources.” With specific regard to HIPAA privacy and, likely, data proxies the Commissioner lamented:
[W]hat damage is done to our individual sense of privacy and autonomy in a society in which information about some of the most sensitive aspects of our lives is available for analysts to examine without our knowledge or consent, and for anyone to buy if they are willing to pay the going price.
Indeed, when faced with the claims for big data, health privacy advocates will not be able to rely on status quo arguments and will need to sharpen their defense of health privacy exceptionalism, while demanding new upstream regulation to constrict the collection of data being used to create proxy health data and sidestep HIPAA. As persuasively argued by Beauchamp and Childress, “We owe respect in the sense of deference to persons’ autonomous wishes not to be observed, touched, intruded on, and the like. The right to authorize access is basic.”
Of course one approach to the issue is to shift our attention to reducing or removing the incentives for customers of predictive analytics firms to care about the data. Recall how Congress was sufficiently concerned about how health insurers would use genetic information to make individual underwriting decisions that it passed GINA, prohibiting them from acquiring such data. Yet, today some (but not all) arguments for such genetic privacy exceptionalism seem less urgent given that the ACA broadly requires guaranteed issue and renewability, broadly prohibiting pre-existing condition exclusions or related discrimination. A realistic long-­term goal must be to reduce disparities and discrimination and thereby minimize any incentive to segment using data profiling.
A medium-­term but realistic prediction is that there is a politically charged regulatory fight on the horizon. After all, as Mayer-­Schonberger and Cukier note, “The history of the twentieth century [was] blood-­soaked with situations in which data abetted ugly ends.” Disturbingly, however, privacy advocates may not like how that fight likely will turn out. Increasingly, as large swathes of the federal government become embroiled in and enamored with big data-­driven decision-­making and surveillance, so it may become politically or psychologically difficult for them to contemplate regulating mirroring behavior by private actors.
On the other hand the position that we should not be taken advantage of without our permission could gain traction resulting in calls such as expressed herein for increased data protection. Then we will need to enact new upstream data protection of broad applicability (i.e., without the narrow data custodian definitions we see in sector-­based privacy models). Defeat of such reform will leave us huddled around downstream HIPAA protection, an exceptional protection, but increasingly one that is (in big data terms) too small to care about and that can be circumvented by proxy data produced by the latest technologies.


Robert Carolina and Kenneth G. Paterson in 'Megamos Crypto, Responsible Disclosure, and the Chilling Effect of Volkswagen Aktiengesellschaft vs Garcia, et al' comment [PDF] that
The recent decision of the English High Court to censor the publication of an academic paper describing weaknesses in the Megamos Crypto automobile immobiliser system raises a number of concerns for members of the cryptographic academic community, legal practitioners, and commercial users of cryptographic products. In this paper we will provide a brief description of the technology at the heart of the dispute, the crypto research project, the court's decision, and then provide a critique of the decision and make observations about its potential impact. Our description and our observations are based on evidence as it was disclosed in the published decision of the court, Volkswagen Aktiengesellschaft vs Garcia, et al [2013] EWHC 1832 (Ch) (25 June 2013). This decision addressed a request for preliminary injunction pending a full trial on the merits. It remains possible that additional evidence introduced later, or existing evidence that has not been disclosed in the decision, could have a significant impact upon the observations and opinions presented here. We do not take any position, nor do we make any prediction, about the ultimate outcome of this case. 
 The authors note that -
... three researchers decided to test the strength of the Megamos Crypto system. This type of activity – an unsolicited effort to identify weaknesses in commercial crypto devices – is common in the field of crypto research. This would not be the first paper published by academics highlighting weaknesses in RF-based automobile security devices. See, for example, Indesteege, Keller, Dunkelman, Biham, and Preneel, "How To Steal Cars – A Practical Attack on KeeLoq", EUROCRYPT 2008, LNCS 4965, pp. 1–18, 2008. (Cooperative effort by academic researchers resident in Belgium and Israel, supported by both public and private research grants, revealing deficiencies in KeeLoq – a widely installed remote key entry system. We note without further comment that it is common practice for academics in this field to give such papers rather provocative titles.) 
To conduct their analysis of Megamos Crypto the researchers needed to obtain details of the crypto algorithm used. The manufacturers of the immobiliser do not publish the algorithm. The algorithm is claimed as a trade secret. It is not clear from the decision whether the researchers considered paying a laboratory to reverse engineer the crypto chip itself. The court was advised that reverse engineering the chip would cost in the region of €50,000 – an outlay that might have seemed expensive in the context of an academic grant proposal. Instead, the researchers identified a third party hardware and software product called Tango Programmer. This product (sold for an initial payment of €1,000 per unit) can be used, among other things, to create keys for automobile immobilisers using Megamos Crypto and other immobiliser systems. The algorithm is incorporated within the Tango Programmer software, but not directly disclosed by the manufacturer. 
The researchers conducted a careful study of the Tango Programmer software. From this they were able to reverse engineer the functionality of the system and discover the details of the cryptographic algorithm. Having obtained the algorithm, they set about to study the system. The researchers eventually identified three weaknesses in the system. (Para.11.) Two of these (use of weak secret keys and poor key updating practices) were not an issue in the case. The court did not comment on this, but we note that weaknesses of this type recur with sad frequency in the operation of secure systems. 
The other weakness identified is much more serious. This is alleged to be a weakness in the design of the cryptographic algorithm itself. To explain the flaw that they had uncovered, the researchers planned to include a description of the algorithm in their published paper. It was this desire to publish the (allegedly secret) algorithm that created the dispute. 
In November 2012 the three authors approached EM (the crypto chip manufacturer) to explain the weaknesses they had uncovered. (Para.15.) It is not clear from the decision whether the researchers understood that EM was using the algorithm under license from Thales. The court's published decision, unsurprisingly, does not provide details of the exact nature of the weakness in the Megamos Crypto algorithm. 
The researchers planned to publish their paper in August 2013 in the proceedings of the annual USENIX Security conference. Volkswagen learned of the soon-to-be published academic paper on 23 May 2013, and brought a lawsuit in the High Court of England to prohibit disclosure of the algorithm. (Para.16.) The lawsuit names the three academic authors (two resident in the Netherlands and one resident in England), and the two universities that employ them (in England and the Netherlands).
The authors conclude -
The decision constructs a narrative about the academics that is very unflattering. Faced with a request to delay publication for just a little while longer the researchers instead demanded the ability to publish immediately and thereby jeopardised the security of millions of cars. (We have already questioned whether this was such a serious risk.) While the court admits that the failure to make Volkswagen aware of the problem was not their fault, it chastises them anyway for failing to consent to any more delay: "A responsible approach would be to recognise the legitimacy of the interest in protecting the security of motor vehicles." (Para.41) The court delivers some of its most harsh commentary in describing the responsible disclosure process. "I think the defendants' mantra of 'responsible disclosure' is no such thing. It is a self-justification by defendants for the conduct they have already decided to undertake and it is not the action of responsible academics." (Para.42) 
We suggest that a review of the evidence disclosed in the decision also supports a different narrative. This begins by considering the difficult work undertaken by the academics as part of their mission to support security research. The selection of Megamos Crypto as a potential research subject, the sourcing of Tango Programmer, the reverse engineering work needed to liberate the algorithm from the software, and then the core research work of examining the crypto algorithm for flaws. The decision does not state how long the researchers spent on this process, but we have little doubt that it was significant. Acting under ethical guidelines regularly applied by academics in this field, they approached the chip manufacturer EM with their findings in November 2012. They offered their assistance to develop work-arounds or replacement technology. They planned to publish their findings in August 2013, nine months after private disclosure. Having been open with EM, they heard very little in response. The researchers were then surprised when Volkswagen entered the picture in May 2013 – seven months after initial disclosure to EM – and sued them. Volkswagen requested and received an emergency temporary injunction with no notice to the academics. Given that the only meeting about the weakness in Megamos Crypto described by the court took place in June 2013 – a matter of weeks before scheduled publication – we are left to ponder how much emotion may have entered the situation at this stage. 
The difference in these two competing narratives demonstrates a significant disagreement about what constitutes "responsible disclosure". It appears that the court may not have fully appreciated how this phrase is used as a term of art in the context of security research. There are three main methods of public disclosure that are in common use in this admittedly abstruse field: (1) non-disclosure, (2) responsible disclosure and (3) full disclosure. In the first case, the researcher tells the affected party, and then says nothing more; in the third case, the researcher publishes without telling the affected party in advance and without any regard to their interests. The second way is a middle path between these extremes that is now very widely followed by academics and more generally security researchers. Typically, six weeks is set as the "time to disclosure" in the case of software flaws, and six months in the case of hardware flaws. However, in extreme cases, where no simple fix is available and the impact is very serious, researchers might feel compelled to wait longer than six months. These time scales (six weeks and six months) are not unique to these academic researchers. They are widely used baselines within the field of security research. We imagine that the researchers felt that they had already "gone the extra mile" by disclosing nine months in advance of publication, and might have felt rather abused when someone other than the product's manufacturer suddenly appeared and brought a lawsuit only two months before planned publication. 
It is crucial to understand that "responsible disclosure" is simply a phrase used by researchers to describe one approach to the public disclosure of security flaws, one that is certainly more responsible than full disclosure, and arguably even more responsible than non-disclosure, given that the latter approach does not create any incentive for the affected party to address any disclosed flaws in their products. The court did not appear to appreciate this distinction, given the way in which the decision criticizes the researchers. (Para.42.) 
Furthermore, and more importantly, it is apparent (from para.14) that the court's understanding of the term is incomplete: there, a definition of responsible disclosure is offered which entails "telling the manufacturer in advance" about the flaws, but which does not include the critical point that, in this mode of disclosure, a date is set up-front for when disclosure will take place, irrespective of the circumstances at the time when that date is reached. Establishing such a publication deadline when disclosing to the manufacturer is not simply the arbitrary or capricious act of a petulant researcher. This mechanism is used to prevent affected parties (who, as noted above, often form part of complex supply chains) from unnecessary dithering and to ensure they have an incentive to address the identified security flaws. It seems that this missing point concerning timing is what leads the court to heap opprobrium on the researchers in paras. 41 and 42, where it is opined that "it was not consistent with the idea of responsible disclosure for the defendants to simply say, 'We are going ahead anyway'." and "I think the defendants' mantra of 'responsible disclosure' is no such thing." There is a value judgment implied by the use of the word "mantra" here – this meaning a phrase repeated often and without significant thought. Our experience is that academic security researchers and industrial consumers of cryptography alike do understand the significance and methodology of responsible disclosure, and accept it as the preferred, if not universal, modus operandus for disclosing security vulnerabilities. This apparent breakdown in understanding seems to heavily colour the court's view of the academics' probity. 
We find the strong language used to describe the actions of the academics both puzzling and disappointing. First, it is clear that their approach to "responsible disclosure" was well within normal guidelines followed by security researchers for the benefit of the security industry (and society) as a whole. Even if it were not, the strength of the court's condemnation is surprising given the reality it had already acknowledged – reasonably accessible methods are available that would allow the academics or anyone else to publish the algorithm without the permission of the complaining parties.
The authors suggest that -
This ruling is likely to have a chilling effect on legitimate security research in the UK. While the circumstances of this case are rather specific, and the decision hangs on those specifics, the case creates a degree of uncertainty and confusion around what can, and cannot, be done by security researchers without running the risk of encountering legal obstacles. For academic researchers, "publish or perish" is a no less pressing or relevant a motto for it being hackneyed through overuse. And the investment in time and effort required to conduct the kind of research relevant to this case is significant, as are the risks that any given research avenue selected will turn out to be unfruitful. So the mere perception that legal barriers to publication might arise is likely to cause some researchers, particularly new entrants to the field, to think twice about starting at all. 
It is then especially ironic that, all the while, the UK government, through its funding agencies (such as EPSRC) and UK government departments (such as CESG/GCHQ and Business, Innovation and Skills, BIS), has been investing heavily in cyber security research, with a proportion of that funding being directed towards projects involving the development of techniques for the analysis, discovery, and eventual elimination, of weaknesses in security systems. 
We may also speculate that the ruling may have repercussions beyond the UK. Academic research in cryptography and security is a discipline now observed routinely around the world. Multi-country collaborations (like the collaboration that is the subject of this case) are commonplace. It is unclear whether the High Court of England would have been vested with jurisdiction of this case but for the fact that one of the authors and his employer are resident in the United Kingdom. The remaining two authors are normally resident in the Netherlands. The putative publisher is based in the United States. Certainly courts in the United States are highly suspicious of such prior restraint cases due to a combination of the guarantee of free speech (under the First Amendment of the US Constitution) and certain limitations in the US treatment of trade secrets. (See generally, Samuelson, "Principles For Resolving Conflicts Between Trade Secrets And The First Amendment", 58 Hastings L.J. 777 (March, 2007).) 
As a result of this decision, it seems plausible that researchers based outside the UK may be less enticed by the prospect of working with UK-based researchers given the possible injunction of their eventual joint research papers. The effect would be to isolate UK- based security researchers, at a time when national governments are strongly emphasising the need for cross-border efforts in cyber security research (see for example the UK Cyber Security Strategy at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/6096 1/uk-cyber-security-strategy-final.pdf). .... 
In granting a preliminary injunction that partially restrains publication of academic research into weaknesses in the Megamos Crypto system, the English High Court has taken a step that is – and should be – troubling to legitimate security researchers. In our opinion, the court's decision evinces a lack of understanding of the foundational principles of cryptography and secure system design that would have been necessary to conduct an appropriate enquiry into the risks of publication. The decision also appears to lack a clear understanding of the term of art "responsible disclosure", and the well- established role that this plays in security research. Although this is a preliminary decision, given the admitted infringement of free speech we find the application of law to the facts in this decision to be surprisingly brief and unhelpful. We are especially puzzled by the court's willingness to jump so quickly to the conclusion that the manufacturer of the Tango Programmer product engaged in misappropriation of a trade secret, and having reached that conclusion that the academics ought to have been aware of the misappropriation. If the court had better reasons to draw these inferences from the preliminary evidentiary record, it is unfortunate that the court did not describe this evidence in the published decision. We are also troubled at the chilling effect that this decision may have on legitimate security research in the UK. This decision, which we expect will be viewed as out of step with the prevailing trends of other countries regularly engaged in such research, could have the effect of isolating UK security research academics from their international colleagues – at precisely the time that the government in the UK is encouraging an increase in such research and in international cooperation. 
As a final comment, we have no doubt that the judge in this matter – who was required to hear this application and make this decision in a very compressed time frame – is an extremely able jurist. Judges, no matter how able, cannot be experts in all subjects. In English courts (and other common law courts around the world) it is the responsibility of others to explain to the court key elements of technology under review. Perhaps for no reason other than the compressed timetable leading up to the hearing and decision, it appears to us that this process of explaining complex technical facts and practices from an otherwise abstruse specialist field has somehow broken down.

Peer Review

Is the peer review system in academic publishing so broken that we should start again?

'Deep impact: unintended consequences of journal rank' by Björn Brembs, Katherine Button and Marcus Munafò in (2013) Frontiers of Human Neuroscience comments that
Most researchers acknowledge an intrinsic hierarchy in the scholarly journals (“journal rank”) that they submit their work to, and adjust not only their submission but also their reading strategies accordingly. On the other hand, much has been written about the negative effects of institutionalizing journal rank as an impact measure. So far, contributions to the debate concerning the limitations of journal rank as a scientific impact assessment tool have either lacked data, or relied on only a few studies. In this review, we present the most recent and pertinent data on the consequences of our current scholarly communication system with respect to various measures of scientific quality (such as utility/citations, methodological soundness, expert ratings or retractions). These data corroborate previous hypotheses: using journal rank as an assessment tool is bad scientific practice. Moreover, the data lead us to argue that any journal rank (not only the currently-favored Impact Factor) would have this negative impact. Therefore, we suggest that abandoning journals altogether, in favor of a library-based scholarly communication system, will ultimately be necessary. This new system will use modern information technology to vastly improve the filter, sort and discovery functions of the current journal system.
The article has an exhaustive bibliography.

Defamation and Confidentiality

The High Court of Australia has rejected a special leave application by The Age and journalists Richard Baker, Philip Dorling and Nick McKenzie regarding the February 2012 NSW Supreme Court decision that granted businesswoman Helen Liu access to documents in their possession relating to the identity or whereabouts of three of their sources.

In February 2010 The Age published two articles alleging Liu paid federal MP Joel Fitzgibbon $150,000 as part of ''a campaign to cultivate him as an agent of political and business influence''. The articles were supported by quotes from 135 pages of documents said to be her personal and business records, including a list of ''money paid'' for unstated purposes to 22 people, including Fitzgibbon. 

Fitzgibbon denies receiving the $150,000 payment and launched defamation proceedings. Liu claims the documents are forged or falsely attributed to her by a person or people with a vendetta against her. She asked the court to compel the journalists to reveal the identity of the sources as the basis for initiating defamation proceedings against the sources.

In Liu v The Age Company Limited [2012] NSWSC 12 McCallum J commented that
the protection of sources from disclosure of their identity is not a right or an end in itself. The rationale for the protection lies in the public interest in cultivating trust between sources and journalists as a boon to free speech and, in particular, free political discussion. The defendants unilaterally determined in the present case that the interests of the sources must yield to what the defendants claimed was a paramount public interest. It was that decision which exposed the sources to the risk of disclosure of their identity. Having invoked the relativity of competing interests as the basis for that decision, the defendants can hardly maintain that interests competing with the public interest in protecting confidentiality of journalists' sources must be set to one side in the determination of the present application. In my assessment, the force of the considerations underlying the newspaper rule is substantially lessened in the present circumstances.
An undertaking by journalists to keep a source confidential could be overridden "in the interests of justice".

McCallum J stated that
I am satisfied that, as submitted on behalf of the plaintiff, the correspondence reveals that Mr Baker disobeyed a specific request made to him by the contact on behalf of the sources. It was clearly indicated, so far as at least one of the sources was concerned, that the handwritten papers had been included inadvertently among the documents sent. A request was made on that basis not to publish those papers. Contrary to that request, The Age published details of the handwritten papers on its front page. 
The newspaper's decision to use the handwritten documents in the face of requests from the contact not to do so had the tendency, in my view, to undermine the very protection sought to be achieved by the practice of not requiring journalists to disclose their sources unless such disclosure is necessary in the interests of justice.
The Court went on to find that
... the defendants submitted that the interests of the sources should be taken into account in determining whether to exercise the discretion to grant the relief sought by the plaintiff. The evidence as to that issue comes primarily from the contents of the email correspondence (Exhibits N and 2). That correspondence reveals that the sources initially contacted the defendants with a view to selling information. They sought payment in the order of $120,000. The defendants responded by offering up to $10,000. A suggestion that one of the sources might lose his employment upon providing the information was plainly tied to attempts to negotiate a higher payment in that context. 
As submitted on behalf of the plaintiff, the early correspondence did not include any explicit request that the defendants not disclose the identity of the sources. Rather, the focus of the correspondence was upon obtaining reassurances that the defendants would not sell the information to any third party without consulting the sources. 
A consideration of the emails in chronological order reveals that it was in fact the defendants who first volunteered that they would not disclose the identity of the sources. 
After considering the contents of the relevant correspondence before me (Exhibits N and 2), I am not persuaded that there is any tangible risk of adverse consequences to the sources in the event that their identity is revealed beyond the risk of their being sued for defamation and the consequential impact upon their relationship (if any) with the plaintiff.
High Court found there were no grounds for special leave.

Constitutional Identity

'Constructing Identity in Australian Constitutional Law' (Sydney Law School Research Paper No. 13/56) by Elisa Arcioni comments
Written constitutions can identify and construct membership of the relevant constitutional community. This paper addresses how the language of the Australian Constitution, as seen through the eyes of judges, constructs such an identity. The phrase ‘the people’ is focused upon. Three case studies are considered in order to discuss the approaches of judges of the Australian High Court to the interpretation of constitutional language. One approach is to treat constitutional language as symbolic and absolute, representing inclusion, popular participation in government and representation. A competing approach is to treat the language as reflective of historical circumstances, limited by legal understandings at the time of drafting the text. This article concludes that determining the meaning of legal language is inherently connected with methods of interpretation. In order to understand the identity of the constitutional community, the underlying approach of judges and the external principles or theories they incorporate into the text must be identified.
Her 2009 'That Vague But Powerful Abstraction: The Concept of ‘The People’ in the Constitution' comments
The concept of ‘the people’ in the Australian Constitution is undoubtedly unfinished constitutional business. The concept is “vague” due to a lack of development by the High Court but also because it is an inherently fluid concept. Yet it is also “powerful” because of what ‘the people’ has come to signify, which is something that I suggest should be further developed by the High Court. There are two questions that I consider in this paper. The first is: who are ‘the people’? The second is: what impact do they have on our understanding of the Constitution and constitutional terms?
She continues
Is ‘the people’ a vague concept? A majority of the Court has now directly stated that ‘the people’ is a reference to the community under the Constitution. While still somewhat vague, there is at least the hint in Roach, as well as in earlier statements, that the community is to be identified in accordance with determining who is part of the group who has the ability and legitimacy to be involved in constitutional government. In Roach it was the act of voting that was at issue, so the Court looked to what it means to vote and what is required in order to be involved in that process. It is unrealistic to suggest that there is going to be a clear identification of either the exact identity of ‘the people’ or the criteria for their identification. The identity of ‘the people’ is going to remain vague, or at least fluid. This is because the identity of the constitutional community will change over time, as can be seen in the history of who is accepted as part of the community. 
In colonial times, the constitutional community was not every person in Australia, but a more limited group – predominantly white men. In the early part of federation, the constitutional community could be considered to be all British subjects resident in Australia, with some racial exceptions (although these were not consistently applied). Over time, British subjecthood was no longer a true label for the constitutional community, just as the High Court recognised the separation between the UK and Australia in Sue v Hill  in 1999 such that the UK is now considered a foreign power. Australian citizenship seems an obvious identifier of ‘the people’ in the Constitution, but it cannot simply be in the hands of the Parliament to determine who fall within the group ‘the people’ by legislating for citizenship. 
The Court will need to expand on what they mean by being a member of the community under the Constitution. The parameters need to be explored because of the possible implications that such identity has for our understanding of the Constitution. Yet such development is obviously going to be a sensitive and contested exercise and my guess is that it will be a case of incremental development before a clear outline of ‘the people’ is revealed by the Court. 
Despite the vagueness of the identity of ‘the people’, ‘the people’ is nevertheless a powerful constitutional concept. This has been shown most recently in Roach, where the concept of ‘the people’ led to the striking down of legislation which restricted prisoners’ voting rights. Given the significance of the people both in history and in High Court jurisprudence, the concept has the potential to go further than being a symbolic reference to the source of the Constitution’s authority. It certainly has the ability to further affect the franchise, along the lines of the reasoning in Roach. Further areas for contestation include a consideration of who else is included or excluded from the vote. Apart from horror hypotheticals of the Parliament excluding all people of a particular gender or race, there are the more realistic challenges to the franchise as it exists today. For example, the exclusion of some Australians living overseas. Australians living overseas may be deprived of the right to vote if they remain or intend to remain outside Australia for more than six years. Or, there might be a challenge to the voting age being 18. In the future, there may be a challenge from some under-age individuals, who have the same ability and maturity as those over 18. Just as the voting age changed from 21 to 18 in 1973, could it be that some people between the ages of, say, 16 and 18 should be entitled to vote? Or the question of permanent residents, who may be as involved in Australian life as citizens – should they continue to be denied the vote? However, I suggest that the significance of ‘the people’ could go further than the franchise. As hinted at by McHugh J, as well as by Kirby J in a number of cases, such as Patterson in 2001, there may be the development of constitutional citizenship, not confined to the current legislative definition of citizen, which insulates individuals from attempts at deportation or being categorised in a class such as ‘alien’. The concept of ‘the people’ could be used in the future to challenge citizenship legislation, which is treated as the current indicator of membership of the Australian community. And, by extension, to challenge migration legislation, which operates on the basis of individuals being ‘non-citizens’, with non-citizen being used as an equivalent to the constitutional status of ‘alien’ in s 51(19).
‘The people’ has become more than a symbolic reference to the authority of the Constitution, or the group who has freedom of political communication in order that there be fully informed elections. It is a powerful force, symbolically and legally. It was the rallying cry for successful federation, and a reference to the group at the heart of constitutional government. 
‘The people’ can be understood as a reference to the constitutional community. That is, as a reference to the individuals who make up the Australian population under the Constitution and therefore to the ones who have a claim to involvement in constitutional government and the possibility of protections or freedoms under that Constitution. As a phrase approximating constitutional citizenship, the Parliament’s power may be limited with respect to ‘the people’ in areas such as the franchise, citizenship and deportation, which are all areas that intersect with membership of the constitutional community.

Shaming, Naming, Claiming and Inking

''Naming and Shaming' in Western Australia: Prohibited Behaviour Orders, Publicity and the Decline of Youth Anonymity'' by Thomas Cofts and Normann Witzleb in (2011) 35(1) Criminal Law Journal 34 comments that
The Western Australian Parliament has passed the Prohibited Behaviour Order Act 2010. This Act enables a court to prohibit a person aged 16 years or over who has been convicted of an offense with an anti-social element from engaging in otherwise lawful behaviour that the court regards likely to increase the chances that the person will commit a further such offense. The Act provides that details of the person and the order will be posted on a departmental website even in the case of the young and that anyone is free to republish that information. This paper reviews the traditional stance of the law relating to publication of child offending before discussing the pros and cons of how prohibited behaviour orders will affect this position. ...
It is accepted that while publicity in relation to criminal proceedings is essential to ensure a fair and impartial justice system, the glare of publicity can also have negative effects for the subject of that publicity. In relation to adults these negative effects are accepted and generally thought to be deserved. However, it has historically been recognised that the young need protecting from publicity and therefore legal safeguards to ensure this protection is delivered are in place throughout Australia.
The PBOs in Western Australia will remove the right of the young to anonymity. The State government submits that this is necessary to ensure effective enforcement, deterrence and reassurance of the public. PBOs are modelled on a variant of the ASBO in the United Kingdom, for which publicity is likewise the norm. However, upon closer examination it is questionable whether making the community responsible for policing anti-social behaviour is effective at combating such behaviour and reassuring the community. Given the high rate at which similar orders in the United Kingdom are breached it remains unproven that the threat of publicity acts as an effective deterrent, in particular on young persons. Due to their immaturity and still-developing ability to control their impulses the young may either not appreciate the reality of the threat or may underestimate the future harm that may ensue from publicity. Some may even welcome the publicity as a badge of honour and value the immediate gratification of belonging to an “outside group”. Thus publicity may have the unintended consequence of cementing anti-social behaviour. Social exclusion of those labelled “anti-social” is also likely to occur where the community is made aware of “who in their midst has been responsible for such outrageous behaviour”. Strategies encouraging active citizenry to police anti-social behaviour operate on the basis of categorical suspicion. The young, and especially Aboriginal youth, are particularly susceptible to being demonised and labelled deviant; a process which is likely to be compounded by sensationalist reporting. This in turn can actually undermine public confidence in the authorities and increase, rather than decrease, the fear of criminal and anti-social behaviour, thus undermining one of the purposes of publicity.
The advantages of publicity in the case of a PBO do not outweigh the negative effects which may flow from publicity in the case of the young. However, there has been a rigid adherence in the United Kingdom to the belief that publicity is a necessary corollary to ASBOs. This belief has been accepted without question in Western Australia. This desire to publicise, even if the advantages thereof are disputed, may actually be part of a larger picture of a gradual shift away from the conviction that the young need protecting from publicity. The movement away from the welfarist approach to a justice model for dealing with young offenders is concomitant with the belief that the young should be held to take responsibility for their actions. Under this approach, young persons who persistently engage in anti-social behaviour are thought to no longer need protecting from publicity because they have already chosen to reject society’s norms. Such an argument fails to appreciate that anti-social behaviour is in many cases a normal part of growing up and will not necessarily lead to a criminal career. Labelling and shaming can compound any temporary rebelliousness and cement rather than help shift the young person away from such behaviour. 
This paper has not been concerned with efficacy of ASBOs or PBOs but merely with their effect on anonymity protection for young offenders. The aim was not therefore to argue here whether or not such orders are likely to be effective and should or should not have been introduced. The authors’ concern is that publicity should not be accepted without question as an essential part of a PBO in the case of the young. The right of the young to anonymity has been protected for good reasons which far outweigh any of the potential benefits of publicity. Publicity is likely to have damaging effects on the young and on society by encouraging suspicion in the community, progressing social exclusion and the fear of crime. It is therefore urged that the right of the young to anonymity be protected and that there be a presumption against publication in the case of minors.
Another perspective on anonymity and registration is provided in the speech by Raymond Stevens MP, Member for Mermaid Beach in the Queensland Parliament.

Endorsing the Criminal Proceeds Confiscation (Unexplained Wealth and Serious Drug Offender Confiscation Order) Amendment Bill 2013 (Qld) Mr Stevens states [PDF] that
My beloved region of the Gold Coast unfortunately seems to be a place where bikie gangs have infiltrated, with their clubhouses and headquarters making their homes in the region. While many do have legitimate businesses, the ones who are involved in illegal businesses are going to get caught. The proceeds from their criminal activities will be seized under these new laws. In a lot of these businesses dirty money is being cleaned through these front-door legal activities.
A recent story that has been in the media is of bikie gangs infiltrating the Victorian police force. Bikie gang members have been cultivating, compromising and corrupting police officers. They have been offering police officers access to strip clubs and drug related activities. They will do anything and stop at nothing to continue their illegal activity. The speed and accessibility of this sort of corruption which is causing a lot of damage is immense and usually drug related. These networks infiltrate legitimate areas of business to corrupt for their own gain. They hide behind legitimate businesses, such as gymnasiums, where there is a lot of drug and steroid use. I think peptides are the latest ones they are all promoting. ...
Tattoo parlours are very much a focus for this bikie gang behaviour. There is no doubt in my mind that these tattoo parlours that have popped up all along the Gold Coast—and I am sure in the electorates of other members; there are plenty of heads nodding—are the way that bikie clubs clean their money. Once this bill becomes law the Attorney-General will be able to pursue those ill-gotten gains. I have a suggestion in relation to tattoos that the health minister might look at. Under the Health Act there should be a register of people getting tattoos so that we can identify those people getting tattoos rather than have John Smith, Bill Brown and all the other fake names of people who are paying $5,000 or $10,000 for tattoos. This is a way for these bikie clubs to clean their money.
Next stop barcodes on bikie btms (and those of barristers, bogans and anyone else getting inked)?

In Western Australia the Government has introduced the Criminal Investigation (Identifying People) Amendment Bill 2013 [here], touted as requiring Muslim women to remove a burqa or niqab to prove their identity to WA. The amendment aims to require "a person to remove headwear or do other things to facilitate the officer being able to confirm a person's identity", with police gaining explicit powers to detain the person pending compliance.The requirement will apply to an item of clothing, hat, helmet, mask, sunglasses or "any other thing worn by a person that totally or partially covers the person's head".

Enthusiasts have called for a comprehensive ban on the burqa, unlikely to be constitutional. 'Section 116 of the Australian Constitution and Dress Restrictions' by Anthony Gray in (2011) 16(2) Deakin Law Review 293 for example comments
In this article, I will consider constitutional (and discrimination) issues that would arise if an Australian parliament enacted legislation with the effect, amongst other things, of prohibiting the wearing of particular items of clothing often thought to have religious significance, in particular the hijab, burqa or niqab. While the ban could apply to other items of clothing or jewellery of significance in religions other than Islam, given that most of the current debate concerns symbols of Islam, I will use this particular context as the focus of discussion. In so doing, I will draw briefly upon the rich jurisprudence concerning these issues in other jurisdictions, where much more litigation has taken place regarding the question than in Australia. I will also consider briefly whether a different result would apply if the ban were passed at state level. This is not an abstract argument; a current Senator in the Australian parliament has personally called for a burqa ban, and private members’ bills have been introduced in New South Wales and South Australia to introduce such a ban, at least in some circumstances.
In Part II I set the statutory framework for the discussion that follows. In Part III the meaning of the wearing of the hijab and burqa is considered. Part IV considers how laws banning the wearing of religious dress or symbols have been considered in various courts. In Part V I consider the validity of a Commonwealth law that had the effect of banning the wearing of some religious dress or symbols. ...
If the Commonwealth Government passed a law (otherwise constitutional) banning the wearing of religious dress or symbols, the High Court should read the principle of religious freedom in section 116 broadly. It should not validate a law just because the Commonwealth argues the law was passed for other (legitimate) purposes; in some cases, it is submitted courts in other jurisdictions have been too willing to accept at face value government arguments that bans on religious dress or symbols were necessary in pursuit of legitimate objectives of equality and neutrality, or that effects on religious freedoms were incidental (and so not considered to be objectionable). While the precise meaning of the wearing of items such as the hijab or burqa is open to interpretation, on at least some interpretations such wearing is supported by the Qur’an; it is highly contentious to extrapolate from the wearing of such items of clothing that oppression, subjugation or ‘extremism’ is being reflected.
Such a ban might also infringe the Racial Discrimination Act 1975 (Cth); for a Commonwealth law, this is not significant since the Commonwealth can amend its own legislation; in relation to a state law which purported to implement a ban, the court would have to consider directly whether Islam followers are an ‘ethnic group’ within the meaning of the Act; and then whether a blanket state ban on all face covering would be inconsistent with the RDA, in particular section 10. There is a strong argument that Muslim followers do comprise an ethnic group, and that section 10 might be used to invalidate a state attempt to ban face covering, given given its effect on those of Muslim ‘ethnicity’, compared with other ethnicities
That is consistent with works such as 'Can and Should Burqas Be Banned? - The Legality and Desirability of Bans of the Full Veil in Europe and Australia' by Anne Hewitt and Cornelia Koch in (2011) 36(1) Alternative Law Journal 16 and 'The Full Face Covering Debate: An Australian Perspective' by Renae Barker in (2012) 36(1) University of Western Australia Law Review.

06 September 2013

ACIP Designs Review

The Advisory Council on Intellectual Property (ACIP) has released a discussion paper [PDF] regarding its review of the Australian designs regime.

Appendix 4 provides  statistics regarding the regime.  On average some 6,000 design applications have been filed each year since 2002.  Approximately 20% of total registrations request examination, with most being certified. Under 20% of applications filed in any given year continue in force for the full 16 years (after payment of the third and final renewal fee). The majority of design applicants are Australian residents.

The paper asks several questions -
  1. Would Australia benefit from a designs system with a maximum term in excess of 10 years? 
  2.  Would a design grace period be of benefit to users and potential users? Why/why not? 
  3. If a grace period were to be made available, how long should it be for? 
  4. Should such a grace period be an alternative, or an addition to deferment of publication of the kind offered under the Hague System? 
  5. Is there confusion about the use of Statements of Newness and Distinctiveness? Please explain how. 
  6. The ALRC thought that such a Statement of Newness and Distinctiveness should not be mandatory. Do you agree? Please explain why. 
  7. Is a deferred publication process desirable? What are the potential advantages and disadvantages of permitting it? 
  8. How long should the period of deferment be? 
  9. What benefits and/or costs would there be for Australia if an Unregistered Design Right system were introduced? 
  10. Would an Unregistered Design Right system, if introduced into Australia, create confusion? If so, what measures might be appropriate to limit any such confusion? 
  11. Would Australia benefit from acceding to the Hague System? 
  12. Would Australia benefit from legislation changes to include designs in the Notice of Objection scheme? Please explain why/why not? 
  13. Are the copyright/design overlap provisions operating satisfactorily? Please explain why/why not. 
  14. Should there be restrictions in the Trade Marks Act 1995 for registered designs? Please explain why/why not? 
  15. Have the changes to the threshold of registrability introduced with the Designs Act 2003 provided greater differentiation between a new design and the prior art? Please explain how. 
  16. Are the differences between registration, publication and certification under the Designs Act 2003 clear? Should the multi-step process remain? Please explain why.
  17. Is there a continuing need for publication (and the current regime of requesting registration or publication)? Please explain why? 
  18. Is the Designs Act 2003 able to deal with new technologies eg 3D printing and GUIs? 
  19. Should GUIs be registrable?
  20. Are there any new opportunities for enhancing the designs system? 
  21. Are there any unintended consequences arising from its implementation to date?
  22. Do you have any other comments?
In relation to question 18 - ie 'Additive manufacturing (3D printing technology)' - ACIP comments that
One rapidly evolving technology of topical interest is the emergence of additive manufacturing (also known as three-dimensional (3D) printing technology). 3D printers produce articles by layering numerous, custom printed sheets of material, one on top of the other, and binding each layer together in the process. Most 3D printers manufacture products using a range of plastics or composite materials and some printers can also print in metals (e.g. stainless steel).
Until recently, 3D printers were extremely expensive and rare. As such, they were used for prototyping—mainly in the aerospace, medical and automotive industries. Once a design was finalised, a production line would be established and the part would be manufactured and assembled using conventional methods. But 3D printing has now improved to the point that it is starting to be used to produce the finished article. These printers are also becoming increasingly available and affordable, with a number of companies making desktop units. The capacity of the internet has also improved to the extent that a design can be sent as a digital file to be printed on a 3D printer almost anywhere in the world.
Hence, 3D printing is opening up new opportunities for innovation, customisation and creativity. It is also creating new opportunities for counterfeiting and imitating designs (both registered designs and unregistered designs).
As a legal matter, 3D printing may raise issues familiar in other areas of IP, such as the scope of secondary liability for designs infringement; liability of individuals for non-commercial acts relating to designs; and/or the territorial nature of the exclusive rights.
The paper also comments on Graphical User Interfaces (GUIs) -
Another area of new technology of significance is Graphical User Interfaces (GUIs) or screen icons. In recent years, GUIs have been increasingly lodged as design applications. There is no standardisation in how countries treat GUIs under their designs systems. Recent editions of the Locarno Classification (LOC) of the Locarno Agreement have introduced a new classification to include: Graphic symbols and logos, surface patterns, ornamentation.58 Although Australia is not a member of the Locarno Agreement, IP Australia uses the 8th edition of the LOC to classify designs. For Member States, the 10th edition will enter into force on January 1, 2014. The consideration of screen icons is raised in the examiner’s manual at D04.3.2. IP Australia does not consider screen icons are a registrable product. However, registrability is not considered during the formalities process and screen icons are appearing on the Register of Designs.

Exclusion and Recognition

A 'right to be remembered' (or merely recognised) alongside the right to be forgotten?

In the short 'Big Data and Its Exclusions' Jonas Lerman argues that
Legal debates over the "big data" revolution currently focus on the risks of inclusion: the privacy and civil liberties consequences of being swept up in big data's net. This essay takes a different approach, focusing on the risks of exclusion: the threats big data poses to those whom it overlooks. Millions of people worldwide remain on big data's periphery. Their information is not regularly collected or analyzed, because they do not routinely engage in the sorts of behaviors big data is designed to capture. Consequently, their preferences and needs risk being routinely ignored when governments and private industry use big data and advanced analytics to shape public policy and the marketplace. Because big data poses a unique threat to equality, not just privacy, this essay argues that a new "data antisubordination" doctrine may be needed.
Lerman comments that -
Because existing equality law will not adequately curb big data’s potential for social stratification or bias, it may become necessary to develop a new equality doctrine—a principle of data antisubordination. Traditionally, U.S. antisubordination theorists have argued “that guarantees of equal citizenship cannot be realized under conditions of pervasive social stratification,” and “that law should reform institutions and practices that enforce the secondary social status of historically oppressed groups.” This antisubordination approach — what Owen Fiss called the “group disadvantaging principle” — may need to be revised, given big data’s potential to impose new forms of stratification and to reinforce the status of already-disadvantaged groups.
A data antisubordination rule would, at minimum, provide those persons who live outside or on the margins of dataflows some guarantee that their status as persons with light data footprints will not subject them to unequal treatment by the state in the allocation of public goods or services.
To be most effective, however, the principle would need to extend beyond state action. Big data’s largest private players exert an influence on societies, and a power over communications and the flow of information, that in previous generations only governments enjoyed. Thus, a data antisubordination principle would be incomplete unless it extended, in some degree, to the private sector. Once fully developed as theory, a data antisubordination principle could be enshrined in law by statute. Like GINA, it would be a civil rights law designed for potential embedded in powerful new technologies—threats that neither the Framers nor past civil rights activists could have envisioned.
In “The Right to Privacy,” their 1890 Harvard Law Review article, a young Louis Brandeis and co-author Samuel Warren observed that “[r]ecent inventions and business methods call attention to the next step which must be taken for the protection of the person.” The big data revolution, too, demands “next steps,” and not just in information privacy law. Brandeis and Warren’s “right to be let alone” — which Brandeis would later call the “most comprehensive of rights and the right most valued by civilized men” — has become an obsolete and insufficient protector. Even more modern information privacy principles, such as consent and the nascent “right to be forgotten,” may turn out to have only limited utility in an age of big data.
Surely revised privacy rules, norms, and standards will be needed in this new era. But they are insufficient. Ensuring that the big data revolution is a just revolution, a revolution whose benefits are broadly and equitably shared, may also require, paradoxically, a right not to be forgotten or let alone — a right against exclusion.


'The Empty Promise of VARA: The Restrictive Application of a Narrow Statute' by David Shipley in Mississippi Law Journal argues that
 The Visual Artists Rights Act (VARA) was enacted by Congress in 1990 in order to bring our laws into compliance with Article 6bis of the Berne Convention and to acknowledge that protecting moral rights will foster “a climate of artistic worth and honor that encourages the author in the arduous act of creation.” The passage of this legislation is said to show Congress’s “belief that the art covered by the Act ‘meet[s] a special societal need, and [its] protection and preservation serves an important public interest.’”
Notwithstanding these lofty statements about artistic worth, honor and encouraging creation, VARA is a narrowly drafted addition to the Copyright Act. This legislation recognized several moral rights in the United States for the first time, but it does not extend to all works of authorship. It protects only a very select group of artists and only very narrowly defined works. As enacted well over twenty years ago VARA might have fulfilled initially our nation’s obligations under Article 6bis of the Berne Convention even though it provides less protection than most European moral rights legislation. It has been called weak, anemic and insufficient.
As interpreted and applied by the courts since 1991, it is now reasonable to conclude that VARA has not come close to fulfilling our obligations under Article 6bis. The federal judiciary, at both the trial and appellate levels, has taken seriously the statute’s restrictive language, its explicit exclusions from coverage, and the legislative history’s emphasis on VARA’s limited scope. In addition, severe tensions between an artist’s moral rights and the defendant’s rights, particularly property rights, have been palpable in many of the cases brought under VARA. As a consequence, courts have shown great reluctance to permit an artist’s moral rights to prevail over a defendant’s rights. Successful reported VARA claims seem to be few and far between.
This article, after summarizing VARA’s provisions, presents a pre-VARA moral rights case that might come out much differently if it were litigated today. This hypothetical case highlights many of the issues raised by VARA. Subsequent sections of the article analyze the act’s narrow definition of works of visual art as well as its several limitations on the attribution and integrity rights. These are the key provision which have been interpreted and applied by the courts since VARA’s passage in 1990. Time after time the courts have applied this narrowly drawn statute to deny plausible moral rights claims asserted by visual artists. The rhetoric surrounding the passage of VARA in 1990 made lofty promises, but Congress did not deliver on those promises.

04 September 2013

Good Marks

'Marks of Rectitude' by Margaret Chon in (2009) 77 Fordham Law Review 101 - hat tip to expert down the road - comments that
 Trademarks and certification marks increasingly denote sustainability or social responsibility standards. These marks of rectitude are particularly noticeable in the context of global trade, where market integration is accompanied by relatively uneven integration of environmental, labor and other standards, and where consumers in the so-called global North choose how to empower producers and/or encourage development of markets in the global South. But consumer participation in these transactions is under-explored by reference to criteria such as the quality not to mention accountability and transparency of the standards embedded within the goods or services. Newer stakeholders and meaning-makers such as the largely invisible third party certifier determine whether a product conforms to a standard, which in turn is embodied in a mark. Marks of rectitude can be viewed as a type of decentralized regulation in response to a felt need for heightened social norms. Trademark law potentially can function to mediate between extremely different local conditions within a global market system, to signal not source of manufacturing origin (as in classic trademark law), or geographic origin (as signified by certification marks to provide geographic indication protection in the U.S.), but rather socially responsible practices within a global administrative framework. The "branding" aspect of this decentralized, privatized regulation raises the likelihood of slippage between the mark's function as a reliable indication of source and its newer regulatory functions. Can marks of rectitude bear the weight of the various goals that have proliferated in the global regulatory marketplace? Published as part of an intellectual property symposium exploring the collision of different paradigms, this essay examines how the public law framework provided by the Lanham Act can foster the conditions for consumer participation essential to these various private regimes.

Pharma Promo

'When Truth Cannot Be Presumed: The Regulation of Drug Promotion Under an Expanding First Amendment' by Christopher T. Robertson in (2014) 94 Boston University Law Review comments that 
The Food, Drug, and Cosmetic Act (“FDCA”) requires that, prior to marketing a drug, the manufacturer must prove that it is safe and effective for the manufacturer’s intended uses, as shown on the proposed label. Nonetheless, physicians may prescribe drugs for other “off-label” uses, and often do so, such that a large portion of U.S. healthcare spending is consumed by such unproven uses. Still, manufacturers have not been allowed to promote the unproven uses in advertisements or sales pitches. 
This regime is now precarious due to an onslaught of scholarly critiques, a series of Supreme Court decisions that enlarge the First Amendment, and a landmark Court of Appeals decision holding that the First Amendment precludes the Food and Drug Administration (“FDA”) from regulating off-label promotional claims. These critiques strike at the very core of the FDCA, calling into doubt the constitutionality of the entire premarket approval regime, as a prior restraint on speech. 
This Essay makes three critical contributions, and offers a constructive approach to the regulation of drug promotion. First, this Essay reveals how the notion that “truthful” promotional claims enjoy First Amendment protection has been central to these scholarly and judicial critiques. However, those critiques have simply presumed the predicate of truthfulness – that the drugs are safe and effective for the newly intended uses, and further presumed that the FDA is acting paternalistically to protect the public from acting upon the truth. Second, this Essay clarifies that the truth is unknown, and this ignorance is itself the motivation for regulation. The FDCA incentivizes drugmakers to invest in producing that missing knowledge. Third, this Essay highlights the way courts currently use the Daubert doctrine to regulate scientific speech presented in their own courtrooms, noting that it is a prior restraint on speech that has received virtually no First Amendment scrutiny. 
Going forward, in FDCA enforcement actions, courts should defer to the FDA’s pre-market approval process as the test for the truth of promotional claims, and thus their status under the First Amendment. Accordingly, courts should remain in epistemic equipoise until the drugmaker proves safety and efficacy. Nonetheless, if the courts refuse to defer to the coordinate branches in that established expert regulatory process, the courts should put the burden upon the drugmaker to prove its claims true in court. Even under this fallback position, drugmakers will remain incentivized to produce the epistemic basis to support their claims of safety and efficacy. Thus the FDCA can have a secure place even within an enlarged conception of the First Amendment.

03 September 2013


'The EU General Data Protection Regulation: Toward a Property Regime for Protecting Data Privacy' by Jacob M. Victor in Yale Law Journal (Forthcoming) considers
the new EU draft regulation on data privacy - especially its controversial provision establishing a "right to be forgotten" - and argues that the regulation implicitly creates the kind of propertized data regime that scholars proposed and debated a decade ago. 
The Comment identifies the key conceptual features of a data property regime, explains how the draft regulation implicitly embodies these features, and compares this property-centric framing to the human-rights framing that tends to dominate discussions of data privacy.
Victor comments that
The European Union recently released draft legislation that has the potential to transform EU data privacy law. The draft General Data Protection Regulation proposes a range of new individual rights designed to protect consumers whose personal information is collected, processed, and stored by corporations. Most notably, the draft Regulation would establish a consumer’s “right to be forgotten,” mandating that entities that collect or process data—which, for ease, I will call “data users”—must delete any data relating to an individual “data subject” upon his request. Furthermore, any third parties with whom this information has been shared would also be required to respect the data subject’s request for deletion. 
The draft Regulation, which was approved by the European Commission in January 2012, is unlikely to be finalized and enter into force for at least another several months. But the legislation has already proven highly controversial for its potential applicability to any corporation that processes the data of EU citizens (including U.S. corporations), for its potential effects on free speech rights and criminal investigations, for its alleged technological unfeasibility, and for the possibility that it may impede bilateral policymaking efforts between the U.S. and EU. 
A yet unexplored dimension of the draft Regulation, however, is its relationship to broader questions about what rights-and-remedies scheme is most appropriate for protecting consumer privacy in data collection. Though the Regulation is framed in the fundamental- human-rights terms typical of European privacy law, this Comment argues that it can also be conceived of in property-rights terms. The Regulation takes the unprecedented step of, in effect, creating a property regime in personal data, under which the property entitlement belongs to the data subject and is partially alienable. More specifically, the data protection plan takes for granted that personal data has become akin to a commodity capable of changing hands. Working off of this reality, it allows for some, highly regulated exchanges of data while also adapting rights and remedies commonly associated with property in service of the goal of protecting consumer privacy. The proposal includes three elements in particular that lend themselves to a property-based conception: consumers are granted clear entitlements to their own data; the data, even after it is transferred, carries a burden that “runs with” the data and binds third parties; and consumers are protected through remedies grounded in “property rules.” In these respects, the proposed scheme is remarkably similar to existing, heretofore purely theoretical, proposals for property regimes for protecting personal data, especially the model proposed by Paul Schwartz in 2004. But the draft Regulation seems to be one of the first legislative proposals that would actually implement this kind of propertized personal data regime. 
This Comment proceeds in two parts. Part I outlines some of the theoretical proposals for propertized personal information designed to remedy the shortcomings of contemporary data protection law, exploring the features of property regimes that scholars have seized on in presenting these proposals. Part II argues that these property-oriented safeguards are present in the draft Regulation, even though the Regulation is not framed in property terms. The Conclusion briefly explores the implications of this analysis for the broader question of whether propertizing personal data can be reconciled with treating privacy as a human right, pointing out that the draft Regulation seems to transcend this debate by adapting the rights and remedies commonly associated with property in service of a human-rights-driven approach to privacy.

Private Investigators in Lithuania

Every man his own private detective?

'The Right to Privacy and Private Detective Activities in Lithuania' by Mindaugas Bilius in (2012) 5(2) Baltic Journal of Law & Politics 1 comments that
Private detectives have been providing their services in Lithuania for about a decade; however, only now has the Seimas of the Republic of Lithuania started to discuss whether it is expedient and necessary to regulate the activities of private detectives by means of a separate law. One of the goals of a separate legal regulation of private detective activities is the protection of human rights, particularly the right to privacy. This article examines the provisions of national and international legislative acts related to the private life of a person, and assesses the opportunities of a private detective to provide private detective services without prejudice to the provisions of applicable legislative acts. The article concludes that a private detective is not an authorized (public) authority and there is no possibility to assess in each case whether the interests of a person using the services of private detectives are more important than those of other persons, which would allow for violating their rights to private life. The limits of an individual’s right to privacy can only be narrowed by a particular person, giving consent to making public the details of his/her private life. It is the only opportunity for a private detective to gather information related to the private life of a citizen. Currently applicable legislative acts in Lithuania do not provide for opportunities for private subjects to collect personal data without that person’s consent. This right is granted only to public authorities and with the court’s permission 
Bilius argues that
In the absence of a unified regulatory policy in the area of private detective activities, each nation-state must make an individual decision as to whether private detective activities should be legally regulated separately from other services, and if so – what are the legal measures that would help protect consumer rights, reduce the number of violations of law, and at the same time would not cause unreasonable constraints to those seeking to undertake private detective activities. 
Private detective activities cannot be treated as a typical commercial service. Private detective activities differ from the usual provision of services and are characterized by attributes specific to them only, inasmuch as investigative services provided are related to the collection of information, and the information collected can often transcend the boundaries of private lives of individuals. Private detective activities are characterized by the fact that, when providing the service, an investigation aimed at obtaining information of interest to the client is carried out upon the client’s request. Similar services can be provided by public authorities as well; however, in this case, private detective activities are characterized by the fact that a subject providing this service is a private person, whose activities are aimed at profit. Investigation on behalf of another person makes private detective activities different from activities involving employment relations, where investigation can be carried out for the benefit of an employer; however, the results are not provided to third parties for a fee. Moreover, private detective activities are major commercial activities undertaken by a person. The primary aim of providing investigatory services to clients is to protect rights and property interests of these persons. Thus, individuals undertaking private detective activities should have certain skills that would enable them to provide services to clients properly, without prejudice to the rights of others. Private detective activities are also characterized by the fact that the main control of these activities is carried out by a consumer; however, ways in which information that is of interest to the client is collected are usually uncontrolled.  Global practice shows that most private detectives have worked in the public law enforcement sector, and services provided by them are related to the area of law enforcement; therefore, to make proper use of the assistance provided by such individuals in ensuring public safety and crime prevention, it is expedient to provide for the proper forms and ways of use of services of private detectives in meeting the needs of both individuals and the state. These arguments must be taken into account when providing for regulatory guidelines for private detective activities in Lithuania. It should be noted that, in the absence of legal regulation of private detective activities, anybody, including former police officers, members of organized criminal groups or any other person who does not have similar work experience, will be able to carry out an investigation, orders of banks, insurance companies, financial institutions, corporate entities without any control, regardless of the nature, ethical aspects of the order, and without any assessment of legitimacy of the provision of services. 
The country has established various ways to regulate private relationships. Broadly speaking, such regulation can be understood as the establishment of certain prohibitions to carry out activities without a permit or license, or a requirement to carry out activities in accordance with the relevant legislative acts. Such activities of the government are regarded as the state’s intervention in the economics. Usually, those who are subjected to regulation tend to raise questions as to additional burden on business and the lack of accountability of those who regulate the relationships; whereas, the latter ground the necessity of legal regulation on the purposes of reduction of violations of law. Therefore, when establishing guidelines for private detective activities in Lithuania, it is necessary to provide for such requirements, the stringency of which would be based in proportion to the attainability of the objectives pursued. The most economically beneficial way requiring the least intervention from the state is possible when the issues of private detective activities are left for self-regulation. Although self- regulation is generally more operative than the usual legal regulation, it is not formalized in detail: rules are changed with expedition, market changes are adapted to. However, it is assumed that this method is currently not suitable in Lithuania for several reasons. First of all, the number of private detectives working in Lithuania is rather small, their competency is not known. Second, in case of self- regulation, the content of decisions can be affected by the existing commercial interests, anti-competitive agreements are possible. Thus, it is believed that private detective activities in Lithuania should be regulated by means of an interference of the state, where legislative acts would establish the capacity of private detectives and provide for supervision of such activities. State intervention aimed at regulating private detective activities by means of separate legislative act is necessary for several reasons. First, private detectives working in Lithuania today offer services, the provision of which is impossible without violations of human rights. Thus, the adopted law would set out the list of services that can be provided by private detectives, which would allow for avoiding the provision of services that are in conflict with legislative acts. Accordingly, private detective activities can be undertaken by any person, regardless of education or knowledge of the law. In this case, it would be erroneous to think that in provision of private detective services these persons will follow the requirements of legislative acts, in particular those that govern the issues of respect for private life. Legal regulation of private detective activities is moreover necessary for the protection of consumer rights, so that a client applying to a private detective for his services could be sure that private detective has at least the minimum competencies necessary to perform the task. Accordingly, when applying to a private detective for the provision of services, he may be entrusted with important or personal data; therefore, granting the access to such data for persons related to criminal groups or those who have previous convictions for certain crimes, may lead to the use of data for criminal purposes. To obtain assistance from private detectives in the fight against crime or in the prevention of crime, it is necessary to deal with the issues of mutual cooperation of private detectives and public officials by law, in order to avoid situations, where, in collecting evidence for a case, private detectives may interfere with pre-trial investigation. For all of already stated reasons, private detective activities should be regulated by means of a separate law.
Bilius concludes
The existing situation in Lithuania, where private detective activities can be provided by any person, raises the question of whether such activities should be subject to a separate legal regulation due to the potential threat of violations of human rights, particularly the right to private life. Unlike usual commercial activities, private detective activities pose a greater threat to human rights for a variety of reasons: private detective services are closely related to the collection of information that is of interest to the client of a private detective. The collection of information involves a great risk that such information can be related to private lives of individuals protected by both national and international legislative acts. In Lithuania, private detectives can provide a variety of services, including the assistance to persons in various legal disputes; however, the collection of information related to private lives of individuals is rather restricted. Inasmuch as it is impossible to give an accurate definition of a private life of an individual, determining a violation of respect for a private life of an individual in each case requires the assessment of specific factual circumstances. 
The right of an individual to private life is not absolute. This right may be interfered with in order to protect other rights. However, in regard to private detective activities, private detectives are not authorized persons and it is impossible to determine in each case, whether the interests of a person using the services of the private detective are more important than those of other persons, which could lead to violations of their right to private life. The limits of an individual’s right to private life can be narrowed only by a specific person, by way of giving consent or making the circumstances of his private life publicly available. This is the only possibility for a private detective to collect information related to an individual’s private life. The existing legislative acts in Lithuania do not provide for a possibility for private subjects to collect personal data without the consent of the relevant person. Such right is granted only to public authorities and with the court’s permission. 
The lack of an accurate definition of a private life requires private detectives to have appropriate knowledge in this area, in order to avoid violations of this right due to improper education or competency of a private detective. At the same time, the state has a duty to take measures to ensure respect for and protection of human rights. Accordingly, the development of modern technologies, allowing for the use of various methods and means for the collection of information, encourages governments to amend the existing regulation in this area. Lithuania is no exception. It aims at adopting a law governing private detective activities. This is to be regarded as a timely and positive step, inasmuch as the country takes action prior to the occurrence of a number of violations of legislative acts caused by the unregulated private detective activities.

Adult Copyright

Intellectual property students, before going into mourning for Ronald Coase, have presumably noted the judgment [PDF] in Malibu Media LLC v Telefonica Germany GmbH & Ors in Regional Court of Munich (case reference: 7 O 22293/12 of 29 May 2013), attracting attention over the court's finding that because Malibu's films merely showed “sexual intercourse in a primitive way” they were “pure pornography” and thus not entitled to protection under German copyright law.

Malibu had obtained court orders to establish the IP addresses of German-based file-sharers of its films as the basis for damages claims for copyright infringement. Two of the defendants successfully responded that Malibu had not proven that it was the owner of the copyright and had failed to prove that its films had been distributed within Germany and thus under the German copyright regime.

The copyright status of obscene material remains a conundrum for theorists, with some for example claiming that there is in principle protection but that infringement is unenforceable.

'Copyright Protection V. Public Morality: The Copyright Protection Dilemma Of Pornography In A Global Context' by Seong Choul Hong in (2013) 8 Asian Journal of WTO and International Health Law and Policy 301 considers
copyright protection for pornography in a global context, using U.S. obscenity and copyright law as the primary frameworks for legal analysis. Specifically, it examines the relationship between copyright protection and public morals within those countries which prohibit pornography. Until the 1990s, Asian and Middle Eastern countries, which had lagged behind in terms of adopting communication technology such as video tape recorders, did not experience the sexual revolution that the Western societies have experienced from the 1960s. However, in recent years hard-core pornography has become a worldwide commodity owing to the spread of Internet technology and accelerated globalization. In spite of the fact that pirated pornography is rampant in the pornography prohibiting countries, pornography is still generally prohibited and the associated copyright protection are consequently ignored. Although public morality may be used as an ad-hoc reason for making pornography an exception to copyright law, the application of such a policy should be limited and not based on political elites' presumptions but rather on systematic surveys of public morality.
Hong comments that
One of the recent dilemmas in contemporary copyright law is found in disputes about pornography's ability to be copyrighted' in countries where it has been prohibited. The argument concerns with the relationship between international law and domestic law, free trade and public morality, and cosmopolitan and communitarian theories. pecifically are the World Trade Organization's Trade-Related Aspects of Intellectual Property Rights (the WTO's TRIPS) requests the protection of copyright holders' rights regarding the creation and distribution of cultural products including pornography. Contrary to these requests, domestic laws promulgated in many Asian and the Middle Eastern countries deny pornography's legality and reject it as materials that do qualify for copyright protection. This paper discusses copyright protection for pornography in a global context, using U.S. obscenity and copyright law as the primary framework for legal analysis. Specifically, the "contemporary community standards" criteria put forth by the U.S. Supreme Court in the Miller case is considered to be dispositive and is expected to provide useful implications for countries prohibiting pornography in the present globalized world. Pornography is a popular commodity and a cultural symbol in the United States and the Western world. However, no later than the 1960s, even in Western societies, the creation of pornography had traditionally been, not an absolute right, but subject to regulation and censorship. Although the U.S. Constitution does not specifically stipulate that a work must be free from obscenity before it is entitled to copyright protection, the courts presumed that a work was free of obscenity or indecency before its author could claim the benefits of copyright. It was in the late 1970s when a U.S. district court ruled that the simple assertion of obscenity was unsuitable for an affirmative defense to a copyright infringement claim. 
This ruling became a turning point for the judgment that whether or not pornography may be legally copyrighted. As a result, pornography then became a commodity and has burgeoned into a cultural symbol in the United States. By the year of 1985, the adult home video market, including both sales and rentals, was approaching US$1 billion, a figure that rose to an estimated US$3.1 billion in 1995. This figure has dramatically leaped to US$8.65 billion in 2006. In fact, the ruling reflects dramatic changes in sexual behavior owing to the growth of liberal ideas, the introduction of birth control pills, popularity of adult magazines, and the invention of video recorder technology in the 1960s and 1970s.  As the social climate changed, the courts began to adjust their concept of contemporary community standards in judging obscenity.  When the U.S. Supreme Court affirmed that obscene materials were not protected by the First Amendment in 1973, it had to include, at the same time, non-obscene pornography as a kind of speech under the protection of the First Amendment and the copyright laws. Owing to the content-neutral principle of copyright law, therefore, even obscene materials were subsequently allowed to be copyrighted. Recently, the U.S. pornography industry has expanded its territory beyond its national boundaries via the Internet. In particular, pornography and obscene materials are able to move freely through peer-to-peer ("P2P") file sharing networks. Thus, the "pornified society" has become a global phenomenon. Nonetheless, many countries still do not permit producing and distributing pornography, and in those countries copyright of pornography are commonly ignored, regardless of the prevalence of pornography. For such reason, the infringers of pornography copyright in aforementioned countries are mostly indicted for violation of obscenity laws, but not of copyright law. Even though these countries have promulgated copyright law, yet obtaining remedies for copyright infringement in the context of pornography remains rare. With a wide dissemination of Internet technology, accelerated globalization and the continuing expansion of free-trade agreements ("FTAs"), the uneasy cohabitation of pornography and copyright began to be threatened. For example, Japanese and U.S. pornography producers claimed that the copyright of their pornography was infringed in Korea in 2009 and in Taiwan in 2010.
How can we explain the different application of copyright law between the pornography-permitting countries and the pornography-prohibiting countries? How can we reconcile the conflicting interests between copyright holders and public morality? In order to answer these questions, Part I of the current study explores the development of pornography copyright in the United States at three distinct stages: the separation of pornography from obscenity; its acquired legitimacy; and its qualification as an exclusively reproducible right, since the defensive claims against copyright infringements have lost their effectiveness through the above mentioned stages.
Then, in Part II, this study investigates how the copyrighting of pornography functions in those countries where pornography has been historically prohibited. Considering the fact that the widespread dissemination of pirated pornography in pornography prohibiting countries has led to potential trade disputes, quite beyond the moral and social issue, the copyrightability of pornography is an ongoing controversy in urgent need of being settled, regardless of what the legal status of pornography might be in those countries. Thus, the current study suggests that those countries must reconsider their current obscenity laws and to distinguish acceptable pornography and unacceptable obscene materials in legal terms, while in consistent with contemporary community standards. Once the people of a country are exposed to pornography and their moral values have been altered by such exposure, the country should modify their relevant laws and embrace the copyrighting of pornography. However, if the average adults in such a country are strongly opposed to hard-core pornography, it may consider the public morality exceptions as an ad-hoc measure in response to conflicts over copyrighted pornographic material. Nonetheless, the exception should be not abused and must be employed in a limited fashion, as an ad-hoc policy.