May 30, 2024

No Warrant Necessary to Seize Your Laptop

The U.S. Customs may search your laptop and copy your hard drive when you cross the border, according to their policy. They may do this even if they have no particularized suspicion of wrongdoing on your part. They claim that the Fourth Amendment protection against warrantless search and seizure does not apply. The Customs justifies this policy on the grounds that “examinations of documents and electronic devices are a crucial tool for detecting information concerning” all sorts of bad things, including terrorism, drug smuggling, contraband, and so on.

Historically the job of Customs was to control the flow of physical goods into the country, and their authority to search you for physical goods is well established. I am certainly not a constitutional lawyer, but to me a Customs exemption from Fourth Amendment restrictions is more clearly justified for physical contraband than for generalized searches of information.

The American Civil Liberties Union is gathering data about how this Customs enforcement policy works in practice, and they request your help. If you’ve had your laptop searched, or if you have altered your own practices to protect your data when crossing the border, staff attorney Catherine Crump would be interested in hearing about it.

Meanwhile, the ACLU has released a stack of documents they got by FOIA request.
The documents are here, and their spreadsheets analyzing the data are here. They would be quite interested to know what F-to-T readers make of these documents.

ACLU Queries for F-to-T readers:
If the answer to any of the questions below is yes, please briefly describe your experience and e-mail your response to laptopsearch at aclu.org. The ACLU promises confidentiality to anyone responding to this request.
(1) When entering or leaving the United States, has a U.S. official ever examined or browsed the contents of your laptop, PDA, cell phone, or other electronic device?

(2) When entering or leaving the United States, has a U.S. official ever detained your laptop, PDA, cell phone, or other electronic device?

(3) In light of the U.S. government’s policy of conducting suspicionless searches of laptops and other electronic devices, have you taken extra steps to safeguard your electronic information when traveling internationally, such as using encryption software or shipping a hard drive ahead to your destination?

(4) Has the U.S. government’s policy of conducting suspicionless searches of laptops and other electronic devices affected the frequency with which you travel internationally or your willingness to travel with information stored on electronic devices?

Information Technology Policy in the Obama Administration, One Year In

[Last year, I wrote an essay for Princeton’s Woodrow Wilson School, summarizing the technology policy challenges facing the incoming Obama Administration. This week they published my follow-up essay, looking back on the Administration’s first year. Here it is.]

Last year I identified four information technology policy challenges facing the incoming Obama Administration: improving cybersecurity, making government more transparent, bringing the benefits of technology to all, and bridging the culture gap between techies and policymakers. On these issues, the Administration’s first-year record has been mixed. Hopes were high that the most tech-savvy presidential campaign in history would lead to an equally transformational approach to governing, but bold plans were ground down by the friction of Washington.

Cybersecurity : The Administration created a new national cybersecurity coordinator (or “czar”) position but then struggled to fill it. Infighting over the job description — reflecting differences over how to reconcile security with other economic goals — left the czar relatively powerless. Cyberattacks on U.S. interests increased as the Adminstration struggled to get its policy off the ground.

Government transparency: This has been a bright spot. The White House pushed executive branch agencies to publish more data about their operations, and created rules for detailed public reporting of stimulus spending. Progress has been slow — transparency requires not just technology but also cultural changes within government — but the ship of state is moving in the right direction, as the public gets more and better data about government, and finds new ways to use that data to improve public life.

Bringing technology to all: On the goal of universal access to technology, it’s too early to tell. The FCC is developing a national broadband plan, in hopes of bringing high-speed Internet to more Americans, but this has proven to be a long and politically difficult process. Obama’s hand-picked FCC chair, Julius Genachowski, inherited a troubled organization but has done much to stabilize it. The broadband plan will be his greatest challenge, with lobbyists on all sides angling for advantage as our national network expands.

Closing the culture gap: The culture gap between techies and policymakers persists. In economic policy debates, health care and the economic crisis have understandably taken center stage, but there seems to be little room even at the periphery for the innovation agenda that many techies had hoped for. The tech policy discussion seems to be dominated by lawyers and management consultants, as in past Administrations. Too often, policymakers still see techies as irrelevant, and techies still see policymakers as clueless.

In recent days, creative thinking on technology has emerged from an unlikely source: the State Department. On the heels of Google’s surprising decision to back away from the Chinese market, Secretary of State Clinton made a rousing speech declaring Internet freedom and universal access to information as important goals of U.S. foreign policy. This will lead to friction with the Chinese and other authoritarian governments, but our principles are worth defending. The Internet can a powerful force for transparency and democratization, around the world and at home.

Robots and the Law

Stanford Law School held a panel Thursday on “Legal Challenges in an Age of Robotics“. I happened to be in town so I dropped by and heard an interesting discussion.

Here’s the official announcement:

Once relegated to factories and fiction, robots are rapidly entering the mainstream. Advances in artificial intelligence translate into ever-broadening functionality and autonomy. Recent years have seen an explosion in the use of robotics in warfare, medicine, and exploration. Industry analysts and UN statistics predict equally significant growth in the market for personal or service robotics over the next few years. What unique legal challenges will the widespread availability of sophisticated robots pose? Three panelists with deep and varied expertise discuss the present, near future, and far future of robotics and the law.

The key questions are how robots differ from past technologies, and how those differences change the law and policy issues we face.

Three aspects of robots seemed to recur in the discussion: robots take action that is important in the world; robots act autonomously; and we tend to see robots as beings and not just machines.

The last issue — robots as beings — is mostly a red herring for our purposes, notwithstanding its appeal as a conversational topic. Robots are nowhere near having the rights of a person or even of a sentient animal, and I suspect that we can’t really imagine what it would be like to interact with a robot that qualified as a conscious being. Our brains seem to be wired to treat self-propelled objects as beings — witness the surprising acceptance of robot “dogs” that aren’t much like real dogs — but that doesn’t mean we should grant robots personhood.

So let’s set aside the consciousness issue and focus on the other two: acting in the world, and autonomy. These attributes are already present in many technologies today, even in the purely electronic realm. Consider, for example, the complex of computers, network equipment, and software make up Google’s data centers. Its actions have significant implications in the real world, and it is autonomous, at least in the sense that the panelists seemed to using the term “autonomous” — it exhibits complex behavior without direct, immediate human instruction, and its behavior is often unpredictable even to its makers.

In the end, it seemed to me that the legal and policy issues raised by future robots will not be new in kind, but will just be extrapolations of the issues we’re already facing with today’s complex technologies — and not a far extrapoloation but more of a smooth progression from where we are now. These issues are important, to be sure, and I was glad to hear smart panelists debating them, but I’m not convinced yet that we need a law of the robot. When it comes to the legal challenges of technology, the future will be like the past, only more so.

Still, if talking about robots will get policymakers to pay more attention to important issues in technology policy, then by all means, let’s talk about robots.

A "Social Networking Safety Act"

At the behest of the state Attorney General, legislation to make MySpace and Facebook safer for children is gaining momentum in the New Jersey State Legislature.

The proposed Social Networking Safety Act, heavily marked-up with floor amendments, is available here. An accompanying statement describes the Legislative purpose. Explanations of the floor amendments are available here.

This bill would deputize MySpace and Facebook to serve as a branch of law enforcement. It does so in a very subtle way.

On the surface, it appears to be a perfectly reasonable response to concerns about cyberbullies in general and to the Lori Drew case in particular. New Jersey was the first state in the nation to pass Megan’s Law, requiring information about registered sex offenders to be made available to the public, and state officials hope to play a similar, pioneering role in the fight against cyberbullying.

The proposed legislation creates a civil right of action for customers who are offended by what they read on MySpace or Facebook. It allows the social network provider to sue customers who post “sexually offensive” or “harassing” communications. Here’s the statutory language:

No person shall transmit a sexually offensive communication through a social networking website to a person located in New Jersey who the actor knows or should know is less than 13 years of age, or is at least 13 but less than 16 years old and at least four years younger than the actor. A person who transmits a sexually offensive communication in violation of this subsection shall be liable to the social networking website operator in a civil action for damages of $1,000, plus reasonable attorney’s fees, for each violation. A person who transmits a sexually offensive communication in violation of this subsection shall also be liable to the recipient of the communication in a civil action for damages in the amount of $5,000, plus reasonable attorney’s fees, or actual damages…

The bill requires social network providers to design their user interfaces with icons that will allow customers to report “sexually offensive” or “harassing” communications:

A social networking website operator shall not be deemed to be in violation … if the operator maintains a reporting mechanism available to the user that meets the following requirements: (1) the social networking website displays, in a conspicuous location, a readily identifiable icon or link that enables a user or third party to report to the social networking website operator a sexually offensive communication or harassing communication transmitted through the social networking website.

Moreover, the social network provider must investigate complaints, call the police when “appropriate” and banish offenders:

A social networking website operator shall not be deemed to be in violation … if … (2) the operator conducts a review, in the most expedient time possible without unreasonable delay, of any report by a user or visitor, including investigation and referral to law enforcement if appropriate, and provides users and visitors with the opportunity to determine the status of the operator’s review or investigation of any such report.

Finally, if the social network provider fails to take action, it can be sued for consumer fraud:

[I]t shall be an unlawful practice and a violation of P.L.1960, c.39 (C.56:8-1 et seq.) [the state Consumer Fraud Act] for a social networking website operator to fail to revoke, in the most expedient time possible without unreasonable delay, the website access of any user or visitor upon receipt of information that provides a reasonable basis to conclude that the visitor has violated [this statute]”

So what’s the problem? It’s not a criminal statute, and we do want to shut down sex offenders and cyberbullies. How could anyone object to this proposed measure?

First, the proposed law puts a special burden on one specific type of technology. It’s as if the newfangledness of social networking—and its allure for kids—have made it a special target for our fears about sex offenders and cyberbullies. No similar requirements are being placed on e-mail providers, wikis, blogs or the phone company.

Second, it deputizes private companies to do the job of law enforcement. Social network providers will have to evaluate complaints and decide when to call the police.

Third, it’s the thin edge of the wedge. If social network providers have to investigate and report criminal activity, they will be enlisted to do more. Today, sex offenders and cyberbullies. Tomorrow, drug deals, terrorist threats and pornography.

Fourth, this raises First Amendment concerns. Social network providers, if they are called upon to monitor and punish “offensive” and “harassing” speech, effectively become an arm of law enforcement. To avoid the risk of lawsuits under the Consumer Fraud Act, they will have an incentive to ban speech that is protected under the First Amendment.

Fifth, the definitions of “offensive” and “harassing” are vague. The bill invokes the “reasonable person” standard, which is okay for garden-variety negligence cases, but not for constitutional issues like freedom of speech. It’s not clear just what kinds of communication will expose customers to investigation or liability.

If the bill is enacted, MySpace and Facebook could mount a legal challenge in federal court. They could argue that Congress intended to occupy the field of internet communication, and thus pre-empt state law, when it adopted the Communications Decency Act (CDA), 47 U.S.C. § 230(c)(1).

The bill probably violates the Dormant Commerce Clause as well. It would affect interstate commerce by differentially regulating social networking websites. Social networking services outside New Jersey can simply ignore the requirements of state law. Federal courts have consistently struck down these sorts of laws, even when they are designed to protect children.

In my opinion, the proposed legislation projects our worst fears about stalkers and sex predators onto a particular technology—social networking. There are already laws that address harassment and obscenity, and internet service providers are already obliged to cooperate with law enforcement.

Studies suggest that for kids online, education is better than restriction. This is the conclusion of the Internet Safety Technical Task Force of State Attorneys General of the United States, Enhancing Child Safety and Online Technologies. According to another study funded by the MacArthur Foundation, social networking provides benefits, including opportunities for self-directed learning and independence.

Tech Policy Challenges for the Obama Administration

[Princeton’s Woodrow Wilson School asked me to write a short essay on information technology challenges facing the Obama Administration, as part of the School’s Inaugural activities. Here is my essay.]

Digital technologies can make government more effective, open and transparent, and can make the economy as a whole more flexible and efficient. They can also endanger privacy, disrupt markets, and open the door to cyberterrorism and cyberespionage. In this crowded field of risks and opportunities, it makes sense for the Obama administration to focus on four main challenges.

The first challenge is cybersecurity. Government must safeguard its own mission critical systems, and it must protect privately owned critical infrastructures such as the power grid and communications network. But it won’t be enough to focus only on a few high priority, centralized systems. Much of digital technology’s value—and, today, many of the threats—come from ordinary home and office systems. Government can use its purchasing power to nudge the private sector toward products that are more secure and reliable; it can convene standards discussions; and it can educate the public about basic cybersecurity practices.

The second challenge is transparency. We can harness the potential of digital technology to make government more open, leading toward a better informed and more participatory civic life. Some parts of government are already making exciting progress, and need high-level support; others need to be pushed in the right direction. One key is to ensure that data is published in ways that foster reuse, to support an active marketplace of ideas in which companies, nonprofits, and individuals can find the best ways to analyze, visualize, and “mash up” government information.

The third challenge is to maintain and increase America’s global lead in information technology, which is vital to our prosperity and our role in the world. While recommitting to our traditional strengths, we must work to broaden the reach of technology. We must bring broadband Internet connections to more Americans, by encouraging private-sector investment in high-speed network infrastructure. We must provide better education in information technology, no less than in science or math, to all students. Government cannot solve these problems alone, but can be a catalyst for progress.

The final challenge is to close the culture gap between politicians and technology leaders. The time for humorous anecdotes about politicians who “don’t get” technology, or engineers who are blind to the subtleties of Washington, is over. Working together, we can translate technological progress into smarter government and a more vibrant, dynamic private sector.