Henry N. Ess III Chair Lecture Notes

I’m preparing for a lecture tonight at Harvard Law School.  Here’s the abstract:

The Path of Legal Information

November 9, 2010

I propose a path toward a new legal information environment that is predominantly digital in nature.  This new era grows out of a long history of growth and change in the publishing of legal information over more than nine hundred years years, from the early manuscripts at the roots of English common law in the reign of the Angevin King Henry II; through the early printed treatises of Littleton and Coke in the fifteenth, sixteenth, and seventeenth centuries, (including those in the extraordinary collection of Henry N. Ess III); to the systemic improvements introduced by Blackstone in the late eighteenth century; to the modern period, ushered in by Langdell and West at the end of the nineteenth century.  Now, we are embarking upon an equally ambitious venture to remake the legal information environment for the twenty-first century, in the digital era.

We should learn from advances in cloud computing, the digital naming systems, and youth media practices, as well as classical modes of librarianship, as we envision – and, together, build – a new system for recording, indexing, writing about, and teaching what we mean by the law.  A new legal information environment, drawing comprehensively from contemporary technology, can improve access to justice by the traditionally disadvantaged, including persons with disabilities; enhance democracy; promote innovation and creativity in scholarship and teaching; and promote economic development.  This new legal information architecture must be grounded in a reconceptualization of the public sector’s role and draw in private parties, such as Google, Amazon, Westlaw, and LexisNexis, as key intermediaries to legal information.

This new information environment will have unintended – and sometimes negative – consequences, too.  This trajectory toward openness is likely to change the way that both professionals and the public view the law and the process of lawmaking.  Hierarchies between those with specialized knowledge and power and those without will continue its erosion.  Lawyers will have to rely upon an increasingly broad range of skills, rather than serving as gatekeepers to information, to command high wages, just as new gatekeepers emerge to play increasingly important roles in the legal process.  The widespread availability of well-indexed digital copies of legal work-products will also affect the ways in which lawmakers of all types think and speak in ways that are hard to anticipate.  One indirect effect of these changes, for instance, may be a greater receptivity on the part of lawmakers to calls for substantive information privacy rules for individuals in a digital age.

An effective new system will not emerge on its own; the digital environment, like the physical, is a built environment.  As lawyers, teachers, researchers, and librarians, we share an interest in the way in which legal information is created, stored, accessed, manipulated, and preserved over the long term.  We will have to work together to overcome several stumbling blocks, such as state-level assertions of copyright.  As collaborators, we could design and develop it together over the next decade or so.  The net result — if we get it right — will be improvements in the way we teach and learn about the law and how the system of justice functions.

Joel Reidenberg: Transparent Citizens and the Rule of Law

Prof. Joel Reidenberg (Fordham Law; director of the Center on Law and Information Policy) starts out a luncheon talk at the Berkman Center’s Law Lab with a provocative opening theme: Transparency challenges the very existence of the Rule of Law. Some hasty/live-blogged notes follow:

As a practical matter, in the cloud era, we’ve lost the practical obscurity of information about all of us.  What used to exist about us, but in private/not-that-accessible form, is now accessible and associate-able with an individual.  We now have transparent citizens, Reidenberg contends.

How does this challenge the rule of law, he wonders?  The data that are included in the TIA and other state databases come from third-parties, outside the warrant process (the third-party data problem).  The state doesn’t have to spend the same amount of time or money to gather a great deal of information about each of us.  Fusion centers are another prime example of this phenomenon, Reidenberg argues.  Fusion centers use data from private sector parties to determine who should be a suspect, as opposed to the historical approaches to determining suspects and then gathering data.  The state does not have to adhere as faithfully to the rule of law in their law enforcement practices.

We have a transparency challenge, says Reidenberg.  Enhanced cryptography can allow people to carry out acts anonymously, he points out; ditto for the Cohen case in New York with Blogger, Juicy Campus, and so forth.  People are hiding behind anonymity to carry out wrong-doing.  As the public perceives more and more surveillance, wrong-doers will use more robust tools to maintain anonymity — making it harder for the state to catch the real bad guys and to protect the rule of law among the citizenry broadly.

There’s a transparency challenge to the rule of law, as well, Reidenberg argues.  The dossier on Justice Scalia that Prof. Reidenberg’s class pulled together.  Secondary use is a major issue when it comes to public data.  Students could easily pull together a dossier on a major figure by using the transparency that government insists on with respect to information about each of us.  A related example: social networking and judges, in the case of a Staten Island-based judge who is friends with those who appear before him.  (Is there a difference between LinkedIn and Facebook?  And/or: do we really want our judges “unplugged” if we tell them they cannot be friends with anyone online?  What about the jury pool and public friendship networks?  Lawyers googling potential jurors outside of voir dire?  Puts me in mind of Prof. Charles Nesson’s American jury seminar this semester at HLS.)

Reidenberg concludes with the “re-instantiation of the Rule of Law.”  We need to focus on a norm of data misuse, he argues.  Knowledge for some purposes is fine; knowledge for other purposes is not OK.  Reidenberg’s argument here points toward seeking to re-engineer practical obscurity into the technical network.  He cites to Helen Nissenbaum’s contextual integrity argument as support for this concept.  (It’s much in the spirit of our work on the Youth Media Policy project, where we’re trying to translate the data about youth online digital media practices into good policy proposals.)

This talk by Reidenberg proves to be extremely provocative to the Law Lab crowd assembled here.  A spirited discussion starts up during the question period.  Just as a few examples of types of push-back: John Clippinger, the law lab’s co-director, says that he agrees with Reidenberg’s analysis but disagrees in terms of what to do about it.  It’s the wrong time to prescribe solutions right now, Clippinger charges, especially with norms in flux as they are right now.  Julie Cohen (Georgetown law prof who is a visiting professor here at HLS this year), who spoke here in the Berkman Center lunch series just last week, was talking about the virtues of “semantic discontinuity” in response to similar privacy concerns.  The communication process leads to a much finer granularity of information as well as new forms of metadata creation and re-assembly, which in turn makes it difficult to operate in proper contexts, argues Urs Gasser (in a quite wonderful series of questions).  Joel’s limited purpose knowledge regime, he argues, is up against a loss of the rule of law (though Clippinger thinks you don’t have to frame it that way; and Cohen pushes on what he means by the “rule of law”; and Clippinger comes back to the private law mesh of contracts-type of regime as preferable).  Professor Harry Lewis (SEAS at Harvard) wants to know how all this will affect the extensive private surveillance regime and whether law should come into the picture to restrict the use of these privately-collected data.  (My question: would you close the third-party data loophole with respect to state access to privately-collected data without 4th Amendment protections?  Yes, said Reidenberg.)

Just based on the last few weeks of lunches around the Berkman Center, I’m coming up in my mind with a dream seminar on these topics.  For starters, I’d have Joel Reidenberg, Julie Cohen, and Jonathan Zitttrain; present each of them with a common set of hard Internet law problems; and ask them to apply their big-picture theories to their resolution.  I suspect we’d get some extremely interesting, and different approaches, to adjusting the law, technology and norms to fit better with the digital age.  I can imagine there are others to invite to the party, too…

Julie Cohen: Configuring the Networked Self

At the Berkman Center, we are hearing a preview of key elements of Prof. Julie Cohen‘s forthcoming book, Configuring the Networked Self.   Some hasty live-blog notes follow:

Prof. Cohen tells us that there are two disconnects that she starts with: 1) there are lots of invocations of “freedom” being floated around, but many of the results in the political and technical processes seem antithetical to the interests of the communities involved; and, 2) while the free culture debate is all about openness, it’s impossible (or at least difficult) to imagine how privacy claims may be contemplated in the context of all this openness.

What’s puzzling, to Cohen, about these disconnects that has led her to major substantive and methodological claims: we make these laws and policies about freedom within the frame of liberal political theory, invoking terms like autonomy and freedom and presumptions like rational choice as the dominant terms of the discourse.  We ought to be focusing instead on the experienced geography of the networked society, where people are living in cultures, living in ways that are mediated by technologies.  We don’t have very good tools to ask and answer those questions.  We’re led to start with the presumption that individuals are autonomous and separate from culture.  It’s difficult to say things about how more or less privacy will result in meaningful, significant consequences for how we experience our culture and how political discourse works from there.

On to the methodological question: lots of people are working on these questions in related fields, and we in legal scholarship often don’t pay enough attention to what they are learning (say, in cultural theory, STS, other fields described by legal scholars in pejorative terms of “post-modernist” and otherwise).  We need to understand what Cohen calls “situated embodied users” and how they experience information technologies in order to inform law and policy in this field better.  Cohen’s “normative prior”: We should promote law and policy that promote human flourishing (network neutrality, access to knowledge, access to culture as precursors for participation in public life).  But Cohen also tells us that she parts company with those who expound this theory where they seek to embed it in liberal political theory.  We should reconcile — or live with — tensions in legal and policy problems by looking to these “post-modern” fields and ask what they can tell us.  We should ask what kinds of guarantees the law ought to provide.

Where does this process lead us?  Think about Access to Knowledge, Cohen says: it’s nice, but it doesn’t get you as far as you need for human flourishing.  It doesn’t guarantee you rights of re-use in creative materials or rights of privacy, for instance.  There are further structural preconditions for human flourishing that we need to ensure.  Two in particular: 1) operational transparency: it’s not enough to know what is being collected about you, you need to know how it’s going to be used; and 2) semantic discontinuity: a vital structural element of the networked information economy: e.g., copyright, you need incompleteness in the law and policy regime that affords room for play.  In privacy, you need space left over for identity play, for engagement in unpredictable activity.  In architecture, seamless interoperability is all to the good in some ways, but not good for privacy, for instance.  Data about you would therefore move around and around and around without your knowing about it.  Human beings benefit, Cohen argues, from structural discontinuity.

This is going to be a fascinating and important book.  And I’m eager to think through how Cohen’s claims relate to JZ’s in Future of the Internet once I’ve read Cohen’s new work.

Reader Privacy Event at UNC-Chapel Hill

Anne Klinefelter, the beloved law library director at UNC-Chapel Hill (you should hear her dean introduce her; really!), is hosting a Data Privacy Day event on reader privacy.  She makes the case in her opening panel remarks that, if we wish to translate library practices with respect to privacy into a digital world, we need to figure out how to translate not just law but also ethics.  Anne argues that the law needs updating to keep up with new research practices of today’s library users, especially as we shift from a world (primarily) of checking out books to a world (primarily) of accessing databases.  Her analysis of the 48 state laws with respect to user data privacy shows that the statutes vary in substance, in coverage, and in enforcement.  Anne’s closing point is a great one: if we’re in the business of translating these rules of library protection of user data, we need to bring the ethical code and norms along as well.

Jane Horvath (Google) and Andrew McDiarmid (CDT) take up the Google Books Search Settlement and its privacy implications.  Jane emphasized the protections for user privacy built into book search.  She also emphasized ECPA and the need to update it to protect reader privacy.  Google, she says, is “calling for ECPA reform.  It really is necessary now.”

Andrew described, diplomatically and clearly, the privacy concerns that CDT has with respect to the Google Books Search Settlement (which CDT thinks should be approved; EFF, the Samuelson Clinic, and the ACLU of Northern California have similar concerns, but oppose approval of the settlement).  The critiques that Andrew described are not limited to Google’s activities, he noted; Amazon and others need to address the same issues.  Andrew worries about the potential development of (too?) rich user profiles that may be the target of information requests for law enforcement and civil litigants.  Rather than regulate Google as a library, Andrew argues, we should focus on the kinds of safeguards that CDT would like to see apply.  The best recent restatement of Fair Information Practices is by the DHS, says Andrew.  Eight principles should apply: Transparency, individual participation (including the right to correct it), purpose specification, minimization, use limitation,  data quality and integrity, security, accountability and auditing.  CDT would like to see Google commit to specific protections in alignment with these eight principles.

Tidbits from Navigate 2008 Day One

It’s Day One at Navigate 2008. Trevor Hughes and his crack team at the IAPP have established a space for thinking not about what’s urgeny, but about what’s important when it comes to privacy. The key for the event is to think big about privacy. The goal is to contribute to the global dialogue. (For me, kids, technology, and the future are on the brain because of Born Digital coming out, so the frame I bring to it is the future systems that we are building to protect our children and grandchildren.)


Meta tidbit: Going meta, briefly, on the emerging art of conference blogging. I’ve been wondering: What’s the optimal amount of blogging of a conference, in terms of frequency, length, and topic? JZ says the goal should not be coverage, but to exposure worthy tidbits. That’s to say, as many as a few posts a day if there are worthy things to say, or no posts if the conference totally stinks. (JZ is blogging a key aspect of Hal Abelson’s provocation so we can see what he means by a “tidbit” when that’s up.)

Process/experimentation tidbit: there are three breakout groups, each using MindManager in the breakout rooms. From a mission-control, a few of us have a view across the three MindMaps through a networking tool called MindJet. It works great for viewing all the conversations as they emerge in real-time. It also lets one intervene from the center — but that is not necessarily welcome, it seems, as the MindManager scribes have enough to do to keep track of the conversation, and chatting with the curators doesn’t seem to help their focus much. It’s cool to be able to intervene and to ask clarifying questions, but not necessarily productive to the whole, it seems. It’s great to be trying this out in real-time, though.

Substantive tidbit: from the first session, part of MIT prof Hal Abelson’s provocation. In the end, the way to go is to build accountable information systems, says Hal. He cited a letter he (and many of us) got from Bank of America which said that data about some customers had escaped from a third-party location and that B of A is tracking our accounts to see if anything is going wrong as a result. Hal says that this may be lawful, but it’s not accountable. He wants to know more: who had the data, why they had it, what it was, what happened in the breach, what risks he is running as a result, and so forth. He also says not to worry so much about the collection or mining of the data, but rather about decisions made about you based on these data. (I have a sense already that this is not a consensus view among other attendees — to be tested out!)

A final Bostonian’s tidbit, off to the side: In the command-central room for IAPP, there’s a side conversation about the MBTA’s Charlie Tickets v. Charlie Cards. These are the cards you buy to go on the Boston-area subway system. If you use an Charlie Ticket, rather than a Charlie Card, you pay more per ride, but there’s little chance your movements could be tracked, so one way to see it is that there’s a explicit premium per ride for your privacy. Richard Stallman has an alternate approach, apparently: swapping zero-value CharlieCards to frustrate any user tracking while not having to pay the privacy premium.

Navigating Privacy

Jonathan Zittrain and I are headed up to seacoast New Hampshire to be the “curators” of the IAPP’s new executive forum, Navigate, for the first few days of the week. It’s a beautifully organized program and a terrific line-up. It promises to be provocative and a lot of fun.

Privacy turned out to be a major part of our research into how young people use new technologies differently from their parents and grandparents. In our book, Born Digital (coming out in the next few weeks; and now the book’s website from the publisher is up), we started with a single chapter on Privacy and ended up with three: Identity, Dossiers, and Privacy. (Berkman summer intern Kanu Tewari made a video rendition of our Dossiers chapter; and the project’s wiki has a section on Privacy.) I look forward to testing those ideas with a bunch of privacy pros who will no doubt help to refine them.

As a special bonus: They’ve partnered with the MindJet people — makers of MindManager, which I love — to document the event and to extract key themes in an organized digital format. I’m looking forward to learning some MindManager tricks.

Daniel Solove's The Future of Reputation

The first book I’ve read in full on my Amazon Kindle is Daniel Solove‘s “The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.” It’s a book I’ve been meaning to read since it came out; it did not disappoint. I was glad to have the joint experience of reading a first full book on the Kindle and of enjoying Solove’s fine work in the process.

Before I picked up “The Future of Reputation,” Solove had already played an important part in my own thinking about online privacy. The term that he coined in a previous book, “digital dossiers,” is a key building-block for the chapter of the same topic in Born Digital, which Urs Gasser and I have just finished (coming out in August). Solove advanced the ball in a helpful way, building on and refining previous scholarship of his own and that of Jonathan Zittrain, Paul Schwartz, Simson Garfinkel and others.

This book has the great virtue of being accessible to a reader who is not a privacy expert as well as being informative to those who know a good bit about it to begin with. Solove repeats a lot of lines that one has heard many times before (for instance, at the outset of Chapter 5, Scott McNealy’s line: “You already have zero privacy. Get over it.”), but also introduces some new ideas to the mix. It’s good on the theory, but it also offers practical policy guidance. He also poses good questions that could help anyone who wants to think more seriously about how to manage their reputation in a digital age.

One other thing I appreciated in particular: Solove is clearly a voracious reader and does an excellent job of situating his own thoughts in within the works and thought of others (variously Henry James and Beecher; Burr and Hamilton; Warren and Brandeis; Brin, Johnson & Post, and Gates) and in historical context, which I much enjoyed.

As for the Kindle itself: it’s fine. I don’t love it, but I also have found myself bringing it on planes with me lately, loaded up with a bunch of books that I’ve been meaning to read. So far, the battery life has been poor (might be my poor re-charging practices), so that the technology of the Kindle is sometimes less good than the technology of the classic book (which cannot run out of batteries in the middle of a long-haul flight, as my Kindle always seems to). The eInk is soft on the eyes; no problem there. The next and previous page functionality is fine, and the bookmark works pretty well. And FWIW, I’ve now got Mark Bauerlein’s “The Dumbest Generation: How the Digital Age Stupefies Young Americans and Jeopardizes Our Future (Or, Don’t Trust Anyone Under 30)” on there, which is up next for a review — as its premise cuts against the grain of Born Digital.  One advantage of the Kindle is cost, once you have device: the Solove and Bauerlein books cost a mere $9.99 each.