NYU School of Law

Fall 2009 Colloquium Schedule

A Workshop on Federal Privacy Legislation

Chair: Ira Rubinstein, NYU School of Law
Co-Chairs: Helen Nissenbaum, Department of Media, Culture & Communication, NYU; Katherine Strandburg, NYU School of Law

Abstract: Join us for this workshop where experts from academia, industry, government, and public interest advocacy organizations will examine comprehensive federal privacy legislation under consideration by Congress. Panelists will begin the day by reviewing current bills and offering an informed analysis and debate concerning the more controversial issues such as preemption, remedies, access and choice, and safe harbors.  The morning will continue with a discussion of whether fair information practices (FIPs) should remain the foundation of privacy legislation or need to be modified or abandoned. The afternoon panels will examine emerging issues such as social networking, collective privacy and behavioral advertising and assess how well any proposed bills address these new concerns. There will also be keynote speeches by top FTC officials and participation in panels by key Congressional staffers. Our aim is to achieve meaningful progress toward a well-rounded understanding of pending legislation and perhaps even to resolve some outstanding issues. The panelists represent diverse viewpoints and we anticipate and welcome a robust debate.

Space is limited. Email Nicole Arzt at arztn@exchange.law.nyu.edu to register for this workshop.

Full Program [pdf]

8:45 – 11:45 Panel One: Disputed Issues in Federal Privacy Legislation
Joel Reidenberg, Fordham School of Law (moderator)
 
8:45 – 10:15
Access and Choice
Safe Harbors: Ira Rubinstein, Privacy, Self-Regulation and Statutory Safe Harbors

10:35 – 11:45
Preemption: Paul Schwartz, Preemption and Privacy, 118 Yale Law Journal 902 (2009)
American Bankers Association v. Brown:
Petition for Writ of Certiorari (Robert Long)
Respondent’s Brief
Issue: Whether FCRA preempts the California Financial Information Privacy Act, to the extent the state law restricts the exchange among affiliated financial institutions of information on consumers.)

Remedies: Chris Hoofnagle, Privacy Remedies
 
11:45 – 12:30 Panel Two: Potential Shortcomings in Baseline Privacy Legislation and Possible Solutions (Beyond FIPS?)
Anita Allen, University of Pennsylvania Law School (moderator)
 
Deirdre Mulligan, Reframing Privacy: Regulators and Firms in the Evolution of a New American Metric
 
2:00 – 3:15 Panel Three: Emerging Issues - Social Networking and Collective Privacy
Katherine Strandburg, NYU School of Law (moderator)
 
Danielle Citron, The One-Way Mirror: Securing Participation and Privacy for Government 2.0
James Grimmelmann, Saving Facebook
Lior Strahilevitz, Collective Privacy (chapter in forthcoming book but not currently available for distribution)
 
Break: 3:15 – 3:45
 
3:45 – 5:30 Panel Four: Emerging Issues - Behavioral targeting
Katherine Strandburg, NYU School of Law (moderator)
 
Jane Horvath, Privacy
Helen Nissenbaum, PrivAds: Privacy Preserving Targeted Advertising

Viktor Mayer-Schönberger is Associate Professor at the Lee Kuan Yew School of Public Policy and Director of the Information + Innovation Policy Research Centre. His research focuses on the role of information in a networked economy. Before coming to the LKYSPP he spent ten years on the faculty of Harvard¹s Kennedy School of Government. In addition to "Delete - The Virtue of Forgetting in the Digital Age", Mayer-Schönberger has published seven books, and over a hundred journal articles (including in SCIENCE) and book chapters. A native Austrian, Professor Mayer-Schönberger founded Ikarus Software in 1986, a company focusing on data security, and developed Virus Utilities, which became the best-selling Austrian software product. He was voted Top-5 Software Entrepreneur in Austria in 1991 and Person-of-the-Year for the State of Salzburg in 2000. He chairs the Rueschlikon Conference on Information Policy, is the cofounder of the SubTech conference series, and served on the ABA/AALS National Conference of Lawyers and Scientists. He holds a number of law degrees, including one from Harvard and an MS (Econ) from the London School of Economics. In his spare time, he likes to travel, go to the movies, and learn about architecture.

Abstract: DELETE: THE VIRTUE OF FORGETTING IN THE DIGITAL AGE (October 2009). DELETE argues that in our quest for perfect digital memories where we can store everything from recipes and family photographs to work emails and personal information, we’ve put ourselves in danger of losing a very human quality—the ability and privilege of forgetting. Our digital memories have become double-edged swords—we expect people to “remember” information that is stored in their computers, yet we also may find ourselves wishing to “forget” inappropriate pictures and mis-addressed emails. And, as Mayer-Schönberger demonstrates, it is becoming harder and harder to “forget” these things as digital media becomes more accessible and portable and the lines of ownership blur. Mayer-Schönberger examines the technology that’s facilitating the end of forgetting—digitization, cheap storage and easy retrieval, global access, and increasingly powerful software—and proposes an ingeniously simple solution: expiration dates on information.

Mireille Hildebrandt is Associate Professor of Jurisprudence at the Erasmus School of Law and Senior Researcher at the Centre for Law Science Technology and Society studies (LSTS) at Vrije Universiteit Brussels. Her PhD was in the legal philosophy of criminal procedure, with special focus on the role of punishment in the establishment and confirmation of legal norms. Since her move to Brussels she has studied the implications of smart technological infrastructures for the legal framework of constitutional democracy, for instance with regard to causality, liability, legal personhood, privacy and identity, citizenship, non-discrimination and data protection. She has been coordinator of profiling technologies in the research consortium on the Future of Identity in Information Society (funded by the European Commission), is a member of the stakeholder forum of the European Network and Information Security Agency (ENISA) and partakes in numerous fora on the issue of profiling, rule of law and democracy. She publishes in the field of criminal law and philosophy as well as the nexus of philosophy of technology and philosophy of law. She is Associate Editor of Criminal Law and Philosophy and of Identity in Information Society (IDIS). Together with Serge Gutwirth she edited Profiling the European Citizen. Cross-Disciplinary Perspectives (2008). She is also Dean of Education of the Research School on Safety and Justice in the Netherlands. For an overview of relevant publications see http://works.bepress.com/mireille_hildebrandt/.

Abstract: Ambient Intelligence, proactive computing, behavioural advertizing, smart monitoring and surveillance thrive on sophisticated profiling technologies. Profiling involves knowledge discovery in databases (KDD), allowing for a type of pattern recognition that is not possible by means of 'ordinary' human cognition. The profiles that result from the process of KDD are applied to individual persons or groups to anticipate their probable future behaviour. In the vision of Ambient Intelligence this should allow service providers to cater to consumers' inferred preferences even before they become aware of them. In the sphere of security it allows security agencies, police and intelligence agencies to engage in proactive policing or sentencing. These smart technologies raise a number of questions, of which those relating to privacy and security are only the more obvious ones. Social sorting, subliminal influencing and complications in the attribution of liability for harm caused challenge some of the foundations of the legal framework, requiring novel ways to think about the technological embodiment of legal instruments. I will argue that to sustain the system of checks and balances that stands for constitutional democracy, lawyers will have to re-articulate some the relevant legal protections into the socio-technical infrastructure they aim to protect against. Ambient Intelligence will require a vision of an Ambient Law. The vision of Ambient Law has been elaborated within the European Research Consortium on the Future of Identity in Information Society (FIDIS). It starts from the idea that our present legal system depends on the affordances of the technologies of the written and printed script. It then develops the idea that countervailing powers must be built into the novel technological infrastructure to complement the affordances of the written law. My presentation will also indicate how the vision of Ambient Law builds on and differs with Lawrence Lessig's idea of Code as Law and Helen Nissenbaum's notion of values in design.

*Co-Sponsor: Center for the Study of Security and Privacy (CRISSP) Distinguished Speaker Series*

Paul Ohm is an Associate Professor of Law at the University of Colorado Law School. He writes in the areas of information privacy, computer crime law, intellectual property, and criminal procedure. Through his scholarship and outreach, Professor Ohm is leading efforts to build new interdisciplinary bridges between law and computer science. Before joining the University of Colorado, in 2006, Professor Ohm worked for the U.S. Department of Justice's Computer Crime and Intellectual Property Section as an Honors Program trial attorney. Prior to law school, Professor Ohm worked for several years as a computer programmer and network systems administrator, and before that he earned undergraduate degrees in computer science and electrical engineering from Yale University. Even today, he continues to write thousands of lines of python and perl code each year. Professor Ohm blogs at The Freedom to Tinker, http://freedom-to-tinker.com. My paper is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006.

Abstract: Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.

top of page