Our current projects include research in the following areas:
In the wake of Edward Snowden’s disclosures, the distinction between data and so-called “metadata” has featured prominently in public debate about the legality of state surveillance programs. In this research project, generously funded by the Digital Trust Foundation, Helen Nissenbaum, Katherine Strandburg, Kiel Brennan-Marquez and Paula Kift challenge this distinction. The project has three parts: First, an examination of the evolution of “metadata” as a term of art. Second, an exploration of two constitutional avenues — the Fourth Amendment, and the First Amendment — for constraining metadata surveillance. Third, an analysis of relevant developments in U.S. statutory law, especially the USA FREEDOM Act, ratified in 2015 partly in response to criticism of the data / metadata framework. For an overview of the findings, see project website here.
Algorithms and Automation
Legal, social, and organizational decisions are increasingly being made using algorithmic and automated systems, across domains as diverse as internet search, employment determinations, law enforcement, and risk assessment. How do such systems change the nature of the determinations being made? What benefits and risks do they pose? How can we make these systems interpretable and accountable?
Obfuscation and Resistance
How do people resist surveillance of their behaviors? In this research area, we examine multiple ways in which individuals and groups resist, including through obfuscation—the production of misleading or ambiguous information—as an act of concealment or evasion.
Recent revelations about the NSA's mass interception of internet communications and other data about individuals' lives bring to light perennially difficult and controversial questions. What information are police and national security officials legally permitted to collect and about whom? What information should they be able to collect as a matter of ethics and policy? How can and should government surveillance be regulated in a democratic society?
What are private companies doing with the data trails individuals leave behind their activities online? When is behavioral advertising a beneficial form of personalization and when is it privacy-invasive or disciminatory? How should law and policy be designed to serve society's needs and values?
Security, Privacy, and Engineering
How are privacy and security matters addressed using technology? What do computer scientists, practitioners, and policy makers see as the role that technology can play in addressing matters of privacy and security? How do these interact with policy concepts like "regulation by design"? What are ways to organize the delegation of security and privacy matters to engineers in an accountable and responsible manner?
How is big data reconfiguring learning outcomes in K-12 and higher education? How do current legal frameworks address the privacy challenges of new data-driven teaching and learning tools and partnerships?
European Data Privacy
European laws about data protection have evolved very differently than American approaches. How might we implement a "right to be forgotten" online? What alternative approaches exist?