January 2014

It’s a Bird, No, It’s a Plane, No, It’s … an Amazon Delivery-Drone?

by Katelyn DeRuyter, UMN Law Student, MJLST Note and Comment Editor

I recently typed “legal issues drone usage” into Google and was surprised by what I found. Along with several articles on the U.S.’s drone program (as expected), I was also greeted by reports of an Amazon project to have unmanned aerial drones make deliveries. For those who don’t know, Amazon is an online retailer of … well, almost everything. This drone project, first announced on CBS’ ’60 Minutes’, is called “Prime Air” and may be viable in as few as 4-5 years. While there is wide speculation over whether this project is real or just a publicity stunt, it does present some interesting legal and law-enforcement considerations.

First, the reported facts:

The drones would be autonomous, meaning they would not be remotely piloted. Rather, the small rotorcrafts would use GPS technology to travel to and from delivery addresses. The drones currently being tested have a range of 10 miles and can lift packages weighing up to 5 lbs. Such packages account for approximately 86% of Amazon’s deliveries. It is easy to see the business advantages of such a delivery program. However, is this program currently legal?

The Legal Landscape:

Police and various governmental organizations are allowed to fly drones as long as they have obtained FAA approval. Non-governmental use of drones is limited to hobbyists and there are strict restrictions. For example, hobby drones cannot go above 400 feet and must stay within the operator’s sight. This will soon change. In early 2012, Congress passed the Reauthorization Act, a $63 billion funding bill for 4 years of FAA funding. One of the provisions of this Act is that the FAA must allow for the wider use of drones for both governmental and commercial use. Specifically, the FAA must allow for commercial use of drones by Sept. 30, 2015.

Given the Reauthorization Act, it seems probable that Amazon’s Prime Air, and other similar programs, may soon be legal. However, are such programs advisable? Along with potential liability issues if the drones malfunction and cause injury, there are broader policy issues to be addressed.

Law Enforcement Challenges:

The ability for drone deliveries may be a vast complication for law enforcement. By cutting out USPS, FedEx, UPS and other more “traditional” shipping methods, drone deliveries may also circumvent a lot of the screening and tracking that occurs with shipping. These screening and tracking systems are vital to law enforcement’s efforts to detect, stop and prosecute a variety of crimes – spanning from drug trafficking to bioterrorism.

If the law enforcement hurdles can be overcome, and I think it is likely that they can, drone-deliveries will probably become commonplace. It will be interesting to watch how the law adapts to fit this evolving technology.

Please feel free to leave any comments and thoughts!

What Does It Mean to Be Human?

by Mike Walls, UMN Law Student, MJLST Staff

What does it mean to be human? Where does our conception of life and death come from? Scholars and writers alike have been toiling with these questions for centuries. Our understanding of the term “human” is often embedded in the culture we grew up in. For some, human may simply mean the physical embodiment of our soul. To them, the human form is no more than just a transitory stage in our soul’s celestial journey. For others, the term is specifically defined by our genetic makeup, chromosome for chromosome, allele for allele, etc. However, our legal understanding of “human” has been especially difficult to discern. States have taken many different approaches.

In his article, “Defining the Essence of Being Human,” Professor Efthimios Parasidis discusses various states’ interpretations of human. Parasidis discusses Ohio’s interpretation of human life as beginning when one can detect the fetal heartbeat. For Ohio citizens, life begins with the beating heart, but it is unclear what this definition means for heart-related anomalies in adult-life, such as a person whose heart ceases to pump blood temporarily. Nebraska focuses on whether pain can be detected in the fetus, although the Act glosses over individuals who are incapable of experiencing pain, or fetus’s with delayed sensory development. Mississippi’s unsuccessful amendment attempted to define “person” as “every human being from the moment of fertilization, cloning, or the equivalent thereof,” which left the door open to further criticism. Should splicing human genes with animal genes necessarily discount human-like organisms from our understanding of human? Would a “manimal” have been covered under the Mississippi law? It appears that elsewhere around the world introducing animal genes into the human form is forbidden, whereas human genes introduced into animals is sometimes permitted.

Parasidis’ discussion of various states’ conceptions of human life involving pain, heartbeats, and fertilization, led him to attempt to answer the question: “What distinguishes humans from other species?” His answer fell into two categories, the anthropological record (Homo sapiens, Homo neanderthalensis, etc.) and genetics. He concluded that both explanations are vague (or at least their boundary lines do more to raise serious questions than to console skeptics).

As I ponder Parasidis’ article as a grown-up, the kid in me has found it difficult to set aside my childhood curiosity for science-fiction. What wisdom could I take from science-fiction without getting sidetracked? I turned to Dr. Moreau for answers. In 1896, H.G. Wells published The Island of Dr. Moreau, based on a mad-scientist destined to create half-men, half-animals, through vivisection. Wells wrote this piece without knowledge of genes or modern discoveries in anthropology and human origins. Wells’ interpretation of human and animal is both poetic and informative, and his philosophy on scientific inquiry plagued by moral dilemmas speaks through Dr. Moreau.

Astonished by the bestial creatures he saw on Dr. Moreau’s island, the weary naturalist Prendrick viewed Moreau as a heartless scientist, detached from the ethical world we live in. In my favorite chapter, Dr. Moreau Explains, Moreau lays out his unadorned view on the commonalities between man and animal. After Dr. Moreau inserts a blade into his own thigh, he states the following:

“Then I am a religious man, Prendrick, as every sane man must be. It may be I fancy I have seen more of the ways of this world’s Maker than you–for I have sought his laws, in my way, all my life, while you, I understand, have been collecting butterflies. And I tell you, pleasure and pain have nothing to do with heaven and hell. Pleasure and pain–Bah! . . . men and women set on pleasure and pain, Prendrick, is the mark of the beast upon them, the mark of the beast from which they came. Pain! Pain and pleasure–they are for us, only so long as we wriggle in the dust . . . .”

On the one extreme, Dr. Moreau believed that anything fathomed under the laws of science (and thus, to him, created by God), was permissible scientific inquiry. To him, pain is unmistakably detached from religion–rather it is incidental to experimentation. Moreover, Dr. Moreau believed pain is simply whatever we make of the sensation (“The capacity for pain is not needed in the muscle, and only here and there over the thigh is a spot capable of feeling pain. Pain is simply our intrinsic medical adviser to warn us and stimulate us.”). Moreau’s religion is his scientific inquiry, completely unfettered from ethical obligations. On the other hand, Nebraska takes the opposite view. Pain is the factor between life and death. But for Nebraskan legislators, is the criterion of inflicting “pain” on a fetus any more of a medical description than it is a moral obligation? Dr. Moreau and Professor Parasidis would probably argue that simply detecting pain is a smokescreen for anti-abortionists. The Nebraskan viewpoint that pain is a medical factor that necessarily dictates abortion rights might be fogging the issue. I struggle to understand some of our states’ preemptive abortion policies, as does Professor Parasidis, in their inability to separate conceptions of human life (when pain is felt) from their legal obligations owed to the individual (informed by science).

The point of all this is rather simple. No matter how we decide to determine what is human, or when life begins, public policy should influence how exacting our legal definition of human is. Dr. Moreau wouldn’t sacrifice scientific inquiry for the ethical norms of others. To him, everyone else must reconcile their moral differences with science. Professor Parasidis argues that when legislators use descriptive characteristics (like pain) in their legal definitions, they should also consider other policy implications. Besides the fetus, who else is affected? By redirecting our focus to science, we may free ourselves from biases currently clouding our reproductive rights jurisprudence, and potentially answer the question, what is the essence of being human?

Target Data Security Breach: It’s Lawsuit Time!

by Jenny Warfield, UMN Law Student, MJLST Staff

On December 19th, 2013, Target announced that it fell victim to the second-largest security attack in US retail history. While initial reports showed the hack compromised only the credit and debit card information (including PIN numbers and CVV codes) of 40 million customers, recent findings revealed that the names, phone numbers, mailing addresses, and email addresses of 70 million shoppers between November 27 to December 15 had also been stolen.

As history has proved time and again, massive data security breaches lead to lawsuits. When Heartland Payment Systems (a payment card processing service for small and mid-sized businesses) had its information on 130 million credit and debit card holders exposed in a 2009 cyber-attack, it faced lawsuits by banks and credit card companies for the costs of replacing cards, extending branch hours, and refunding consumers for fraudulent transactions. These lawsuits have so far cost the company $140 million in settlements (with litigation ongoing). Similarly, when TJX Company (parent of T.J. Maxx) had its accounts hacked in 2007, it cost the company $256 million in settlements.

Target currently faces at least 15 lawsuits in state and federal court seeking class action status, and several other lawsuits by individuals across the country. Common themes by the claimants are that 1) Target failed to properly secure customer data (more specifically, that Target did not abide by Payment Card Industry Security Standards Council Data Security Standards “PCI DSS”); 2) Target failed to promptly notify customers of the security breach in violation of state notification statutes, preventing customers from taking steps to protect against fraud; 3) Target violated the Federal Stored Communications Act; 4) and Target breached its implied contracts with its customers.

A quick review of past data breach cases reveals that these plaintiffs face an uphill battle, especially in the class-action context. While financial institutions and credit card companies can point to pecuniary damages in the form of costs associated with card replacements and customer refunds for fraudulent transactions (as in the TJX and Heartland cases), the damages suffered by plaintiffs in these cases are usually speculative. Not only are customers almost always refunded for transactions they did not make, it is unclear how to value the loss of information like home addresses and phone numbers in the absence of evidence that such information has been used to the customer’s detriment. As a result, almost all of the class action suits brought against companies in cyber-attacks have failed.

However, the causes of the cyber-attack on Target are still unclear, and it may be too early to speculate on Target’s liability. Target is currently being investigated by the DOJ (and potentially the FTC) for its role in the data breach while also conducting its own investigation in partnership with the U.S. Secret Service. In any event, affected customers should take advantage of Target’s year-long free credit monitoring while waiting for more facts to unfold.

Can I Keep It Private? Privacy Laws in Various Contexts

by Ude Lu, UMN Law Student, MJLST Articles Editor

Target Corp., the second-largest retailer in the nation, announced to its customers on Dec 20, 2013 that its payment card data had been breached. About 40 million customers who shopped at Target between Nov. 27 and Dec. 15, 2013 using credit or debit cards are affected. The stolen information includes the customer’s name, credit or debit card number, and the card’s expiration date. [Update: The breach may have affected over 100 million customers, and additional kinds of information may have been disclosed.]

This data breach stirred public discussions about data security and privacy protections. Federal Trade (FTC) Commissioner Maureen Ohlhausen said on Jan. 6, during a Twitter chat, that this event highlights the need for consumer and business education on data security.

In the US, the FTC’s privacy protection enforcement runs on a “broken promise” framework. This means the FTC will enforce privacy protection according to what a business entity promised to its customers. Privacy laws have increasing importance in wake of the information age.

Readers of this blog are encouraged to explore the following four articles published in MJLST, discussing privacy laws in various contexts:

  1. Constitutionalizing E-mail Privacy by Informational Access, by Manish Kumar. This article highlights the legal analyses of email privacy under the Fourth Amendment.
  2. It’s the Autonomy, Stupid: Political Data-Mining and Voter Privacy in the Information Age, by Chris Evans. This article explores the unique threats to privacy protection posed by political data-mining.
  3. Privacy and Public Health in the Information Age: Electronic Health Records and the Minnesota Health Records Act, by Kari Bomash. This article examines the adequacy of the Minnesota Health Records Act (MHRA) that the state passed to meet then-Governor Pawlenty’s 2015 mandate requiring every health care provider in Minnesota to have electronic health records.
  4. An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government, by Christopher Soghoian. This article explores how businesses vary in disclosing privacy information of their clients to governmental agencies.