Administrative Law

Privacy at Risk: Analyzing DHS AI Surveillance Investments

Noah Miller, MJLST Staffer

The concept of widespread surveillance of public areas monitored by artificial intelligence (“AI”) may sound like it comes right out of a dystopian novel, but key investments by the Department of Homeland Security (“DHS”) could make this a reality. Under the Biden Administration, the U.S. has acted quickly and strategically to adopt artificial intelligence as a tool to realize national security objectives.[1] In furtherance of President Biden’s executive goals concerning AI, the Department of Homeland Security has been making investments in surveillance systems that utilize AI algorithms.

Despite the substantial interest in protecting national security, Patrick Toomey, deputy director of the ACLU National Security Project, has criticized the Biden administration for allowing national security agencies to “police themselves as they increasingly subject people in the United States to powerful new technologies.”[2] Notably, these investments have not been tailored towards high-security locations—like airports. Instead, these investments include surveillance in “soft targets”—high-traffic areas with limited security: “Examples include shopping areas, transit facilities, and open-air tourist attractions.”[3] Currently, due to the number of people required to review footage, surveilling most public areas is infeasible; however, emerging AI algorithms would allow for this work to be done automatically. While enhancing security protections in soft targets is a noble and possibly desirable initiative, the potential privacy ramifications of widespread autonomous AI surveillance are extreme. Current Fourth Amendment jurisprudence offers little resistance to this form of surveillance, and the DHS has both been developing this surveillance technology themselves and outsourcing these projects to private corporations.

To foster innovation to combat threats to soft targets, the DHS has created a center called Soft Target Engineering to Neutralize the Threat Reality (“SENTRY”).[4] Of the research areas at SENTRY, one area includes developing “real-time management of threat detection and mitigation.”[5] One project, in this research area, seeks to create AI algorithms that can detect threats in public and crowded areas.[6] Once the algorithm has detected a threat, the particular incident would be sent to a human for confirmation.[7] This would be a substantially more efficient form of surveillance than is currently widely available.

Along with the research conducted through SENTRY, DHS has been making investments in private companies to develop AI surveillance technologies through the Silicon Valley Innovation Program (“SVIP”).[8] Through the SVIP, the DHS has awarded three companies with funding to develop AI surveillance technologies that can detect “anomalous events via video feeds” to improve security in soft targets: Flux Tensor, Lauretta AI, and Analytical AI.[9] First, Flux Tensor currently has demo pilot-ready prototype video feeds that apply “flexible object detection algorithms” to track and pinpoint movements of interest.[10] The technology is used to distinguish human movements and actions from the environment—i.e. weather, glare, and camera movements.[11] Second, Lauretta AI is adjusting their established activity recognition AI to utilize “multiple data points per subject to minimize false alerts.”[12] The technology generates automated reports periodically of detected incidents that are categorized by their relative severity.[13] Third, Analytical AI is in the proof of concept demo phase with AI algorithms that can autonomously track objects in relation to people within a perimeter.[14] The company has already created algorithms that can screen for prohibited items and “on-person threats” (i.e. weapons).[15] All of these technologies are currently in early stages, so the DHS is unlikely to utilize these technologies in the imminent future.

Assuming these AI algorithms are effective and come to fruition, current Fourth Amendment protections seem insufficient to protect against rampant usage of AI surveillance in public areas. In Kyllo v. United States, the Court placed an important limit on law enforcement use of new technologies. The Court held that when new sense-enhancing technology, not in general public use, was utilized to obtain information from a constitutionally protected area, the use of the new technology constitutes a search.[16] Unlike in Kyllo, where the police used thermal imaging to obtain temperature levels on various areas of a house, people subject to AI surveillance in public areas would not be in constitutionally protected areas.[17] Being that people subject to this surveillance would be in public places, they would not have a reasonable expectation of privacy in their movements; therefore, this form of surveillance likely would not constitute a search under prominent Fourth Amendment search analysis.[18]

While the scope and accuracy of this new technology are still to be determined, policymakers and agencies need to implement proper safeguards and proceed cautiously. In the best scenario, this technology can keep citizens safe while mitigating the impact on the public’s privacy interests. In the worst scenario, this technology could effectively turn our public spaces into security checkpoints. Regardless of how relevant actors proceed, this new technology would likely result in at least some decline in the public’s privacy interests. Policymakers should not make a Faustian bargain for the sake of maintaining social order.

 

Notes

[1] See generally Joseph R. Biden Jr., Memorandum on Advancing the United States’ Leadership in Artificial Intelligence; Harnessing Artificial Intelligence to Fulfill National Security Objectives; and Fostering the Safety, Security, and Trustworthiness of Artificial Intelligence, The White House (Oct. 24, 2024), https://www.whitehouse.gov/briefing-room/presidential-actions/2024/10/24/memorandum-on-advancing-the-united-states-leadership-in-artificial-intelligence-harnessing-artificial-intelligence-to-fulfill-national-security-objectives-and-fostering-the-safety-security/ (explaining how the executive branch intends to utilize artificial intelligence in relation to national security).

[2] ACLU Warns that Biden-Harris Administration Rules on AI in National Security Lack Key Protections, ACLU (Oct. 24, 2024, 12:00 PM), https://www.aclu.org/press-releases/aclu-warns-that-biden-harris-administration-rules-on-ai-in-national-security-lack-key-protections.

[3] Jay Stanley, DHS Focus on “Soft Targets” Risks Out-of-Control Surveillance, ALCU (Oct. 24, 2024), https://www.aclu.org/news/privacy-technology/dhs-focus-on-soft-targets-risks-out-of-control-surveillance.

[4] See Overview, SENTRY, https://sentry.northeastern.edu/overview/#VSF.

[5] Real-Time Management of Threat Detection and Mitigation, SENTRY, https://sentry.northeastern.edu/research/ real-time-threat-detection-and-mitigation/.

[6] See An Artificial Intelligence-Driven Threat Detection and Real-Time Visualization System in Crowded Places, SENTRY, https://sentry.northeastern.edu/research-project/an-artificial-intelligence-driven-threat-detection-and-real-time-visualization-system-in-crowded-places/.

[7] See Id.

[8] See, e.g., SVIP Portfolio and Performers, DHS, https://www.dhs.gov/science-and-technology/svip-portfolio.

[9] Id.

[10] See Securing Soft Targets, DHS, https://www.dhs.gov/science-and-technology/securing-soft-targets.

[11] See pFlux Technology, Flux Tensor, https://fluxtensor.com/technology/.

[12] See Securing Soft Targets, supra note 10.

[13] See Security, Lauretta AI, https://lauretta.io/technologies/security/.

[14] See Securing Soft Targets, supra note 10.

[15] See Technology, Analytical AI, https://www.analyticalai.com/technology.

[16] Kyllo v. United States, 533 U.S. 27, 33 (2001).

[17] Cf. Id.

[18] See generally, Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring) (explaining the test for whether someone may rely on an expectation of privacy).

 

 


The Introduction of “Buy Now, Pay Later” Products

Yanan Tang, MJLST Staffer

As of June 2024, it is estimated that more than half of Americans turn to Buy Now, Pay Later (“BNPL”) options to purchase products during financially stressful times. [1] BNPL allows customers to split up the payment of their purchases into four equal payments, requiring a down payment of 25 percent, with the remaining cost covered by three periodic payment installments. [2]

 

Consumer Financial Protection Bureau’s Interpretive Rules

In response to the popularity of BNPL products, the Consumer Financial Protection Bureau (“CFPB”) took action to regulate BNPL products.[3] In issuing its interpretive rules for BNPL, the CFPB aims to outline how these products fit within existing credit regulations. The CFPB’s interpretive rules for BNPL products were introduced in May 2024, following a 60-day review period with mixed feedback. The rules became effective in July, aiming to apply credit card-like consumer protections to BNPL services under the Truth in Lending Act (“TILA”).

Specifically, the interpretive rules assert that these BNPL providers meet the criteria for being “card issuers” and “creditors”, and therefore should be subject to relevant regulations of TILA, which govern credit card disputes and refund rights.[4] Under CFPB’s interpretive rules, BNPL firms are required to investigate disputes, refund returned products or voided services, and provide billing statements.[5]

This blog will first explain the distinction between interpretive rules and notice-and-comment rulemaking to contextualize the CFPB’s regulatory approach. It will then explore the key consumer protections these rules aim to enforce and examine the mixed responses from various stakeholders. Finally, it will analyze the Financial Technology Association’s lawsuit challenging the CFPB’s rules and consider the broader implications for BNPL regulation.

 

Interpretive Rules and Notice-and-Comment Rulemaking Explained

In general, interpretive rules are non-binding and do not require public input, while notice-and-comment rules are binding with the force of law and must follow a formal process, including public feedback, as outlined in the Administrative Procedural Act (“APA”) §553.[6] The “legal effect test” from American Mining Congress v. MSHA helps determine whether a rule is interpretive or legislative by examining factors like legislative authority, the need for a legal basis for enforcement, and whether the rule amends an existing law.[7] While some courts vary in factors to distinguish legislative and interpretive rules, they generally agree that agencies cannot hide real regulations in interpretive rules.

 

Comments Received from Consumer Groups, Traditional Banks, and BNPL Providers

After soliciting comments, CFPB received conflicting feedback on the proposed interpretive rules.[8] However, they also urged the agency to take further action to protect consumers who use BNPL credit.[9] In addition, traditional banks largely supported the rule, because BNPL’s digital user accounts are similar to those of credit cards and should be regulated similarly.[10] In contrast, major BNPL providers protested against CFPB’s rule.[11] Many BNPL providers, like PayPal, raised concerns about administrative procedures and urged CFPB to proceed through notice-and-comment rulemaking.[12] In sum, the conflicting comments highlight the challenge of applying traditional credit regulations to innovative financial products, leading to broader disputes about the rule’s implementation.

 

Financial Technology Association’s Lawsuit against CFPB’s New Rules

After the interpretive rules went into effect in July, FTA filed a lawsuit against the agency to stop the interpretive rule.[13] In their complaint, FTA contends that CFPB bypassed APA’s notice-and-comment rulemaking process, despite the significant change imposed by the rule.[14] FTA argues that the agency exceeded statutory authority under the Truth in Lending Act (TILA) as the act’s definition of “credit card” does not apply to BNPL products.[15] FTA also argues that the rule is arbitrary and capricious because it fails to account for the unique structure of BNPL products and their compliance challenges with Regulation Z.[16]

The ongoing case between FTA and CFPB will likely focus on whether CFPB’s rule is a permissible interpretation of existing law or a substantive rule requiring formal rulemaking under APA § 553. This decision should weigh the nature of BNPL products in relation to consumer protections traditionally associated with credit card-like products. In defending the agency’s interpretive rules against FTA, CFPB could consider highlighting the legislative intent of TILA’s flexibility and rationale for using an interpretive rule.

 

Notes

[1] See Block, Inc., More than Half of Americans Turn to Buy Now, Pay Later During Financially Stressful Times (June 26, 2024), https://investors.block.xyz/investor-news/default.aspx.

[2] Id.

[3] See Paige Smith & Paulina Cachero, Buy Now, Pay Later Needs Credit Card-Like Oversight, CFPB Says, Bloomberg Law (May 22, 2024), https://news.bloomberglaw.com/banking-law/buy-now-pay-later-soon-will-be-treated-more-like-credit-cards.

[4] Id.

[5] Id.

[6] 5 U.S.C.A. § 553.

[7] Am. Mining Cong. v. Mine Safety & Health Admin., 302 U.S. App. D.C. 38, 995 F.2d 1106 (1993).

[8] See Evan Weinberger, CFPB’s ‘Buy Now, Pay Later’ Rule Sparks Conflicting Reactions, Bloomberg Law (Aug. 1, 2024), https://news.bloomberglaw.com/banking-law/cfpbs-buy-now-pay-later-rule-sparks-conflicting-reactions.

[9] See New York City Dep’t of Consumer & Worker Prot., Comment Letter on Truth in Lending (Regulation Z); Use of Digital User Accounts To Access Buy Now, Pay Later Loans, Docket No. CFPB-2024-0017 (Aug. 31, 2024), https://www.regulations.gov/comment/CFPB-2024-0017-0027; see also Nat’l Consumer L. Ctr., Comment Letter on Truth in Lending (Regulation Z); Use of Digital User Accounts To Access Buy Now, Pay Later Loans, Docket No. CFPB-2024-0017, at 1 (Aug. 1, 2024), https://www.regulations.gov/comment/CFPB-2024-0017-0028.

[10] See Independent Community Bankers of Am., Comment Letter on Truth in Lending (Regulation Z); Use of Digital User Accounts To Access Buy Now, Pay Later Loans, Docket No. CFPB-2024-0017 (July 31, 2024), https://www.regulations.gov/comment/CFPB-2024-0017-0023.

[11] See Financial Technology Ass’n, Comment Letter on Truth in Lending (Regulation Z); Use of Digital User Accounts To Access Buy Now, Pay Later Loans, Docket No. CFPB-2024-0017 (July 19, 2024). https://www.regulations.gov/comment/CFPB-2024-0017-0038.

[12] See PayPal, Inc., Comment Letter on Truth in Lending (Regulation Z); Use of Digital User Accounts To Access Buy Now, Pay Later Loans, Docket No. CFPB-2024-0017 (July 31, 2024). https://www.regulations.gov/comment/CFPB-2024-0017-0025.

[13] See Evan Weinberger, CFPB Buy Now, Pay Later Rule Hit With Fintech Group Lawsuit, Bloomberg Law (Oct. 18, 2024), https://news.bloomberglaw.com/banking-law/cfpbs-buy-now-pay-later-rule-hit-with-fintech-group-lawsuit.

[14] Complaint, Fin. Tech. Ass’n v. Consumer Fin. Prot. Bureau, No. 1:24-cv-02966 (D.D.C. Oct. 18, 2024).

[15] Id.

[16] Id.


The Stifling Potential of Biden’s Executive Order on AI

Christhy Le, MJLST Staffer

Biden’s Executive Order on “Safe, Secure, and Trustworthy” AI

On October 30, 2023, President Biden issued a landmark Executive Order to address concerns about the burgeoning and rapidly evolving technology of AI. The Biden administration states that the order’s goal is to ensure that America leads the way in seizing the promising potential of AI while managing the risks of AI’s potential misuse.[1] The Executive Order establishes (1) new standards for AI development, and security; (2) increased protections for Americans’ data and privacy; and (3) a plan to develop authentication methods to detect AI-generated content.[2] Notably, Biden’s Executive Order also highlights the need to develop AI in a way that ensures it advances equity and civil rights, fights against algorithmic discrimination, and creates efficiencies and equity in the distribution of governmental resources.[3]

While the Biden administration’s Executive Order has been lauded as the most comprehensive step taken by a President to safeguard against threats posed by AI, its true impact is yet to be seen. The impact of the Executive Order will depend on its implementation by the agencies that have been tasked with taking action. The regulatory heads tasked with implementing Biden’s Executive Order are the Secretary of Commerce, Secretary of Energy, Secretary of Homeland Security, and the National Institute of Standards and Technology.[4] Below is a summary of the key calls-to-action from Biden’s Executive Order:

  • Industry Standards for AI Development: The National Institute of Science and Tech (NIST), Secretary of Commerce, Secretary of Energy, Secretary of Homeland Secretary, and other heads of agencies selected by the Secretary of Commerce will define industry standards and best practices for the development and deployment of safe and secure AI systems.
  • Red-Team Testing and Reporting Requirements: Companies developing or demonstrating an intent to develop potential dual-use foundational models will be required to provide the Federal Government, on an ongoing basis, with information, reports, and records on the training and development of such models. Companies will also be responsible for sharing the results of any AI red-team testing conducted by the NIST.
  • Cybersecurity and Data Privacy: The Department of Homeland Security shall provide an assessment of potential risks related to the use of AI in critical infrastructure sectors and issue a public report on best practices to manage AI-specific cybersecurity risks. The Director of the National Science Foundation shall fund the creation of a research network to advance privacy research and the development of Privacy Enhancing Technologies (PETs).
  • Synthetic Content Detection and Authentication: The Secretary of Commerce and heads of other relevant agencies will provide a report outlining existing methods and the potential development of further standards/techniques to authenticate content, track its provenance, detect synthetic content, and label synthetic content.
  • Maintaining Competition and Innovation: The government will invest in AI research by creating at least four new National AI Research Institutes and launch a pilot distributing computational, data, model, and training resources to support AI-related research and development. The Secretary of Veterans Affairs will also be tasked with hosting nationwide AI Tech Sprint competitions. Additionally, the FTC will be charged with using its authorities to ensure fair competition in the AI and semiconductor industry.
  • Protecting Civil Rights and Equity with AI: The Secretary of Labor will publish a report on effects of AI on the labor market and employees’ well-being. The Attorney General shall implement and enforce existing federal laws to address civil rights and civil liberties violations and discrimination related to AI. The Secretary of Health and Human Services shall publish a plan to utilize automated or algorithmic systems in administering public benefits and services and ensure equitable distribution of government resources.[5]

Potential for Big Tech’s Outsized Influence on Government Action Against AI

Leading up to the issuance of this Executive Order, the Biden administration met repeatedly and exclusively with leaders of big tech companies. In May 2023, President Biden and Vice President Kamala Harris met with the CEOs of leading AI companies–Google, Anthropic, Microsoft, and OpenAI.[6] In July 2023, the Biden administration celebrated their achievement of getting seven AI companies (Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and Open AI) to make voluntary commitments to work towards developing AI technology in a safe, secure, and transparent manner.[7] Voluntary commitments generally require tech companies to publish public reports on their developed models, submit to third-party testing of their systems, prioritize research on societal risks posed by AI systems, and invest in cybersecurity.[8] Many industry leaders criticized these voluntary commitments for being vague and “more symbolic than substantive.”[9] Industry leaders also noted the lack of enforcement mechanisms to ensure companies follow through on these commitments.[10] Notably, the White House has only allowed leaders of large tech companies to weigh in on requirements for Biden’s Executive Order.

While a bipartisan group of senators[11] hosted a more diverse audience of tech leaders in their AI Insights Forum, the attendees for the first and second forum were still largely limited to CEOs or Cofounders of prominent tech companies, VC executives, or professors at leading universities.[12] Marc Andreessen, a co-founder of Andreessen Horowitz, a prominent VC fund, noted that in order to protect competition, the “future of AI shouldn’t be dictated by a few large corporations. It should be a group of global voices, pooling together diverse insights and ethical frameworks.”[13] On November 3rd, 2023 a group of prominent academics, VC executives, and heads of AI startups published an open letter to the Biden administration where they voiced their concern about the Executive Order’s potentially stifling effects.[14] The group also welcomed a discussion with the Biden administration on the importance of developing regulations that allowed for robust development of open source AI.[15]

Potential to Stifle Innovation and Stunt Tech Startups

While the language of Biden’s Executive Order is fairly broad and general, it still has the potential to stunt early innovation by smaller AI startups. Industry leaders and AI startup founders have voiced concern over the Executive Order’s reporting requirements and restrictions on models over a certain size.[16] Ironically, Biden’s Order includes a claim that the Federal Trade Commission will “work to promote a fair, open, and competitive ecosystem” by helping developers and small businesses access technical resources and commercialization opportunities.

Despite this promise of providing resources to startups and small businesses, the Executive Order’s stringent reporting and information-sharing requirements will likely have a disproportionately detrimental impact on startups. Andrew Ng, a longtime AI leader and cofounder of Google Brain and Coursera, stated that he is “quite concerned about the reporting requirements for models over a certain size” and is worried about the “overhyped dangers of AI leading to reporting and licensing requirements that crush open source and stifle innovation.”[17] Ng believes that regulating AI model size will likely hurt the open-source community and unintentionally benefit tech giants as smaller companies will struggle to comply with the Order’s reporting requirements.[18]

Open source software (OSS) has been around since the 1980s.[19] OSS is code that is free to access, use, and change without restriction.[20] The open source community has played a central part in developing the use and application of AI, as leading AI generative models like ChatGPT and Llama have open-source origins.[21] While both Llama and ChatGPT are no longer open source, their development and advancement heavily relied on using open source models like Transformer, TensorFlow, and Pytorch.[22] Industry leaders have voiced concern that the Executive Order’s broad and vague use of the term “dual-use foundation model” will impose unduly burdensome reporting requirements on small companies.[23] Startups typically have leaner teams, and there is rarely a team solely dedicated to compliance. These reporting requirements will likely create barriers to entry for tech challengers who are pioneering open source AI, as only incumbents with greater financial resources will be able to comply with the Executive Order’s requirements.

While Biden’s Executive Order is unlikely to bring any immediate change, the broad reporting requirements outlined in the Order are likely to stifle emerging startups and pioneers of open source AI.

Notes

[1] https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/.

[2] Id.

[3] Id.

[4] https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/.

[5] https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/.

[6] https://www.whitehouse.gov/briefing-room/statements-releases/2023/05/04/readout-of-white-house-meeting-with-ceos-on-advancing-responsible-artificial-intelligence-innovation/.

[7] https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/21/fact-sheet-biden-harris-administration-secures-voluntary-commitments-from-leading-artificial-intelligence-companies-to-manage-the-risks-posed-by-ai/.

[8] https://www.whitehouse.gov/wp-content/uploads/2023/07/Ensuring-Safe-Secure-and-Trustworthy-AI.pdf.

[9] https://www.nytimes.com/2023/07/22/technology/ai-regulation-white-house.html.

[10] Id.

[11] https://www.heinrich.senate.gov/newsroom/press-releases/read-out-heinrich-convenes-first-bipartisan-senate-ai-insight-forum.

[12] https://techpolicy.press/us-senate-ai-insight-forum-tracker/.

[13] https://www.schumer.senate.gov/imo/media/doc/Marc%20Andreessen.pdf.

[14] https://twitter.com/martin_casado/status/1720517026538778657?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1720517026538778657%7Ctwgr%5Ec9ecbf7ac4fe23b03d91aea32db04b2e3ca656df%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcointelegraph.com%2Fnews%2Fbiden-ai-executive-order-certainly-challenging-open-source-ai-industry-insiders.

[15] Id.

[16] https://www.cnbc.com/2023/11/02/biden-ai-executive-order-industry-civil-rights-labor-groups-react.html.

[17] https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/.

[18] https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/.

[19] https://www.brookings.edu/articles/how-open-source-software-shapes-ai-policy/.

[20] Id.

[21] https://www.zdnet.com/article/why-open-source-is-the-cradle-of-artificial-intelligence/.

[22] Id.

[23] Casado, supra note 14.


Payment Pending: CFPB Proposes to Regulate Digital Wallets

Kevin Malecha, MJLST Staffer

Federal regulators are increasingly concerned about digital wallets and person-to-person payment (P2P) apps like Apply Pay, Google Pay, Cash App, and Venmo, and how such services might impact the rights of financial consumers. As many as three-quarters of American adults use digital wallets or payment apps and, in 2022, the total value of transactions was estimated at $893 billion, expected to increase to $1.6 trillion by 2027.[1] In November of 2023, the Consumer Financial Protection Bureau proposed a rule that would expand its supervisory powers to cover certain nonbank providers of these services. The CFPB, an independent federal agency within the broader Federal Reserve System, was created by the Dodd-Frank Act in response to the 2007-2008 financial crisis and subsequent recession. The Bureau is tasked with protecting consumers in the financial space by promulgating and enforcing rules governing a wide variety of financial activities like mortgage lending, debt collection, and electronic payments.[2]

The CFPB has identified digital wallets and payment apps as products that threaten consumer financial rights and well-being.[3] First, because these services collect mass amounts of transaction and financial data, they pose a substantial risk to consumer data privacy.[4] Second, if the provider ceases operations or faces a “bank” run, any funds held in digital accounts may be lost because Federal Deposit Insurance Corporation (FDIC) protection, which insures deposits up to $250,000 in traditional banking institutions, is often unavailable for digital wallets.[5]

Enforcement and Supervision

The CFPB holds dual enforcement and supervisory roles. As one of the federal agencies charged with “implementing the Federal consumer financial laws,”[6] the enforcement powers of the CFPB are broad, but enforcement actions are relatively uncommon. In 2022, the Bureau brought twenty enforcement actions.[7] By contrast, the Commodity Futures Trading Commission (CFTC), which is also tasked in part with protecting financial consumers, brought eighty-two enforcement actions in the same period.[8] In contrast to the limited and reactionary nature of enforcement actions, the CFPB’s supervisory authority requires regulated entities to disclose certain documents and data, such as internal policies and audit reports, and allows CFPB examiners to proactively review their actions to ensure compliance.[9] The Bureau describes its supervisory process as a tool for identifying issues and addressing them before violations become systemic or cause significant harm to consumers.[10]

The CFPB already holds enforcement authority over all digital wallet and payment app services via its broad power to adjudicate violations of financial laws wherever they occur.[11] However, the Bureau has so far enjoyed only limited supervisory authority over the industry.[12] Currently, the CFPB only supervises digital wallets and payment apps when those services are provided by banks or when the provider falls under another CFPB supervision rule.[13] As tech companies like Apple and Google – which do not fall under other CFPB supervision rules – have increasingly entered the market, they have gone unsupervised.

Proposed Rule

Under the organic statute, CFPB’s existing supervisory authority covers nonbank persons that offer certain financial services including real estate and mortgage loans, private education loans, and payday loans.[14] In addition, the statute allows the Bureau to promulgate rules to cover other entities that are “larger participant[s] of a market for other consumer financial products or services.”[15] The proposed rule takes advantage of the power to define “larger participants” and expands the definition to include providers of “general-use digital consumer applications,” which the Bureau defines as funds transfer or wallet functionality through a digital application that the consumer uses to make payments for personal, household, or family purposes.[16] An entity is a “larger participant” if it (1) provides general-use digital consumer payment applications with an annual volume of at least five million transactions and (2) is not a small business as defined by the Small Business Administration.[17] The Bureau will make determinations on an individualized basis and may request documents and information from the entity to determine if it satisfies the requirements, which the entity can then dispute.

Implications for Digital Wallet and Payment App Providers

Major companies like Apple and Google can easily foresee that the CFPB intends to supervise them under the new rule. The Director of the CFPB recently compared the two American companies to Chinese tech companies Alibaba and WeChat that offer similar products and that, in the Director’s view, pose a similar risk to consumer data privacy and financial security.[18] For smaller firms, predicting the Bureau’s intentions is challenging, but existing regulations indicate that the Bureau will issue a written communication to initiate supervision.[19] The entity will then have forty-five days to dispute the finding that they meet the regulatory definition of a “larger participant.”[20] In their response, entities may include a statement of the reason for their objection and records, documents, or other information. Then the Assistant Director of the CFPB will review the response and make a determination. The regulation gives the Assistant Director the ability to request records and documents from the entity prior to the initial notification of intended supervision and throughout the determination process.[21] The Assistant Director also may extend the timeframe for determination beyond the forty-five-day window.[22]

If an entity becomes supervised, the Bureau will contact it for an initial conference.[23] The examiners will then determine the scope of future supervision, taking into consideration the responses at the conference, any records requested prior to or during the conference, and a review of the entity’s compliance management program.[24] The Bureau prioritizes its supervisory activities based on entity size, volume of transactions, size and risk of the relevant market, state oversight, and other market information to which the Bureau has access.[25] Ongoing supervision is likely to vary based on these factors, as well, but may include on-site or remote examination, review of documents and records, testing accounts and transactions for compliance with federal statutes and regulations, and continued review of the compliance management system.[26] The Bureau may then issue a confidential report or letter stating the examiner’s opinion that the entity has violated or is at risk of violating a statute or regulation.[27] While these findings are not final determinations, they do outline specific steps for the entity to regain or ensure compliance and should be taken seriously.[28] Supervisory reports or letters are distinct from enforcement actions and generally do not result in an enforcement action.[29] However, violations may be referred to the Bureau’s Office of Enforcement, which would then launch its own investigation.[30]

The likelihood of the proposed rule resulting in an enforcement action is, therefore, relatively low, but the exposure for regulated entities is difficult to measure because the penalties in enforcement actions vary widely. From October 2022 to October 2023, amounts paid by regulated entities ranged from $730,000 paid by a remittance provider that violated Electronic Funds Transfer rules,[31] to $3.7 billion in penalties and redress paid by Wells Fargo for headline-making violations of the Consumer Financial Protection Act.[32]

Notes

[1] Analysis of Deposit Insurance Coverage on Funds Stored Through Payment Apps, Consumer Fin. Prot. Bureau (Jun. 1, 2023), https://www.consumerfinance.gov/data-research/research-reports/issue-spotlight-analysis-of-deposit-insurance-coverage-on-funds-stored-through-payment-apps/full-report.

[2] Final Rules, Consumer Fin. Prot. Bureau, https://www.consumerfinance.gov/rules-policy/final-rules (last visited Nov. 16, 2023).

[3] CFPB Proposes New Federal Oversight of Big Tech Companies and Other Providers of Digital Wallets and Payment Apps, Consumer Fin. Prot. Bureau (Nov. 7, 2023), https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-tech-companies-and-other-providers-of-digital-wallets-and-payment-apps.

[4] Id.

[5] Id.

[6] 12 U.S.C. § 5492.

[7] Enforcement by the numbers, Consumer Fin. Prot. Bureau (Nov. 8, 2023), https://www.consumerfinance.gov/enforcement/enforcement-by-the-numbers.

[8] CFTC Releases Annual Enforcement Results, Commodity Futures Trading Comm’n (Oct. 20, 2022), https://www.cftc.gov/PressRoom/PressReleases/8613-22.

[9] CFPB Supervision and Examination Manual, Consumer Fin. Prot. Bureau at Overview 10 (Mar. 2017), https://files.consumerfinance.gov/f/documents/cfpb_supervision-and-examination-manual_2023-09.pdf.

[10] An Introduction to CFPB’s Exams of Financial Companies, Consumer Fin. Prot. Bureau 4 (Jan. 9, 2023), https://files.consumerfinance.gov/f/documents/cfpb_an-introduction-to-cfpbs-exams-of-financial-companies_2023-01.pdf.

[11] 12 U.S.C. §5563(a).

[12] CFPB Proposes New Federal Oversight of Big Tech Companies and Other Providers of Digital Wallets and Payment Apps, Consumer Fin. Prot. Bureau (Nov. 7, 2023), https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-new-federal-oversight-of-big-tech-companies-and-other-providers-of-digital-wallets-and-payment-apps.

[13] Id.

[14] 12 U.S.C. § 5514.

[15] Id.

[16] Defining Larger Participants of a Market for General-Use Digital Consumer Payment, Consumer Fin. Prot. Bureau 3 (Nov. 7, 2023), https://files.consumerfinance.gov/f/documents/cfpb_nprm-digital-payment-apps-lp-rule_2023-11.pdf.

[17] Id. at 4.

[18] Rohit Chopra, Prepared Remarks of CFPB Director Rohit Chopra at the Brookings Institution Event on Payments in a Digital Century, Consumer Fin. Prot. Bureau (Oct. 6, 2023), https://www.consumerfinance.gov/about-us/newsroom/prepared-remarks-of-cfpb-director-rohit-chopra-at-the-brookings-institution-event-on-payments-in-a-digital-century.

[19] 12 CFR § 1090.103(a).

[20] 12 CFR § 1090.103(b).

[21] 12 CFR § 1090.103(c).

[22] 12 CFR § 1090.103(d).

[23] Defining Larger Participants of a Market for General-Use Digital Consumer Payment, Consumer Fin. Prot. Bureau 6 (Nov. 7, 2023), https://files.consumerfinance.gov/f/documents/cfpb_nprm-digital-payment-apps-lp-rule_2023-11.pdf.

[24] Id.

[25] Id. at 5.

[26] Id. at 6.

[27] An Introduction to CFPB’s Exams of Financial Companies, Consumer Fin. Prot. Bureau 3 (Jan. 9, 2023), https://files.consumerfinance.gov/f/documents/cfpb_an-introduction-to-cfpbs-exams-of-financial-companies_2023-01.pdf.

[28] Id.

[29] Id.

[30] Id.

[31] CFPB Orders Servicio UniTeller to Refund Fees and Pay Penalty for Failing to Follow Remittance, Consumer Fin. Prot. Bureau (Dec. 22, 2022), https://www.consumerfinance.gov/enforcement/actions/servicio-uniteller-inc.

[32] CFPB Orders Wells Fargo to Pay $3.7 Billion for Widespread Mismanagement of Auto Loans, Mortgages, and Deposit Accounts, Consumer Fin. Prot. Bureau (Dec. 20, 2022), https://www.consumerfinance.gov/enforcement/actions/wells-fargo-bank-na-2022.


Conflicts of Interest and Conflicting Interests: The SEC’s Controversial Proposed Rule

Shaadie Ali, MJLST Staffer

A controversial proposed rule from the SEC on AI and conflicts of interest is generating significant pushback from brokers and investment advisers. The proposed rule, dubbed “Reg PDA” by industry commentators in reference to its focus on “predictive data analytics,” was issued on July 26, 2023.[1] Critics claim that, as written, Reg PDA would require broker-dealers and investment managers to effectively eliminate the use of almost all technology when advising clients.[2] The SEC claims the proposed rule is intended to address the potential for AI to hurt more investors more quickly than ever before, but some critics argue that the SEC’s proposed rule would reach far beyond generative AI, covering nearly all technology. Critics also highlight the requirement that conflicts of interest be eliminated or neutralized as nearly impossible to meet and a departure from traditional principles of informed consent in financial advising.[3]

The SEC’s 2-page fact sheet on Reg PDA describes the 239-page proposal as requiring broker-dealers and investment managers to “eliminate or neutralize the effect of conflicts of interest associated with the firm’s use of covered technologies in investor interactions that place the firm’s or its associated person’s interest ahead of investors’ interests.”[4] The proposal defines covered technology as “an analytical, technological, or computational function, algorithm, model, correlation matrix, or similar method or process that optimizes for, predicts, guides, forecasts, or directs investment-related behaviors or outcomes in an investor interaction.”[5] Critics have described this definition of “covered technology” as overly broad, with some going so far as to suggest that a calculator may be “covered technology.”[6] Despite commentators’ insistence, this particular contention is implausible – in its Notice of Proposed Rulemaking, the SEC stated directly that “[t]he proposed definition…would not include technologies that are designed purely to inform investors.”[7] More broadly, though, the SEC touts the proposal’s broadness as a strength, noting it “is designed to be sufficiently broad and principles-based to continue to be applicable as technology develops and to provide firms with flexibility to develop approaches to their use of technology consistent with their business model.”[8]

This move by the SEC comes amidst concerns raised by SEC chair Gary Gensler and the Biden administration about the potential for the concentration of power in artificial intelligence platforms to cause financial instability.[9] On October 30, 2023, President Biden signed an Executive Order that established new standards for AI safety and directed the issuance of guidance for agencies’ use of AI.[10] When questioned about Reg PDA at an event in early November, Gensler defended the proposed regulation by arguing that it was intended to protect online investors from receiving skewed recommendations.[11] Elsewhere, Gensler warned that it would be “nearly unavoidable” that AI would trigger a financial crisis within the next decade unless regulators intervened soon.[12]

Gensler’s explanatory comments have done little to curb criticism by industry groups, who have continued to submit comments via the SEC’s notice and comment process long after the SEC’s October 10 deadline.[13] In addition to highlighting the potential impacts of Reg PDA on brokers and investment advisers, many commenters questioned whether the SEC had the authority to issue such a rule. The American Free Enterprise Chamber of Commerce (“AmFree”) argued that the SEC exceeded its authority under both its organic statutes and the Administrative Procedures Act (APA) in issuing a blanket prohibition on conflicts of interest.[14] In their public comment, AmFree argued the proposed rule was arbitrary and capricious, pointing to the SEC’s alleged failure to adequately consider the costs associated with the proposal.[15] AmFree also invoked the major questions doctrine to question the SEC’s authority to promulgate the rule, arguing “[i]f Congress had meant to grant the SEC blanket authority to ban conflicts and conflicted communications generally, it would have spoken more clearly.”[16] In his scathing public comment, Robinhood Chief Legal and Corporate Affairs Officer Daniel M. Gallagher alluded to similar APA concerns, calling the proposal “arbitrary and capricious” on the grounds that “[t]he SEC has not demonstrated a need for placing unprecedented regulatory burdens on firms’ use of technology.”[17] Gallagher went on to condemn the proposal’s apparent “contempt for the ordinary person, who under the SEC’s apparent world view [sic] is incapable of thinking for himself or herself.”[18]

Although investor and broker industry groups have harshly criticized Reg PDA, some consumer protection groups have expressed support through public comment. The Consumer Federation of America (CFA) endorsed the proposal as “correctly recogniz[ing] that technology-driven conflicts of interest are too complex and evolve too quickly for the vast majority of investors to understand and protect themselves against, there is significant likelihood of widespread investor harm resulting from technology-driven conflicts of interest, and that disclosure would not effectively address these concerns.”[19] The CFA further argued that the final rule should go even further, citing loopholes in the existing proposal for affiliated entities that control or are controlled by a firm.[20]

More generally, commentators have observed that the SEC’s new prescriptive rule that firms eliminate or neutralize potential conflicts of interest marks a departure from traditional securities laws, wherein disclosure of potential conflicts of interest has historically been sufficient.[21] Historically, conflicts of interest stemming from AI and technology have been regulated the same as any other conflict of interest – while brokers are required to disclose their conflicts, their conduct is primarily regulated through their fiduciary duty to clients. In turn, some commentators have suggested that the legal basis for the proposed regulations is well-grounded in the investment adviser’s fiduciary duty to always act in the best interest of its clients.[22] Some analysts note that “neutralizing” the effects of a conflict of interest from such technology does not necessarily require advisers to discard that technology, but changing the way that firm-favorable information is analyzed or weighed, but it still marks a significant departure from the disclosure regime. Given the widespread and persistent opposition to the rule both through the note and comment process and elsewhere by commentators and analysts, it is unclear whether the SEC will make significant revisions to a final rule. While the SEC could conceivably narrow definitions of “covered technology,” “investor interaction,” and “conflicts of interest,” it is difficult to imagine how the SEC could modify the “eliminate or neutralize” requirement in a way that would bring it into line with the existing disclosure-based regime.

For its part, the SEC under Gensler is likely to continue pursuing regulations on AI regardless of the outcome of Reg PDA. Gensler has long expressed his concerns about the impacts of AI on market stability. In a 2020 paper analyzing regulatory gaps in the use of generative AI in financial markets, Gensler warned, “[e]xisting financial sector regulatory regimes – built in an earlier era of data analytics technology – are likely to fall short in addressing the risks posed by deep learning.”[23] Regardless of how the SEC decides to finalize its approach to AI in conflict of interest issues, it is clear that brokers and advisers are likely to resist broad-based bans on AI in their work going forward.

Notes

[1] Press Release, Sec. and Exch. Comm’n., SEC Proposes New Requirements to Address Risks to Investors From Conflicts of Interest Associated With the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers (Jul. 26, 2023).

[2] Id.

[3] Jennifer Hughes, SEC faces fierce pushback on plan to police AI investment advice, Financial Times (Nov. 8, 2023), https://www.ft.com/content/766fdb7c-a0b4-40d1-bfbc-35111cdd3436.

[4] Sec. Exch. Comm’n., Fact Sheet: Conflicts of Interest and Predictive Data Analytics (2023).

[5] Conflicts of Interest Associated with the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers,  88 Fed. Reg. 53960 (Proposed Jul. 26, 2021) (to be codified at 17 C.F.R. pts. 240, 275) [hereinafter Proposed Rule].

[6] Hughes, supra note 3.

[7] Proposed Rule, supra note 5.

[8] Id.

[9] Stefania Palma and Patrick Jenkins, Gary Gensler urges regulators to tame AI risks to financial stability, Financial Times (Oct. 14, 2023), https://www.ft.com/content/8227636f-e819-443a-aeba-c8237f0ec1ac.

[10] Fact Sheet, White House, President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (Oct. 30, 2023).

[11] Hughes, supra note 3.

[12] Palma, supra note 9.

[13] See Sec. Exch. Comm’n., Comments on Conflicts of Interest Associated with the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers (last visited Nov. 13, 2023), https://www.sec.gov/comments/s7-12-23/s71223.htm (listing multiple comments submitted after October 10, 2023).

[14] Am. Free Enter. Chamber of Com., Comment Letter on Proposed Rule regarding Conflicts of Interest Associated With the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers (Oct. 10, 2023), https://www.sec.gov/comments/s7-12-23/s71223-270180-652582.pdf.

[15] Id. at 14-19.

[16] Id. at 9.

[17] Daniel M. Gallagher, Comment Letter on Proposed Rule regarding Conflicts of Interest Associated With the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers (Oct. 10, 2023), https://www.sec.gov/comments/s7-12-23/s71223-271299-654022.pdf.

[18] Id. at 43.

[19] Consumer Fed’n. of Am., Comment Letter on Proposed Rule regarding Conflicts of Interest Associated With the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers (Oct. 10, 2023), https://www.sec.gov/comments/s7-12-23/s71223-270400-652982.pdf.

[20] Id.

[21] Ken D. Kumayama et al., SEC Proposes New Conflicts of Interest Rule for Use of AI by Broker-Dealers and Investment Advisers, Skadden (Aug. 10, 2023), https://www.skadden.com/insights/publications/2023/08/sec-proposes-new-conflicts.

[22] Colin Caleb, ANALYSIS: Proposed SEC Regs Won’t Allow Advisers to Sidestep AI, Bloomberg Law (Aug. 10, 2023), https://news.bloomberglaw.com/bloomberg-law-analysis/analysis-proposed-sec-regs-wont-allow-advisers-to-sidestep-ai.

[23] Gary Gensler and Lily Bailey, Deep Learning and Financial Stability (MIT Artificial Intel. Glob. Pol’y F., Working Paper 2020) (in which Gensler identifies several potential systemic risks to the financial system, including overreliance and uniformity in financial modeling, overreliance on concentrated centralized datasets, and the potential of regulators to create incentives for less-regulated entities to take on increasingly complex functions in the financial system).


Who Is Regulating Regulatory Public Comments?

Madeleine Rossi, MJLST Staffer

In 2015 the Federal Communications Commission (FCC) issued a rule on “Protecting and Promoting the Open Internet.”[1] The basic premise of these rules was that internet service providers had unprecedented control over access to information for much of the public. Those in favor of the new rules argued that broadband providers should be required to enable access to all internet content, without either driving or throttling traffic to particular websites for their own benefit. Opponents of these rules – typically industry players such as the same broadband providers that would be regulated – argued that such rules were burdensome and would prevent technological innovation. The fight over these regulations is colloquially known as the fight over “net neutrality.” 

In 2017 the FCC reversed course and put forth a proposal to repeal the 2015 regulations. Any time that an agency proposes a rule, or proposes to repeal a rule, they must go through the notice-and-comment rulemaking procedure. One of the most important parts of this process is the solicitation of public comments. Many rules get put forth without much attention or fanfare from the public. Some rules may only get hundreds of public comments, often coming from the industry that the rule is aimed at. Few proposed rules get attention from the public at large. However, the fight over net neutrality – both the 2015 rules and the repeal of those rules in 2017 – garnered significant public interest. The original 2015 rule amassed almost four million comments.[2] At the time, this was the most public comments that a proposed rule had ever received.[3] In 2017, the rule’s rescission blew past four million comments to acquire a total of almost twenty-two million comments.[4]

At first glance this may seem like a triumph for the democratic purpose of the notice-and-comment requirement. After all, it should be a good thing that so many American citizens are taking an interest in the rules that will ultimately determine how they can use the internet. Unfortunately, that was not the full story. New York Attorney General Letitia James released a report in May of 2021 detailing her office’s investigation into wide ranging fraud that plagued the notice-and-comment process.[5] Of the twenty-two million comments submitted about the repeal, a little under eight million of them were generated by a single college student.[6] These computer-generated comments were in support of the original regulations, but used fake names and fake comments.[7] Another eight million comments were submitted by lead generation companies that were hired by the broadband companies.[8] These companies stole individuals’ identities and submitted computer-generated comments on their behalf.[9] While these comments used real people’s identities, they fabricated the content in support of repealing the 2015 regulations.[10]

Attorney General James’ investigation showed that real comments, submitted by real people, were “drowned out by masses of fake comments and messages being submitted to the government to sway decision-making.”[11] When the investigation was complete, James’ office concluded that nearly eighteen of the twenty-two million comments received by the FCC in 2017 were faked.[12] The swarm of fake comments created the false perception that the public was generally split on the issue of net neutrality. In fact, anywhere from seventy-five to eighty percent of Americans say that they support net neutrality.[13]

This is not an issue that is isolated to the fight over net neutrality. Other rulemaking proceedings have been targeted as well, namely by the same lead generation firms involved in the 2017 notice-and-comment fraud campaign.[14] Attorney General James’ investigation found that regulatory agencies like the Environmental Protection Agency (EPA), which is responsible for promulgating rules that protect people and the environment from risk, had also been targeted by such campaigns.[15] When agencies like the FCC or EPA propose regulations for the protection of the public, the democratic process of notice-and-comment is completely upended when industry players are able to “drown out” real public voices.

So, what can be done to preserve the democratic nature of the notice-and-comment period? As the technology involved in these schemes advances, this is likely to become not only a reoccurring issue but one that could entirely subvert the regulatory process of rulemaking. One way that injured parties are fighting back is with lawsuits.

In May of 2023, Attorney General James announced that she had come to a second agreement with three of the lead generation firms involved with the 2017 scam to falsify public comments.[16] The three companies agreed to pay $615,000 in fines for their involvement.[17] This agreement came in addition to a previous agreement in which the three stipulated to paying four million dollars in fines and agreed to change future lead generating practices, and the litigation is ongoing.[18]

However, more must be done to ensure that the notice-and-comment process is not entirely subverted. Financial punishment after the fact does not account for the harm to the democratic process that is already done. Currently, the only recourse is to sue these companies for their fraudulent and deceptive practices. However, lawsuits will typically only result in financial losses. Financial penalties are important, but they will always come after the fact. Once litigation is under way, the harm has already been done to the American public.

Agencies need to ensure that they are keeping up with the pace of rapidly evolving technology so that they can properly vet the validity of the comments that they receive. While it is important to keep public commenting a relatively open and easy practice, having some kind of vetting procedure has become essential. Perhaps requiring an accompanying email address or phone number for each comment, and then sending a simple verification code. Email or phone numbers could also be contacted during the vetting process once the public comment period closes. While it would likely be impractical to contact each individual independently, a random sample would at least flag whether or not a coordinated and large-scale fake commenting campaign had taken place. 

Additionally, the legislature should keep an eye on fraudulent practices that impact the notice-and-comment process. Lawmakers can and should strengthen laws to punish companies that are engaged in these practices. For example, in Attorney General James’ report she recommends that lawmakers do at least two things. First, they should explicitly and statutorily prohibit “deceptive and unauthorized comments.”[19] To be effective these laws should establish large civil fines. Second, the legislature should “strengthen impersonation laws.”[20] Current impersonation laws were not designed with mass-impersonation fraud in mind. These statutes should be amended to increase penalties when many individuals are impersonated.

In conclusion, the use of fake comments to sway agency rulemaking is a problem that is only going to worsen with time and the advance of technology. This is a serious problem that should be taken as such by both agencies and the legislature. 

Notes

[1] 80 Fed. Reg. 19737.

[2] https://www.brookings.edu/articles/democratizing-and-technocratizing-the-notice-and-comment-process/.

[3] Id.

[4] Id.

[5] https://ag.ny.gov/press-release/2021/attorney-general-james-issues-report-detailing-millions-fake-comments-revealing.

[6] https://www.brookings.edu/articles/democratizing-and-technocratizing-the-notice-and-comment-process/.

[7] Id.

[8] Id.

[9] Id.

[10] Id.

[11] https://ag.ny.gov/press-release/2021/attorney-general-james-issues-report-detailing-millions-fake-comments-revealing.

[12] Id.

[13] https://thehill.com/policy/technology/435009-4-in-5-americans-say-they-support-net-neutrality-poll/, https://publicconsultation.org/united-states/three-in-four-voters-favor-reinstating-net-neutrality/.

[14] Id.

[15] https://apnews.com/article/settlement-fake-public-comments-net-neutrality-ae1f69a1f5415d9f77a41f07c3f6c358.

[16] Id.

[17] Id.

[18] https://apnews.com/article/government-and-politics-technology-business-9f10b43b6aacbc750dfc010ceaedaca7.

[19] https://ag.ny.gov/sites/default/files/oag-fakecommentsreport.pdf.

[20] Id.


Mental Health Telehealth Services May Not Be Protecting Your Data

Tessa Wright, MJLST Staffer

The COVID-19 pandemic changed much about our daily lives, and nowhere have those changes been more visible than in the healthcare industry. During the pandemic, there were overflowing emergency rooms coupled with doctor shortages.[1] In-person medical appointments were canceled, and non-emergency patients had to wait months for appointments.[2] In response, the use of telehealth services began to increase rapidly.[3] In fact, one 2020 study found that telehealth visits accounted for less than 1% of health visits prior to the pandemic and increased to as much as 80% of visits when the pandemic was at its peak.[4] And, while the use of telehealth services has decreased slightly in recent years, it seems as though it is likely here to stay. Nowhere has the use of telehealth services been more prevalent than in mental health services.[5] Indeed, as of 2022, telehealth still represented over 36% of outpatient mental health visits.[6] Moreover, a recent study found that since 2020, over one in three mental health outpatient visits have been delivered by telehealth.[7] And while this increased use in telehealth services has helped make mental health services more affordable and accessible to many Americans, this shift in the way healthcare is provided also comes with new legal concerns that have yet to be fully addressed.

Privacy Concerns for Healthcare Providers

One of the largest concerns surrounding the increased use of telehealth in mental health services is privacy. There are several reasons for this. The primary concern has been due to the fact that telehealth takes place over the phone or via personal computers. When using personal devices, it is nearly impossible to ensure HIPAA compliance. However, the majority of healthcare providers now offer telehealth options that connect directly to their private healthcare systems, which allows for more secure data transmission.[8] While there are still concerns surrounding this issue, these secure servers have helped mitigate much of the concern.[9]

Privacy Concerns with Mental Health Apps

The other privacy concern surrounding the use of telehealth services for mental health is a little more difficult to address. This concern comes from the increased use of mental health apps. Mental health apps are mobile apps that allow users to access online talk therapy and psychiatric care.[10] With the increased use of telehealth for mental health services, there has also been an increase in the use of these mental health apps. Americans are used to their private medical information being protected by the Health Insurance Portability and Accountability Act (HIPAA).[11] HIPAA is a federal law that creates privacy rules for our medical records and other individually identifiable health information during the flow of certain health care transactions.[12] But HIPAA wasn’t designed to handle modern technology.[13] The majority of mental health apps are not covered by HIPAA rules, meaning that these tech companies can sell the private health data from their apps to third parties, with or without consent.[14] In fact, a recent study that analyzed 578 mental health-related apps found that nearly half (44%) of the apps shared users’ personal health information with third parties.[15] This personal health information can include psychiatric diagnoses and medication prescriptions, as well as other identifiers including age, gender, ethnicity, religion, credit score, etc.[16]

In fact, according to a 2022 study, a popular therapy app, BetterHelp, was among the worst offenders in terms of privacy.[17] “BetterHelp has been caught in various controversies, including a ‘bait and switch’ scam where it advertised therapists that weren’t actually on its service, poor quality of care (including trying to provide gay clients with conversion therapy), and paying YouTube influencers if their fans sign up for therapy through the app.”[18]

An example of information that does get shared is the intake questionnaire.[19] An intake questionnaire needs to be filled out on BetterHelp, or other therapy apps, in order for the customer to be matched with a provider.[20] The answers to these intake questionnaires were specifically found to have been shared by BetterHelp with an analytics company, along with the approximate location and device of the user.[21]

Another example of the type of data that is shared is metadata.[22] BetterHelp can share information about how long someone uses the app, how long the therapy sessions are, how long someone spends sending messages on the app, what times someone logs into the app, what times someone sends a message or speaks to their therapists, the approximate location of the user, how often someone opens the app, and so on.[23] According to the ACLU, data brokers, Facebook, and Google were found to be among the recipients of other information shared from BetterHelp.[24]

It is also important to note that deleting an account may not remove all of your personal information, and there is no way of knowing what data will remain.[25] It remains unclear how long sensitive information that has been collected and retained could be available for use by the app.

What Solutions Are There?

The U.S. Department of Health and Human Services recently released updated guidance on HIPAA, confirming that the HIPAA Privacy Rule does not apply to most health apps because they are not “covered entities” under the law.[26]  Additionally, the FDA put out guidance saying that it is going to use its enforcement discretion when dealing with mental health apps.[27] This means that if the privacy risk seems to be low, the FDA is not going to enforce or chase these companies.[28]

Ultimately, if mental telehealth services are here to stay, HIPAA will need to be expanded to cover the currently unregulated field of mental health apps. HIPAA and state laws would need to be specifically amended to include digital app-based platforms as covered entities.[29] These mental health apps are offering telehealth services, similar to any healthcare provider that is covered by HIPAA. Knowledge that personal data is being shared so freely by mental health apps often leads to distrust, and due to those privacy concerns, many users have lost confidence in them. In the long run, regulatory oversight would increase the pressure on these companies to show that their service can be trusted, potentially increasing their success by growing their trust with the public as well.

Notes

[1] Gary Drenik, The Future of Telehealth in a Post-Pandemic World, Forbes, (Jun. 2, 2022), https://www.forbes.com/sites/garydrenik/2022/06/02/the-future-of-telehealth-in-a-post-pandemic-world/?sh=2ce7200526e1.

[2] Id.

[3] Id.

[4] Madjid Karimi, et. al., National Survey Trends in Telehealth Use in 2021: Disparities in Utilization and Audio vs. Video Services, Office of Health Policy (Feb. 1, 2022).

[5] Shreya Tewari, How to Navigate Mental Health Apps that May Share Your Data, ACLU (Sep. 28, 2022).

[6] Justin Lo, et. al., Telehealth has Played an Outsized Role Meeting Mental Health Needs During the Covid-19 Pandemic, Kaiser Family Foundation, (Mar. 15, 2022), https://www.kff.org/coronavirus-covid-19/issue-brief/telehealth-has-played-an-outsized-role-meeting-mental-health-needs-during-the-covid-19-pandemic/.

[7] Id.

[8] Supra note 1.

[9] Id.

[10] Heather Landi, With Consumers’ Health and Privacy on the Line, do Mental Wellness Apps Need More Oversight?, Fierce Healthcare, (Apr. 21, 2021), https://www.fiercehealthcare.com/tech/consumers-health-and-privacy-line-does-digital-mental-health-market-need-more-oversight.

[11] Peter Simons, Your Mental Health Information is for Sale, Mad in America, (Feb. 20, 2023), https://www.madinamerica.com/2023/02/mental-health-information-for-sale/.

[12] Supra note 5.

[13] Supra note 11.

[14] Id.

[15] Deb Gordon, Using a Mental Health App? New Study Says Your Data May Be Shared, Forbes, (Dec. 29, 2022), https://www.forbes.com/sites/debgordon/2022/12/29/using-a-mental-health-app-new-study-says-your-data-may-be-shared/?sh=fe47a5fcad2b.

[16] Id.

[17] Supra note 11.

[18] Id.

[19] Supra note 5.

[20] Id.

[21] Id.

[22] Id.

[23] Id.

[24] Id.

[25] Supra note 5.

[26] Id.

[27] Supra note 10.

[28] Id.

[29] Supra note 11.


Saving the Planet With Admin Law: Another Blow to Tax Exceptionalism

Caroline Moriarty, MJLST Staffer

Earlier this month, the U.S. Tax Court struck down an administrative notice issued by the IRS regarding conservation easements in Green Valley Investors, LLC v. Commissioner. While the ruling itself may be minor, the court may be signaling a shift away from tax exceptionalism to administrative law under the Administrative Procedures Act (“APA”), which could have major implications for the way the IRS operates. In this post, I will explain what conservation easements are, what the ruling was, and what the ruling may mean for IRS administrative actions going forward. 

Conservation Easements

Conservation easements are used by wealthy taxpayers to get tax deductions. Under Section 170(h) of the Internal Revenue Code (“IRC”), taxpayers who purchase development rights for land, then donate those rights to a charitable organization that pledges not to develop or use the land, get a deduction proportional to the value of the land donated. The public gets the benefit of preserved land, which could be used as a park or nature reserve, and the donor gets a tax break.

However, this deduction led to the creation of “syndicated conservation easements.” In this tax scheme, intermediaries purchase vacant land worth little, hire an appraiser to declare its value to be much higher, then sell stakes in the donation of the land to investors, who get a tax deduction that is four to five times higher than what they paid. In exchange, the intermediaries are paid large fees. 

Conservation easements can be used to protect the environment, and proponents of the deduction argue that the easements are a critical tool in keeping land safe from development pressures. However, the IRS and other critics argue that these deductions are abused and cost the government between $1.3 billion and $2.4 billion in lost tax revenue. Some appraisers in these schemes have been indicted for “fraudulent” and “grossly inflated” land appraisals. Both Congress and the IRS have published research about the potential for abuse. In 2022, the IRS declared the schemes one of their “Dirty Dozen” for the year, writing that “these abusive arrangements do nothing more than game the tax system with grossly inflated tax deductions and generate high fees for promoters.”

Notice 2017-10 and the Tax Court’s Green Valley Ruling

To combat the abuse of conservation easements, the IRS released an administrative notice (the “Notice”) that required taxpayers to disclose any syndicated conservation easements on their tax returns as a “listed transaction.” The notice didn’t go through notice-and-comment procedures from the APA. Then, in 2019, the IRS disallowed over $22 million in charitable deductions on Green Valley and the other petitioners’ taxes for 2014 and 2015 and assessed a variety of penalties.  

While the substantive tax law is complex, Green Valley and the other petitioners challenged the penalties, arguing that the Notice justifying the penalties didn’t go through notice and comment procedures. In response, the IRS argued that Congress had exempted the agency from notice-and-comment procedures. Specifically, the IRS argued that they issued a Treasury Regulation that defined a “listed transaction” as one “identified by notice, regulation, or other form of published guidance,” which should have indicated to Congress that the IRS would be operating outside of APA requirements when issuing notices. 

The Tax Court disagreed, writing “We remain unconvinced that Congress expressly authorized the IRS to identify a syndicated conservation easement transaction as a listed transaction without the APA’s notice-and-comment procedures, as it did in Notice 2017-10.” Essentially, the statutes that Congress wrote allowing for IRS penalties did not determine the criteria for how taxpayers would incur the penalties, so the IRS decided with non-APA reviewed rules. If Congress would have expressly authorized the IRS to determine the requirements for penalties without APA procedures in the penalty statutes, then the Notice would have been valid. 

In invalidating the notice, the Tax Court decided that Notice 2017-10 was a legislative rule requiring notice-and-comment procedures because it imposed substantive reporting obligations on taxpayers with the threat of penalties. Since the decision, the IRS has issued proposed regulations on the same topic that will go through notice and comment procedures, while continuing to defend the validity of the Notice in other circuits (the Tax Court adopted reasoning from a Sixth Circuit decision).

The Future of Administrative Law and the IRS 

The decision follows other recent cases where courts have pushed the IRS to follow APA rules. However, following the APA is a departure from the past understanding of administrative law’s role in tax law. In the past, “tax exceptionalism” described the misperception that tax law is so complex and different from other regulatory regimes that the rules of administrative law don’t apply. This understanding has allowed the IRS to make multiple levels of regulatory guidance, some binding and some not, all without effective oversight from the courts. Further, judicial review is limited for IRS actions by statute, and even if there’s review, it may be ineffective if the judges are not tax experts. 

This movement towards administrative law has implications for both taxpayers and the IRS. For taxpayers, administrative law principles could provide additional avenues to challenge IRS actions and allow for more remedies. For the IRS, the APA may be an additional barrier to their job of collecting tax revenue. At the end of the day, syndicated conservation easements can be used to defraud the government, and the IRS should do something to curtail their potential for abuse. Following notice-and-comment procedures could delay effective tax administration. However, the IRS is an administrative agency, and it doesn’t make sense to think they can make their own rules or act like they’re not subject to the APA. Either way, administrative law will likely continue to prevail in both federal courts and Tax Court, and it will continue to influence tax law as we know it.


Electric Vehicles: The Path of the Future or a Jetson-Like Fantasy?

James Challou, MJLST Staffer

Last week President Biden contributed to the already growing hype behind electric vehicles when he heralded them as the future of transportation. Biden touted that $7.5 billion from last year’s infrastructure law, Public Law 117-58, would be put toward installing electric vehicle charging stations across the United States. This mass rollout of electric vehicle chargers, broadly aimed to help the US meet its goal of being carbon neutral by 2050, constitutes an immediate effort by the Biden administration to tackle pollution in the sector responsible for the largest share of the nation’s greenhouse gas emissions: transportation. The administration’s short-term goal is to install half a million chargers by 2030. However, not all are as confident as President Biden that this movement will be efficacious.

The “Buy America” Obstacle

Despite President Biden’s enthusiasm for this commitment to funding widespread electric vehicle charging stations, many experts remain skeptical that supply can keep up with demand. Crucially, Public Law 117-58 contains a key constraint, dubbed the “Buy America” rule, that mandates federal infrastructure projects obtain at least 55% of construction materials, including iron and steel, from domestic sources and requires all manufacturing to be done in the U.S.

Although labor groups and steel manufacturers continue to push for these domestic sourcing rules to be enforced, other groups like automakers and state officials argue that a combination of inflation increasing the cost of domestic materials and limited domestic production may hamstring the push towards electric vehicle charging accessibility altogether. One state official stated, “A rushed transition to the new requirements will exacerbate delays and increase costs if EV charging equipment providers are forced to abruptly shift component sourcing to domestic suppliers, who in turn may struggle with availability due to limited quantities and high demand.”

Proponents of a slower implementation offer a slew of different solutions ranging from a temporary waiver of the Buy America rules until domestic production can sustain the current demand, to a waiver of the requirements for EV chargers altogether. The Federal Highway Administration, charged with oversight of the EV charger program, proposed an indeterminate transitional period waiver of the Buy America rules until the charger industry and states are prepared to comply with requirements.

Domestic Manufacturer Complications

Domestic manufacturers are similarly conflicted about the waiver of the Buy America rules, with some thinking they may not be able to meet growing demand. While many companies predict they can meet Buy America production requirements in the future, the Federal Highway Administration specified in its waiver proposal that a mere three manufacturers, all based in California, presently believe they have existing fast charger systems that comply with Buy America requirements.

Predictably, the waiver proposal is divisive amongst domestic manufacturers. Some companies are onboard with the waiver and requested even more flexibility. This includes automakers like Ford and General Motors, who say that a process of moving all supply chains to the US demands more time, particularly at the scale necessary to match the surge in federal funding. This is largely seen as the most stakeholder friendly move as it offers companies the opportunity to use the duration of the waiver to see if a clear competitive market materializes which in turn benefits stakeholders.

Contrarily, others have asked for the waiver period to be shortened to allow them to quickly recoup their investments into Buy America compliant manufacturing upgrades. Some companies are even more aggressive; they oppose the waiver altogether and argue that the waiver would disadvantage manufacturers that intentionally put money into meeting the Buy America requirements. These companies posit that domestic manufacturing provides immediate benefits like augmenting supply chain security and electric-vehicle cybersecurity and warn against dependency on foreign governments for electrical steel needs. They further add that the Buy America rule will fuel growth in the US market and create manufacturing jobs. Labor groups and some lawmakers have adopted this stance as one lawmaker from Ohio commented, “[f]ederal agencies should implement the new Buy America provisions as quickly as possible to give American companies the certainty they need to move forward with investments.”

Other Implementation Difficulties

 The inclusion of the Buy America rule in this legislation is not the only aspect of the EV charging project that has generated considerable debate. Regional challenges pose more of an issue than originally anticipated. Although many states reported common potential hurdles like vandalism, range anxiety, supply chain, and electricity challenges, unique geographic problems have also arisen. For example, Nebraska reported in its plan that a shift to electric vehicles could decrease revenue collection from gas tax. Iowa aired out concerns about stations being hit by and damaged by snow plows. Michigan cited rodent damage as a potential concern. Finally, Oklahoma flagged political opposition to the chargers as a problem that could be both pervasive and fatal to the overall electric charging process.

Moreover, the law caught a substantial amount of flak for a curious decision to skip interstate rest stops when installing the EV charging stations. Although at first glance this would appear to be a pivotal oversight, it stems from a 1956 law that restricts commercial activity, in this case including electric car charging, at rest stops. The Federal Highway Administration, to alleviate these concerns, issued guidance that says electric vehicle chargers should be “as close to Interstate Highway Systems and highway corridors as possible” and generally no more than one mile from the exit. Furthermore, some of the older rest stops are excluded from the 1956 guidance. However, this is not enough to sate critics as many continue to fight for the 1956 law to be changed. They claim that the existence of the restriction drastically inconveniences drivers, planners, and vehicles while potentially creating a wealth disparity by forcing low-income families, who traditionally rely more on public rest areas, to avoid purchasing electric vehicles.

Conclusion

President Biden deserves to be lauded for his ambitious plan for electric vehicles which attempts to square combating the effects of climate change with preserving American manufacturing while simultaneously improving infrastructure. It is worth questioning whether the law would be more effective if it simply focused its efforts on one of these areas. As a commentator at the Cato Institute noted, “The goal of infrastructure spending should be better infrastructure — and if you’re trying to pursue policies to mitigate climate change, well that should be the overall goal … Anything that hinders that should be avoided.”  Only time will reveal the answer to this question.


Whisky Is for Drinking, Water Is for Fighting

Poojan Thakrar, MJLST Staffer

The American Southwest often lives in our imagination as an arid environment with tumbleweeds strewn about. This hasn’t been truer in centuries, as the Colorado River is facing its worst drought in 1200 years, in large part because of climate change.[1] The Colorado River is the region’s most important river, providing drinking water to about 40 million people.[2] In June, the federal government gave the seven states[3] that rely on the water two months to draft a water conservation agreement or risk federal intervention. The states blew past that deadline and the DOI’s Bureau of Reclamation imposed cuts to water usage as high as 21%.[4]

The History of the Modern Colorado River Allocation System

In 1922, the Colorado River Compact allocated an annual amount of 15 million acre-feet (maf) evenly between the Upper and Lower Basin states.[5] One acre-foot represents the volume of water that covers one acre in one foot of water and is about the amount of water that a family of four uses annually.[6] However, relying on 15 maf was already problematic; data from the past three centuries showed that the Colorado River has average flows of 13.5 maf, with some years as low as 4.4 maf.[7] 

Moreover, Arizona refused to sign this compact, arguing that water should be allocated amongst individual states instead of between river basins.[8] Tensions flared in 1935 as Arizona moved National Guard troops to the California border in protest of a new dam.[9] Arizona finally ratified the compact in 1944, but the disagreements were far from over.[10] 

Arizona also brought a case to the Supreme Court for a related dispute, asking the Supreme Court to allocate how each basin splits water according to the Boulder Canyon Project Act of 1928.[11] Originally filed in 1952, Arizona v. California was not resolved until a Supreme Court opinion in 1963.[12] In the end, the Supreme Court accepted the recommendations of a court-appointed Special Master, whose findings California disagreed with. Of the 7.5 maf allocated to the Lower River Basin, 4.4 maf was allocated to California, 2.8 maf to Arizona and 0.3 to Nevada.[13] The court affirmed each state’s use of their own tributary waters, which Arizona argued for.[14] The case also affirmed the Secretary of the Interior’s authority under the Boulder Canyon Project Act to allocate water amongst the states irrespective of their agreement to a compact.[15] Ultimately, this was a victory for Arizona. 

Colorado River water use has been less contentious since Arizona v. California. The Upper Basin states of Colorado, Utah, Wyoming, and New Mexico signed a contract to divide their 7.5 maf amongst themselves without the need for federal intervention.[16] However, because of comparatively less development in these Upper Basin states, they collectively only use 4.4 maf of their allocated 7.5 maf.[17] California has historically enjoyed the excess and has often historically surpassed its own allocation.[18]

Modern Water Allocation

Until this year, the seven Colorado River states have relied on voluntary agreements and cutbacks to manage water allocation. For example, in 2007, the states agreed to rules which decreased the amount of water that can be drawn from reservoirs when levels are low.[19] In 2019, they agreed to Drought Contingency Plans (DCPs) in the face of waning reservoir levels.[20] It was under this new DCP that the Bureau of Reclamation first announced a drought in August of 2021.[21] Later that December, the Lower Basin states were able to come to an agreement regarding the drought declaration to keep more water in Lake Mead, a reservoir on the Colorado.[22]

However, the December 2021 cutbacks were presumably not enough. In June of 2022, Bureau of Reclamation Commissioner Camille Calimlim Touton testified in front of the Senate Energy Committee about the dire situation on the Colorado.[23] She testified that Lake Powell and Lake Mead, both reservoirs on the Colorado, cannot sustain the current level of water deliveries.[24] Commissioner Tounton gave the seven states 60 days to agree how to conserve 2 to 4 maf.[25] 

Underlying this recent situation is the megadrought that the western United States has suffered since 2000.[26] The last 20 years have been the driest two decades in the past 1200 years.[27] The Colorado River states have become remarkably adept at conserving water in that time. For example, the Las Vegas basin’s population has grown by 750,000 in the past 20 years, but its water usage is down 26%.[28] Earlier this year, Los Angeles banned lawn watering to only one day a week, much to the chagrin of Southern California’s most famous residents.[29] 

Commissioner Tounton’s 60 day deadline came and went without an agreement.[30] During a speech on August 15th of this year, Commissioner Tounton mandated that the seven states have to cut their water usage by 1 maf, roughly the amount of water usage of four million people.[31] However, the cuts were not proportioned equally. Arizona was mandated to cut its water by 21% because of the old water agreements, while California was not required to make any.[32]

More recently on October 5th, several California water districts volunteered cuts of almost one-tenth of their total allocation.[33] California conditioned these cuts upon other states agreeing to similar reductions, as well as on incentives from the federal government.[34] California’s cuts are significant, representing roughly 0.4 maf of the 1 maf that Commissioner Tounton asked states to conserve in her August 15th statement.[35] This represents a bold, good-faith move considering California was not mandated to make any. However, there is no doubt that these ad hoc negotiations are unsustainable. As the drought continues, Colorado River water policy will have implications on how food is grown and where people live. The 40 million people that live in the American Southwest may see their day-to-day lives affected if a solution is not crafted. Ultimately, this situation is far from over as states are forced to come to grips with a new water and climate reality.

Notes

[1] The Journal, The Fight Over Water In The West, Wall Street Journal, at 00:50 (Aug. 23, 2022) (downloaded using Spotify).

[2] Luke Runyon, 7 states and federal government lack direction on cutbacks from the Colorado River, NPR (Aug. 27, 2022, 5:00 AM) https://www.npr.org/2022/08/27/1119550028/7-states-and-federal-government-lack-direction-on-cutbacks-from-the-colorado-riv.

[3] Wyoming, Colorado, Utah, and New Mexico are considered Upper Basin states and California, Arizona and Nevada are the Lower Basin states.

[4] The Journal, supra note 1, at 12:30.

[5] Joe Gelt, Sharing Colorado River Water: History, Public Policy and the Colorado River Compact, The University of Arizona (Aug. 1997), https://wrrc.arizona.edu/publications/arroyo-newsletter/sharing-colorado-river-water-history-public-policy-and-colorado-river.

[6] The Journal, supra note 1, at 8:08.

[7] Gelt, supra note 5.

[8] Id.

[9] Nancy Vogel, Legislation fixes borders wandering river created; Governors of Arizona, California sign bills to get back land the Colorado shifted to the wrong state, Contra Costa Times, Sept. 13, 2002.

[10] Gelt, supra note 5.

[11]  Arizona v. California, 373 U.S. 546 (1963).

[12] Supreme Court Clears the Way for the Central Arizona Project, Bureau of Reclamation https://www.usbr.gov/lc/phoenix/AZ100/1960/supreme_court_AZ_vs_CA.html.

[13] Arizona v. California, 373 U.S. 546, 565, 83 S. Ct. 1468, 1480 (1963).

[14] Id.

[15] Id.

[16] Gelt, supra note 5.

[17] Heather Sackett, Water managers set to talk about how to divide Colorado River, Colorado Times (Dec. 13, 2021) https://www.steamboatpilot.com/news/water-managers-set-to-talk-about-how-to-divide-colorado-river.

[18] Gelt, supra note 5.

[19] Lower Colorado River States Reach Agreement to Reduce Water Use, Renewable Natural Resources Foundation (Feb. 4, 2022) https://rnrf.org/2022/02/lower-colorado-river-states-reach-agreement-to-reduce-water-use/.

[20] Id.

[21] Id.

[22] Id.

[23] Marianne Goodland, Reclamation official tells Colorado River states to conserve up to 4 million acre-feet of water, Colorado Politics(June 15, 2020) https://www.coloradopolitics.com/energy-and-environment/reclamation-official-tells-colorado-river-states-to-conserve-up-to-4-million-acre-feet-of/article_376a907a-ece6-11ec-b0ba-6b2e72447497.html.

[24] Id.

[25] Id.

[26] Ben Adler, ‘Moment of reckoning:’ Federal official warns of Colorado River water supply cuts, Yahoo News (June 15, 2020) https://news.yahoo.com/moment-of-reckoning-federal-official-warns-of-colorado-river-water-supply-cuts-171955277.html.

[27] Id.

[28] The Journal, supra note 1, at 5:50.

[29] Id. at 6:10.

[30] Id. at 8:55.

[31] Id. at 10:05.

[32] Id.

[33] Marketplace, Why women have been left behind in the job recovery, American Public Media, at 11:35 (Oct. 6, 2022) (downloaded using Spotify).

[34] Id.

[35] Ian James, More water restrictions likely as California pledges to cut use of Colorado River supply, L.A. Times, (Oct. 6, 2022) https://www.latimes.com/california/story/2022-10-06/southern-california-faces-new-water-restrictions-next-year.