Internet

All Signs Point Toward New Speed Limits on the Information Superhighway

November 11, 2013
Administrative Law, Internet

by Matt Mason, UMN Law Student, MJLST Staff

The net neutrality debate, potentially the greatest hot-button issue surrounding the Internet, may be coming to a (temporary) close. After years of failed attempts to pass net neutrality legislation, the D.C. Circuit will soon rule as to whether the FCC possesses the regulatory authority to impose a non-discrimination principle against large corporate ISP providers such as Verizon. Verizon, the plaintiff in the case, alleges that the FCC exceeded its regulatory authority by promulgating a non-discrimination net neutrality principle. In 2010, the FCC adopted a number of net neutrality provisions, including the non-discrimination principle, in order to prevent ISPs like Verizon from establishing “the equivalents of tollbooths, fast lanes, and dirt roads” on the Internet. Marvin Ammori, an Internet policy expert, believes that based on the court’s questions and statements at oral argument, the judges plan to rule in favor of Verizon. Such a ruling would effectively end net neutrality, and perhaps the Internet, as we know it.

The D.C. Circuit Court is not expected to rule until late this year or early next year. If the D.C. Circuit rules that the FCC does not have the regulatory power to enforce this non-discrimination principle, companies such as AT&T and Verizon will have to freedom to deliver sites and services in a faster and more reliable fashion than others for any reason at all. As Ammori puts it, web companies (especially start-ups) will now survive based on the deals they are able to make with companies like Verizon, as opposed to based on the “merits of their technology and design.”

This would be terrible news for almost everyone who uses and enjoys the Internet. The Internet would no longer be neutral, which could significantly hamper online expression and creativity. Additional costs would be imposed on companies seeking to reach users, which would likely result in increased costs for users. Companies that lack the ability to pay the higher fees would end up with lower levels of service and reliability. The Internet would be held hostage and controlled by only a handful of large companies.

How the FCC will respond to the likely court ruling rejecting its non-discrimination principle is uncertain. Additionally, wireless carries such as Sprint, have begun to consider the possibility of granting certain apps or service providers preferential treatment or access to customers. Wireless phone carriers resist the application of net neutrality rules to their networks, and appear poised to continue to do so despite the fact that network speeds are beginning to equal those on traditional broadband services.

In light of the FCC potentially not having the regulatory authority to institute net neutrality principles, and because of the number of failed attempts by Congress to pass net neutrality legislation, the question of what can be done to protect net neutrality has no easy answers. This uncertainty makes the D.C. Circuit’s decision even more critical. Perhaps the consumer, media, and web company outcry will be loud enough to create policy change following to likely elimination of the non-discrimination rule. Maybe Congress will respond by making the passage of net neutrality legislation a priority. Regardless of what happens, it appears as though we will soon see the installation of speed limits on the information superhighway.

Cyber Security Investigation and Online Tracking

May 14, 2013
Cyber Security, Internet

by Ude Lu, UMN Law Student, MJLST Staff.

Ude-Lue.jpgOn April 18th, 2013, Cyber Intelligence Sharing and Protection Act (CISPA) was passed with wide spread controversies. CISPA aims to help national security agencies to investigate cyber threats by allowing private companies, such as Google and Facebook, to search users’ personal data to identify possible threats. Commentators argue that CISPA compromises the Fourth Amendment, because, under CISPA, agencies can get privacy data of suspects identified by the privacy companies without a judicial order. CISPA bridges the gap between crime investigations and the privacy data stored and analyzed by social media companies.

Google and Facebook regularly track their user’s online behaviors, such as websites they visited or products they purchased, to figure out their personal preferences to perform targeted advertisements. These personal behavior analyses raise serious privacy concerns. Omer Tene and Jules Polonetsky in their article published in Volume 13 Issue 1 of the Minnesota Journal of Law Science and Technology, To Track or “Do Not Track: Advancing Transparency and Individual Control in Online Behavioral Advertising discussed these privacy concerns.

Tene and Polonetsky described that while targeted advertisement provides many advantages, one particular criticism is that users are deprived from meaningful control of their data. This led to various administrative proposals in the US and EU. In the US, FTC proposed “Do Not Track”, a signal sent by users’ browser to internet content providers requesting them not to track cookies. In the EU, the e-Privacy Directive required an opt-in consent for cookie tracking. The authors argue that whether cookie tracking should be “opt-in” or “opt-out” depends on how tracking is valued by the society. If the society in general values tracking as a positive measure to provide valuable services, then opt-out should be applied. On the contrary, if tracking is viewed by the society as an invasion to privacy, then opt-in should be applied.

Cybersecurity: Serious threat or “technopanic”?

April 17, 2013
Cyber Security, Internet, Law Enforecement

by Bryan Dooley, UMN Law Student, MJLST Staff

Thumbnail-Bryan-Dooley.jpgWhile most would likely agree that threats to cybersecurity pose sufficient risk to warrant some level of new regulation, opinions vary widely on the scope and nature of an appropriate response. FBIwebsite-sm-border.jpgThe Cyber Intelligence Sharing and Protection Act, one of several proposed legislative measures intended to address the problem, has drawn widespread criticism. Concerns voiced by opponents have centered on privacy and the potential for misuse of shared information. Some fear the legislation creates the potential for additional harm by allowing or encouraging private parties to launch counterattacks against perceived security threats, with no guarantee they will always hit their intended targets.

In Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle</strong>, published in Issue 14.1 of the Minnesota Journal of Law, Science & Technology, Adam Thierer discusses the danger of misguided regulation in response to new and potentially misunderstood technological developments. The discussion centers on what Thierer terms “technopanics”–hasty and often irrational pushes to address a problem in the face of uncertainty and misinformation, sometimes intentionally disseminated by parties who hope to benefit financially or advance a social agenda.

In the context of cyber security, Thierer argues that advocates of an aggressive regulatory response have exaggerated the potential for harm by using language such as “digital Pearl Harbor” and “cyber 9/11.” He argues technopanics have influenced public discourse about a number of other issues, including online pornography, privacy concerns associated with targeted advertising, and the effects of violent video games on young people. While these panics often pass with little or no real lasting effect, Thierer expresses concern that an underlying suspicion toward new technological developments could mature into a precautionary principal for information technology. This would entail a rush to regulate in response to any new development with a perceived potential for harm, which Thierer argues would slow social development and prevent or delay introduction of beneficial technologies.

It’s an interesting discussion. Whether or not cyber attacks pose the potential for widespread death and destruction, there is significant potential for economic damage and disruption, as well as theft or misuse of private or sensitive information. As in any case of regulation in the face of uncertainty, there is also clear potential that an overly hasty or inadequately informed response will go too far or carry unintended consequences.

Threats From North Korea: Switching Our Focus From Nuclear Weapons to Websites

April 8, 2013
Cyber Security, Internet, Law Enforecement

by Bryan Morben, UMN Law Student, MJLST Staff

Thumbnail-Bryan-Morben.jpgThere has been a lot of attention on North Korea and the possibility of a nuclear war lately. In fact, as recently as April 4, 2013, news broke that the increasingly hostile country moved medium-range missiles to its east coastline. It is reported that the missiles do not have enough range to hit the U.S. mainland, but is well within range of the South Korean capital. Tensions have been running high for several months, especially when the North took the liberty to shred the sixty year old armistice that ended the Korean War, and warned the world that “the next step was an act of ‘merciless’ military retaliation against its enemies.”

But perhaps the use of physical force by leader Kim Jong Un is not the only, or even the most important threat, from North Korea that the United States and its allies should be worried about. Despite the popular impression that North Korea is technologically inept, the regime boasts a significant cyber arsenal. The country has jammed GPS signals and also reportedly conducted cyber terrorism operations against media and financial institutions in the South. North Korea employs a host of sophisticated computer hackers capable of producing anonymous attacks against a variety of targets including military, governmental, educational, and commercial institutions. This ability to vitiate identity is one of the most powerful and dangerous parts about cyber warfare that isn’t possible in the physical world.

Susan Brenner is an expert in the field cyberwar, cybercrime, and cyber terrorism. She has been writing about how and why the institutions modern nation-states rely on to fend off the threats of war, crime, and terrorism have become ineffective as threats have migrated into cyberspace for over half a decade. Her article, Cyber-threats and the Limits of Bureaucratic Control, in Issue 14.1 of the Minnesota Journal of Law, Science & Technology outlines why we need a new threat-control strategy and how such a strategy could be structured and implemented. A strategy like the one Brenner recommends could help protect us from losing a cyberbattle with North Korea that most people aren’t even aware could happen.

21st Century Problem: Authentication of Prisoner Facebook Status Updates

March 6, 2013
Criminal Law, Internet, Social Media

by Eric Maloney, UMN Law Student, MJLST Staff

Thumbnail-Eric-Maloney.jpgFacebook has become a part of everyday life for people around the world. According to Mark Zuckerberg and Co., over one billion people (yes, with a “B”) are active on Facebook every month, with an average of more than 600 million active users every day in December 2012. Disregarding bogus or duplicate accounts, that means roughly one-seventh of the entire human population is active on Facebook every month (with the world population currently sitting somewhere in the neighborhood of seven billion people).

Apparently, Facebook has become so commonplace and ingrained in the daily routine of some that they feel the need to use the social networking service from the privacy of their prison cells.

A Harlem gang member named Devin Parsons has decided to cooperate with the government against fellow members of his gang, and is currently incarcerated while trial is pending. Instead of having the usual prison contraband smuggled in, he obtained a mobile phone and used it to post Facebook status updates under an assumed name. According to Trial Judge William H. Pauley III:

In some posts, Parsons reflected on his life in jail:

“everybody wanna live but don’t wanna die”;
“Life is crazy thay only miss yu ifyu dead or in jail”; and
“G.o.n.e”

In others, Parsons posted about his cooperation:

“I’m not tellin on nobody from HARLEM but I can give up some bx n****s that got bodys”; and
“be home sooner then yaH hereing 101[.]”

While not exactly “Letter from Birmingham Jail,” Parsons was surprisingly bold about disclosing the fact of his cooperation and about the risk of getting caught with a banned cell phone by the prison administration. The gang against which Parsons is testifying is charged with multiple counts of narcotics trafficking and murder, among other things.

One of the defendants in the case, Melvin Colon, sought to compel the disclosure of these postings under the Brady rule, which requires the government to release evidence to the defense before trial if the evidence is favorable to the defendant. Judge Pauley held that the government was not obligated to turn these postings over to Colon; for various reasons, the government was never in actual possession of the Facebook statuses and therefore had no duty to disclose under Brady.

This case highlights the continually growing relevance that Facebook and other social media data has in legal proceedings. In fact, this is not even the first ruling about Facebook in this case; the defendant Colon had earlier moved to suppress his own Facebook postings which the prosecution sought to introduce. Judge Pauley denied this motion as well, holding that Colon’s sharing of the postings with his Facebook “friends” meant he lacked a reasonable expectation of privacy in them.

A background issue in this case was the idea of authenticity of the Facebook poster; because Parsons was posting under a fake name, both sides were unaware of his conduct until after the account had already been deactivated. While not contested here, ensuring that the Facebook information originated from the user is an increasingly important evidentiary consideration as more and more of this data is used in both civil and criminal contexts.

Professor Ira P. Robbins laid out a possible framework for authenticating social networking evidence in his Minnesota Journal of Law, Science & Technology article “Writings on the Wall: The Need for an Authorship-Centric Approach to the Authentication of Social-Networking Evidence.” While voicing significant concerns about the current lack of a required nexus between the online content and its real-life poster, he proposed detailed admissions criteria for social network postings. He offered several factors to be examined by judges in making rulings about such data, including who owns the account, how secure the account is, and how / when the post in question was created.

As Facebook and other social networking information becomes increasingly important to the outcomes of legal cases, a framework like this is essential to bring our procedures in line with the nature of 21st century evidence and to ensure our system continues to meet Due Process standards. Digital evidence is largely unexplored territory for jurists and scholars alike, and it’s my hope that evidentiary standards like those proposed by Professor Robbins are seriously considered by the legal community.

Time for a New Approach to Cyber Security?

February 18, 2013
Cyber Security, Internet, Law Enforecement

by Kenzie Johnson, UMN Law Student, MJLST Managing Editor

Kenzie Johnson The recent announcements by several large news outlets including the New York Times, Washington Post, Bloomberg News, and the Wall Street Journal reporting that they have been the victims of cyber-attacks have yet again brought cyber security into the news. These attacks reportedly all originated in China and were aimed at monitoring news reporting of Chinese issues. In particular, the New York Times announced that Chinese hackers persistently attacked their servers for a period of four months and obtained passwords for reporters and other Times employees. The Times reported that the commencement of the attack coincided with a story it published regarding mass amounts of wealth accumulated by the family of Chinese Prime Minister Wen Jiabao.

It is not only western news outlets that are the targets of recent cyber-attacks. Within the past weeks, the United States Department of Energy and Federal Reserve both announced that hackers had recently penetrated their servers and acquired sensitive information.

This string of high-profile cyber-attacks raises the need for an improved legal and response structure to deal with the growing threat of cyber-attacks. In the forthcoming Winter 2013 issue of Minnesota Journal of Law, Science, and Technology, Susan W. Brenner discusses these issues in an article entitled “Cyber-Threats and the Limits of Bureaucratic Control.” Brenner discusses the nature, causes, and consequences of cyber-threats if left unchecked. Brenner also analyzes alternative approaches to the United States’ current cyber-threat control regime, criticizes current proposals for improvements to the current regime, and proposes alternative approaches. As illustrated by these recent cyber-attacks, analysis of these issues is becoming more important to protect sensitive government data as well as private entities from cyber-threats.

While 86% of Americans Oppose Behavioral Targeting of Voters, Campaigns Embrace It

December 5, 2012
Elections, Internet

by Bobbi Leal, UMN Law Student, MJLST Articles Editor

Thumbnail-Bobbi-Leal-ii.jpgWith the dramatic 2012 Presidential election behind us, new information about the campaign funds are being released. A recent Huffington Post article outlining the campaign funds allotted toward the mining and analysis of internet data about potential voters. President Obama and Mitt Romney’s campaigns spent a combined total of $13 million dollars on this controversial practice.

The Minnesota Journal of Law Science and Technology’s recent publication, “It’s the Autonomy, Stupid: Political Data-Mining and Voter Privacy in the Information Age,” points out that campaigns utilize data mining as a way to more effectively target voters. The mined data includes information gleaned or purchased from both public and private sources. To make use of the internet’s information on the individual, the campaigns use algorithms that match the attitudes of voters on specific issues with individual behaviors and tendencies. The individual behaviors they might look at include where you shop, which team you root for, which petitions you sign, who your friends are, and even what mobile device you use.

With a continued decrease in the number of undecided voters, the practice of using digital data to target particular individuals is an effective one. Further, online targeting can reach voters who would normally have no access to traditional campaigning, such as those in remote counties.

A study by the University of Pennsylvania Annenberg School of Communications revealed that a large majority of Americans (86%) are against behavioral targeting and tailored advertising for political or other purposes. However, privacy practices in the political context are not regulated like in the commercial sector due to protections afforded by political speech.

Six Strikes and You’re Out: Can a New RIAA Policy Solve Old Online File Sharing Problems?

December 4, 2012
Intellectual Property, Internet, Social Media

by Ian Birrell

Thumbnail-Ian-Birrell.jpgSince at least 1999 when Napster was originally launched, internet piracy, or downloading copyrighted materials (especially songs, videos, and games,) has been a contentious activity. The Recording Industry Association of America (RIAA) has historically taken a very public and aggressive stance by finding individuals associated with IP addresses matching those where this “file sharing” is coming from. After finding such a target, the RIAA would send a letter demanding a settlement for thousands of dollars or threatening litigation, risky and expensive to the target, despite a potentially very small monetary value of downloaded material. The RIAA suits, which have continued for a number of years, include a number of well publicized absurd claims.

This journal has written on the RIAA policies before. In 2008, we published a student note by Daniel Reynolds named The RIAA Litigation War on File Sharing and Alternatives more Compatible with Public Morality. Reynolds argued then that the policies were ineffective and unconscionable and urged change.

Change is coming. Later this year, after a number of years in development, a number of major carriers are planning to institute a “six-strikes” plan. This is a voluntary agreement between ISPs and certain content providers (the government is not involved,) and is made to target peer-to-peer downloading. The plan has a notice phase, an acknowledgement phase, and a mitigation phase. Under the plan, a private carrier – say, Time Warner – will first notify a user that there has been an allegation of illegal copyright activity, then force a user who may be infringing (and who may or may not own the account) to acknowledge having received such notices, before the user finally suffers consequences. These consequences can include throttling of internet speed or having popular websites blocked.

Proponents point to a few positives under this proposal, including the user’s right to appeal to an independent arbitrator (for a $35 fee.) Additionally, though lawsuits are still permitted by copyright holders, the hope is that the system will educate the public about copyright infringement and that, on notice that their behavior is illegal, infringement will at least slow down. Ron Wheeler, a Senior VP at Fox, said that, “This system is not designed to produce lawsuits–it’s designed to produce education.

Unfortunately, a lack of education may not be the underlying problem. Reynolds noted that, even in 2004, awareness of the (il)legality of file sharing was widespread. And increasing awareness may not sharply decrease infringement. Critics further note that, despite the safeguards, penalties are ultimately based on accusations rather than definite findings of infringement. If the system ultimately works, though, it may be worth the headaches for both sides. Consumers will not be able to infringe (as much) but the public will also not suffer suits against twelve-year-olds for sharing music.

Growth of Social Media Outpaces Traditional Evidence Rules

November 14, 2012
Internet, Litigation, Social Media

by Sabrina Ly

Thumbnail-Sabrina-Ly.jpg Evidence from social networking websites is increasingly involved in a litany of litigation. Although the widespread use of social media can lead to increased litigation, as well as increasing the cost of litigation, use of social media has assisted lawyers and police officers in proving cases and solving crimes. In New Jersey, for example, two teenage brothers were arrested and charged with murder of a twelve year-old girl. What led to the two teenagers’ arrest was evidence left behind in their homes along with a Facebook post that made their mother suspicious enough to call the police. In another case, Antonio Frasion Jenkins Jr. had charges brought against him by an officer for making terroristic threats to benefit his gang. Jenkins posted a description of his tattoo on Facebook which stated: “My tattoo iz a pig get’n his brains blew out.” Pig is considered a derogatory term for a police officer.The tattoo also had the officer’s misspelled name and his badge number. The officer who is a part of the gang investigation team saw the Facebook post and immediately filed charges against Jenkins as he interpreted the tattoo as a direct threat against him and his family. These are two of the many situations in which social networking websites have been used as evidence to bring charges against or locate an individual.

The myriad of charges brought against an individual given evidence found on their social networking websites is the basis for Ira P. Robbin’s article “Writings on the Wall: The Need for an Author-Centric Approach to the Authentication of Social-Networking Evidence” published in Volume 13.1 of the Minnesota Journal of Law Science and Technology. Robbins begins by discussing the varying ways in which social networking websites have been used as evidence in personal injury and criminal matters. Specifically, Twitter, Facebook and Myspace postings have been deemed discoverable if relevant to the issue and admissible only if properly authenticated by the Federal Rules of Evidence. However, courts across the country have grappled with the evidentiary questions that are presented by social media. In some states, the court admitted the evidence given distinctive characteristics that created a nexus between the posting on the website and the owner of the account. In other states, the court found the proof of the nexus was lacking. Regardless, overall concerns of potential hackers or fictitious accounts created by a third-party posing as someone else create problems of authentication.

Robbins argues that the traditional Federal Rules of Evidence do not adapt well to evidence from social networking websites. Accordingly, Robbins proposes the courts adopt an author-centric authentication process that focuses on the author of the post and not just the owner of the account. Failing to adopt an authentication method for evidence obtained on social networking websites may create consequences that could harm the values and legitimacy of the judicial process. The ability to manipulate or fake a posting creates unreliable evidence that would not only undermine the ability of the fact-finder to determine its credibility but would also unfairly prejudice the party in which the evidence is presented against.

Technology is an area of law that is rapidly evolving and, as a result, has made some traditional laws antiquated. In order to keep pace with these changes, legislators and lawmakers must constantly reexamine traditional laws in order to promote and ensure fairness and accuracy in the judicial process. Robbins has raised an important issue regarding authentication of evidence in the technological world, but as it stands there is much work to be done as technological advances outpace the reformation of traditional laws that govern it.

Censorship Remains Viable in China– but for How Long?

November 6, 2012
Internet, Privacy

by Greg Singer, UMN Law Student, MJLST Managing Editor

Thumbnail-Greg-Singer.jpgIn the west, perhaps no right is held in higher regard than the freedom of speech. It is almost universally agreed that a person has the inherent right to speak their mind as he or she pleases, without fear of censorship or reprisal by the state. Yet for the more than 1.3 billion currently residing in what is one of the oldest civilizations on the planet, such a concept is either unknown or wholly unreflective of the reality they live in.

Despite the exploding amount of internet users in China (from 200 million users in 2007 to over 530 million by the end of the first half of 2012, more than the entire population of North America), the Chinese Government has remained implausibly effective at banishing almost all traces of dissenting thought from the wires. A recent New York Times article detailing the fabulous wealth of the Chinese Premier Wen Jiabao and his family members (at least $2.7 billion) resulted in the almost immediate censorship of the newspaper’s English and Chinese web presence in China. Not stopping there, the censorship apparatus went on to scrub almost all links, reproductions, or blog posts based on the article, leaving little trace of its existence to the average Chinese citizen. Earlier this year, the Bloomberg News suffered a similar fate, as it too published an unacceptable report regarding the unusual wealth of Xi Jinping, the Chinese Vice President and expected successor of current President, Hu Jintao.

In “Forbidden City Enclosed by the Great Firewall: The Law and Power of Internet Filtering in China,” published in the Winter 2012 version of the Minnesota Journal of Law, Science & Technology, Jyh-An Lee and Ching-Yi Liu explain that it is not mere tenacity that permits such effective censorship–the structure of the Chinese internet itself has been designed to allow the centralized authority to control and filter the flow of all communications over the network. Even despite the decentralizing face of content creation on the web, it appears as though censorship will remain technically possible in China for the foreseeable future.

Yet still, technical capability is not synonymous with political permissibility. A powerful middle class is emerging in the country, with particular strength in the large urban areas, where ideas and sentiments are prone to spread quickly, even in the face of government censorship. At the same time, GDP growth is steadily declining from its tremendous peak in the mid-2000s. These two factors may combine to produce a population that has the time, education, and wherewithal to challenge a status quo that will perhaps look somewhat less like marvelous prosperity in the coming years. If China wishes to enter the developed world as a peer to the west (with an economy based on skilled and educated individuals, rather than mass labor), addressing its ongoing civil rights issues seems like an almost unavoidable prerequisite.

Home | Contact Publishing Services | My Account