PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

Encryption Backdoors - Kafkaesque

By Daniel J. Solove

Proponents for allowing government officials to have backdoors to encrypted communications need to read Franz Kafka.  Nearly a century ago, Kafka deftly captured the irony at the heart of their argument in his short story, “The Burrow.”

After the Paris attacks, national security proponents in the US and abroad have been making even more vigorous attempts to mandate a backdoor to encryption.

Continue Reading

The Growing Problems with the Sectoral Approach to Privacy Law

Sectoral Omnibus Privacy Regulation

By Daniel J. Solove

The US regulates privacy with a sectoral approach, with laws that are directed only to specific industries.  In contrast, the EU and many other countries have an omnibus approach — one overarching law that regulates privacy consistently across all industries.  The US is an outlier from the way most countries regulate privacy.

About 15 years ago, the sectoral approach was hailed by many US organizations as vastly preferable to an omnibus approach.  Each industry wanted to be regulated differently, in a more nuanced way focused on its particular needs.  Industries could lobby and exert their influence much more on laws focused on their industry.  Additionally, some organizations liked the sectoral approach because they fell into one of the big gaps in regulation.

But today, ironically, the sectoral approach is not doing many organizations any favors.  There are still gaps in protection under the US approach, but these have narrowed.  In fact, many organizations do not fall into gaps in protection — they are regulated by many overlapping laws.  The result is a ton of complexity, inconsistency, and uncertainty in the law.

Continue Reading

Sunken Safe Harbor: 5 Implications of Schrems and US-EU Data Transfer

sunken safe harbor

By Daniel J. Solove

In a profound ruling with enormous implications,the European Court of Justice (ECJ) has declared the Safe Harbor Arrangement to be invalid.

[Press Release]  [Opinion]

The Safe Harbor Arrangement

The Safe Harbor Arrangement has been in place since 2000, and it is a central means by which data about EU citizens can be transferred to companies in the US.  Under the EU Data Protection Directive, data can only be transferred to countries with an “adequate level of protection” of personal data.  The EU has not deemed the US to provide an adequate level of protection, so Safe Harbor was created as a work around.

Continue Reading

Should the U.S. Play By Different Rules in Cyberspace?

Flag

Recently, oral arguments were heard in a very important case in the U.S. Court of Appeals for the Second Circuit. The case is officially titled In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation, but it is being referred to as Microsoft v. United States for short.

Continue Reading

Facebook Privacy Sherpas, the Internet of Things, and Other Privacy + Security Updates

p+s update image

By Daniel J. Solove and Paul M. Schwartz

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading