The first guideline for a general theory of law and technology I propose is that one must examine the basis for preexisting existing legal categories before extending them to new technology issues. Examples of the invention of the telegraph 150 years ago and the development of the Internet today help to elucidate this point.
The advent of the telegraph led to disputes over telegraph company liability for miscommunicated telegraph messages. Two different courts confronted this same issue in Parks v. Alta California Telegraph Co. and Breese v. U.S. Telegraph Co. Both courts concluded that the outcome hinged on whether a telegraph company was a common carrier. Common carriers, such as companies that transported goods, were automatically insurers of the delivery of the gonds. The Parks court concluded that telegraph companies were common carriers, and therefore liable for the loss caused by miscommunicated messages; after all, telegraph companies delivered messages just like companies that delivered physical goods also delivered messages (letters). The Breese court concluded that telegraph companies were not common carriers, reasoning that the law of contract should govern, and therefore that telegraph companies were liable for no more than the cost of the telegraph in the case of a miscommunicated message.
The problem with each courts’ analysis lies in comparing the function of the new technology to the function of the prior technology as a basis for deciding whether to handle a new legal dispute under pre-existing legal rules and categories. A decision-maker, rather, should consider the rationale for the existing legal categories in the first instance, and then determine whether that rationale applies to the new technology. In the case of the telegraph, for example, the rationale for common carrier liability may have been to institute a least-cost avoider regime and reduce transactions costs (among other reasons). This rationale may not apply to telegraphs because they offered a new, easy, cheap method of self-insurance—having the message returned to the sender to check its accuracy.
The same problems can be seen in issues concerning how to resolve disputes brought about by modern advances in communication. Students of internet law are familiar with cases in which courts prohibited the sending of unsolicited email (spam) pursuant to the ancient common law doctrine of trespass to chattels. Courts got around the requirements of physical contact with the chattel, dispossession, and impairment by considering the electronic signals to be physical, band-width to have been dispossessed, and the computer to have been impaired. While one can understand a desire to limit spam, these holdings present the same problem discussed above. In extending a doctrine developed for dispossession of a physical chattel, courts failed to realize the implications of their decisions. The holdings, for instance, would render all unsolicited email, physical mail (junk mail), telephone calls, and even advertisements on broadcast television trespass to chattels.
Preexisting legal categories may be applicable in some cases, but the only way to determine this is to examine the basis for the categories in the first instance, and whether that basis is satisfied by extension of the doctrine. Legal categories (such as common carrier) are only that—legal constructs. Such constructs may need to be revised in the face of technological change.
Wednesday, January 17, 2007
Tuesday, January 16, 2007
History Lessons for a General Theory of Law and Technology
Thank you for the introduction Frank, and thank you Gaia and Frank for organizing this discussion. I am excited to take part in it.
I want to elaborate on a theme that has been touched on in several posts and comments: whether certain legal issues that arise as a result of technological change are recurring. Stated another way, can we frame a general theory of law and technology by studying how prior law and technology issues have been handled, and developing a set of guidelines for how the legal system should respond to future law and technology issues as they arise.
I believe that examining historic responses to new legal issues brought about by technological advance reveals that we can develop such common guidelines. Considering historic responses will not provide a complete road map for responding to each new law and technology issue—such a goal is unachievable considering the wide variety of technological change and wide variety of legal disputes—but the history lessons can offer a number of useful guidelines for how to confront novel law and technology issues. In following posts I will discuss three lessons: (1) that preexisting legal categories may not apply to new technology issues, (2) that decision-makers should not be blinded by the wonders of a new technology in deciding how to handle disputes concerning the technology, and (3) that the types of new disputes created by technological advance are unforeseeable.
These three guidelines are only intended to be examples, not a comprehensive list. I welcome any other examples. Critically, I contend that these guidelines are applicable across a wide variety of disparate technologies, even technologies that we cannot conceive of presently. In this manner, the guidelines represent one form of a general theory of law and technology.
I want to elaborate on a theme that has been touched on in several posts and comments: whether certain legal issues that arise as a result of technological change are recurring. Stated another way, can we frame a general theory of law and technology by studying how prior law and technology issues have been handled, and developing a set of guidelines for how the legal system should respond to future law and technology issues as they arise.
I believe that examining historic responses to new legal issues brought about by technological advance reveals that we can develop such common guidelines. Considering historic responses will not provide a complete road map for responding to each new law and technology issue—such a goal is unachievable considering the wide variety of technological change and wide variety of legal disputes—but the history lessons can offer a number of useful guidelines for how to confront novel law and technology issues. In following posts I will discuss three lessons: (1) that preexisting legal categories may not apply to new technology issues, (2) that decision-makers should not be blinded by the wonders of a new technology in deciding how to handle disputes concerning the technology, and (3) that the types of new disputes created by technological advance are unforeseeable.
These three guidelines are only intended to be examples, not a comprehensive list. I welcome any other examples. Critically, I contend that these guidelines are applicable across a wide variety of disparate technologies, even technologies that we cannot conceive of presently. In this manner, the guidelines represent one form of a general theory of law and technology.
Welcome Gregory Mandel
It is my great pleasure to introduce Professor Gregory Mandel to Law & Technology Theory. I found Mandel's Technology Wars: The Failure of Democratic Discourse to be one of those rare monographs indispensable to understanding current technology policy. Mandel's empirical scholarship also made a stir in the IP field last year when it helped inspire a leading IP academic/practitioner to reverse course on one of the most important patent disputes to reach the Supreme Court in decades.
Prof. Mandel is Associate Dean for Research and Scholarship, and Professor of Law, at Albany Law School. He is currently on an American Bar Association task force briefing the Environmental Protection Agency on arising nanotechnology issues, on the Advisory Board of the Science and Technology Law Center, and on the Faculty of the Alden March Bioethics Institute.
Prof. Mandel specializes in the interface among technology, science and the law. He is the author of numerous publications, including articles on patent law, nanotechnology law, biotechnology law, and on how society should handle new technologies and technological risk. Prof. Mandel has presented his work internationally at over 20 law schools and other institutions, including for the United Nations. He has consulted with a variety of senators, representatives, administrative agencies, and private entities concerning technology legislation, regulation, and social and economic effects.
Prof. Mandel is Associate Dean for Research and Scholarship, and Professor of Law, at Albany Law School. He is currently on an American Bar Association task force briefing the Environmental Protection Agency on arising nanotechnology issues, on the Advisory Board of the Science and Technology Law Center, and on the Faculty of the Alden March Bioethics Institute.
Prof. Mandel specializes in the interface among technology, science and the law. He is the author of numerous publications, including articles on patent law, nanotechnology law, biotechnology law, and on how society should handle new technologies and technological risk. Prof. Mandel has presented his work internationally at over 20 law schools and other institutions, including for the United Nations. He has consulted with a variety of senators, representatives, administrative agencies, and private entities concerning technology legislation, regulation, and social and economic effects.
Many Thanks to Andrea Matwyshyn
Thanks very much to Andrea for a week of fascinating posts. I'm afraid I was in the midst of writing a technology self-study for my law school, so didn't have much time to comment at the time, but hope to later. One of the nice things about this format is that the opportunity for comment that disappears at the end of "real-space" conference panels is always available in cyberspace.
Friday, January 12, 2007
Casestudy in Legal Linearity: The Children's Online Privacy Protection Act (COPPA)
As discussed previously, developmental psychology has moved toward a nonlinear paradigm driven by studying individuals in social context. The Children's Online Privacy Protection Act framework, however, presents a static framework that does not take into account the nonlinear nature of development.
COPPA requires that websites targeting children under age 13 provide notice of privacy practices and obtain verifiable parental consent prior to collecting data from the child. The statute also empowers the Federal Trade Commission to promulgate additional regulations to require the operator of a website subject to COPPA to establish and maintain reasonable procedures “to protect the confidentiality, security, and integrity of personal information collected from children.” Specifically, COPPA stipulates that prior to collection of data from a child under 13, a website “operator” must obtain obtain “verifiable parental consent”. The preferred medium for this verifiable parental consent is receipt of a fax from the parent, however an email exception was originally crafted as an interim measure for limited amount of time. This email exception evolved into a “sliding scale approach” which is still applied by the FTC in COPPA inquiries. Depending on the character of the data collection and the intended use, the FTC’s analysis varies.
During the first six years of its effectiveness, COPPA has received mixed reviews at best. The deterrent effect of prosecutions appears to have been limited. As a practical matter, a large number of websites which are governed by COPPA are simply noncompliant, willingly risking prosecution rather than investing effort in attempting to comply. As demonstrated by several studies, compliance level is generally under 60%, and even those websites which attempt compliance on their face, are frequently easily circumventable in their age verification process. From the perspective of the child user, COPPA has been viewed to only protect the data of the children who wish to have their data protected. For children who simply wish content access, in many instances immediate workarounds are readily available. Often the child merely needs to log in again and provide a false birthdate to gain access to the material to which s/he was denied access.
COPPA makes linear developmental assumptions. First, COPPA is predicated on the idea that an adult parent’s development and proficiency with technology surpasses that of her child, an assumption research demonstrates is unsustainable. Technology learning and development do not always cleanly map on to chronological age. Parents frequently feel their ability to monitor their children’s activities online is limited.
Second, the age of capacity to consent to data gathering stipulated in COPPA, age 13, appears to have been selected arbitrarily. During early adolescence, large divergences in development are visible, perhaps even more so than in later life. Particularly since the issue at hand relates to data security contracting, a more logical age of consent might mirror contractual capacity generally. The usual age of contractual capacity is 18.
Third, COPPA takes into account only one computing context, the home, and presumes a parent’s being available during the child’s internet time. However, children frequently access the internet and give away information about themselves using computers at school, at friends’ houses and in the library. Therefore, a regulatory paradigm presuming parental presence does not reflect the reality of children’s situated learning in multiple contexts.
Fourth, both technology use and development are emergent phenomena. COPPA did not take into account the norms of corporate conduct that would arise to circumvent its restrictions. Because COPPA grants no private rights of action to parents, enforcement of COPPA is the sole province of the FTC, which is an understaffed and overburdened agency. As demonstrated by widespread noncompliance, companies frequently run a risk-benefit calculus regarding the likelihood of prosecution and decide to risk regulatory action rather than invest in compliance structure.
Finally, COPPA presents a technology-focused regulatory design; the focus is on each website that chooses to collect children’s data. However, as technology evolves, a website-centric approach is destined for obsolescence. A more promising regulatory design would be constructed in a human-centric manner, focusing on the child and the child’s information. Such an approach would not only demonstrate greater versatility and regulatory longevity, but systemic efficiencies would also result. In lieu of each website needing to institute a separate age verification process for each child, and each parent approving each website, a child-focused approach could be constructed in such a manner to allow for a single parental approval and a single website registration. In this way, economies of scale could be created through a child data protection structure focused on the child rather than on the website operator. Such an approach would also acknowledge that parents may be less knowledgeable and need more protection than their children, suboptimally suited for a role of gatekeeper.
COPPA requires that websites targeting children under age 13 provide notice of privacy practices and obtain verifiable parental consent prior to collecting data from the child. The statute also empowers the Federal Trade Commission to promulgate additional regulations to require the operator of a website subject to COPPA to establish and maintain reasonable procedures “to protect the confidentiality, security, and integrity of personal information collected from children.” Specifically, COPPA stipulates that prior to collection of data from a child under 13, a website “operator” must obtain obtain “verifiable parental consent”. The preferred medium for this verifiable parental consent is receipt of a fax from the parent, however an email exception was originally crafted as an interim measure for limited amount of time. This email exception evolved into a “sliding scale approach” which is still applied by the FTC in COPPA inquiries. Depending on the character of the data collection and the intended use, the FTC’s analysis varies.
During the first six years of its effectiveness, COPPA has received mixed reviews at best. The deterrent effect of prosecutions appears to have been limited. As a practical matter, a large number of websites which are governed by COPPA are simply noncompliant, willingly risking prosecution rather than investing effort in attempting to comply. As demonstrated by several studies, compliance level is generally under 60%, and even those websites which attempt compliance on their face, are frequently easily circumventable in their age verification process. From the perspective of the child user, COPPA has been viewed to only protect the data of the children who wish to have their data protected. For children who simply wish content access, in many instances immediate workarounds are readily available. Often the child merely needs to log in again and provide a false birthdate to gain access to the material to which s/he was denied access.
COPPA makes linear developmental assumptions. First, COPPA is predicated on the idea that an adult parent’s development and proficiency with technology surpasses that of her child, an assumption research demonstrates is unsustainable. Technology learning and development do not always cleanly map on to chronological age. Parents frequently feel their ability to monitor their children’s activities online is limited.
Second, the age of capacity to consent to data gathering stipulated in COPPA, age 13, appears to have been selected arbitrarily. During early adolescence, large divergences in development are visible, perhaps even more so than in later life. Particularly since the issue at hand relates to data security contracting, a more logical age of consent might mirror contractual capacity generally. The usual age of contractual capacity is 18.
Third, COPPA takes into account only one computing context, the home, and presumes a parent’s being available during the child’s internet time. However, children frequently access the internet and give away information about themselves using computers at school, at friends’ houses and in the library. Therefore, a regulatory paradigm presuming parental presence does not reflect the reality of children’s situated learning in multiple contexts.
Fourth, both technology use and development are emergent phenomena. COPPA did not take into account the norms of corporate conduct that would arise to circumvent its restrictions. Because COPPA grants no private rights of action to parents, enforcement of COPPA is the sole province of the FTC, which is an understaffed and overburdened agency. As demonstrated by widespread noncompliance, companies frequently run a risk-benefit calculus regarding the likelihood of prosecution and decide to risk regulatory action rather than invest in compliance structure.
Finally, COPPA presents a technology-focused regulatory design; the focus is on each website that chooses to collect children’s data. However, as technology evolves, a website-centric approach is destined for obsolescence. A more promising regulatory design would be constructed in a human-centric manner, focusing on the child and the child’s information. Such an approach would not only demonstrate greater versatility and regulatory longevity, but systemic efficiencies would also result. In lieu of each website needing to institute a separate age verification process for each child, and each parent approving each website, a child-focused approach could be constructed in such a manner to allow for a single parental approval and a single website registration. In this way, economies of scale could be created through a child data protection structure focused on the child rather than on the website operator. Such an approach would also acknowledge that parents may be less knowledgeable and need more protection than their children, suboptimally suited for a role of gatekeeper.
Crafting Nonlinear Technology Regulation
Nonlinear developmental theory offers five concrete lessons for crafting successful technology regulation.
First, nonlinear developmental theory instructs us that human development and learning is always situated; the proximate zone of development varies across individuals. Development is not something that happens to humans in a preordained manner; development is an interactive process that occurs not within the individual, but on the person-society border. Therefore, the society the person experiences pushes the course of development and visa versa. The same biological individual in two different technology-mediated social contexts will arrive at two different developmental outcomes and potentially two different regulatory prescriptions.
Second, development is an emergent phenomenon. The social context – including the technology itself – changes in frequently unpredictable ways. Thus, regulating in a manner predicated on static assumptions about people and technology results in law destined for quick obsolescence. Both human behavior and technology will evolve in response to law. Nonlinear developmental theory show us that effects on individuals’ development and behavior are emergent across multiple layers of context. Multiple developmental layers must coincide in pushing humans in the direction sought by the regulation. The influence of the exosystem of social norms, the mesosystem of peer groups and the economic exchange and the microsystem of the individual’s current state of development all come into play. Without considering all of these, regulation can frequently be circumvented or ignored.
Third, learning and development do not always cleanly map on to chronological age. An adult user whose only interactions with a software application occurs once a week for an hour in a library on a shared machine experiences technology development and learning differently than does the ten year old child with a dedicated laptop in her bedroom. Technology can act as both an equalizer of abilities and an exacerbator of differences.
Fourth, regulating the way that humans interact with technology means contemplating multiple layers of context that cooperate or conflict to generate development. At various stages of life, developmental progress intersects with identity goals, creating another lens guiding individual behavior and developmental outcomes. Because these identity goals are inherently social in nature, two layers of context push on the individual – first the context shaping development through interactions and second the context in which the individual attempts to work toward identity goals.
Finally, technology is merely a tool that assists humans in achieving more than they otherwise could; the regulatory and developmental focus should always remain human-centric. New technologies should be analyzed merely as tools in a Vygotskian sense. They enable a user to accomplish more than the user ordinarily could without the tool. As such, the conduct that arises from this assisted action is not new; it is merely amplified conduct. Regulating technology creation is, however, not the answer; regulating humans, their conduct and their use of that technology is a more promising approach. These humans, perhaps unlike the technology itself, can demonstrate extreme levels of variation but provide a more efficacious, though more complicated, point for regulation.
Placing these five lessons in regulatory context, the Children’s Online Privacy Protection Act demonstrates how ignoring these five lessons of contextualist developmental theory can result in regulatory suboptimality.
First, nonlinear developmental theory instructs us that human development and learning is always situated; the proximate zone of development varies across individuals. Development is not something that happens to humans in a preordained manner; development is an interactive process that occurs not within the individual, but on the person-society border. Therefore, the society the person experiences pushes the course of development and visa versa. The same biological individual in two different technology-mediated social contexts will arrive at two different developmental outcomes and potentially two different regulatory prescriptions.
Second, development is an emergent phenomenon. The social context – including the technology itself – changes in frequently unpredictable ways. Thus, regulating in a manner predicated on static assumptions about people and technology results in law destined for quick obsolescence. Both human behavior and technology will evolve in response to law. Nonlinear developmental theory show us that effects on individuals’ development and behavior are emergent across multiple layers of context. Multiple developmental layers must coincide in pushing humans in the direction sought by the regulation. The influence of the exosystem of social norms, the mesosystem of peer groups and the economic exchange and the microsystem of the individual’s current state of development all come into play. Without considering all of these, regulation can frequently be circumvented or ignored.
Third, learning and development do not always cleanly map on to chronological age. An adult user whose only interactions with a software application occurs once a week for an hour in a library on a shared machine experiences technology development and learning differently than does the ten year old child with a dedicated laptop in her bedroom. Technology can act as both an equalizer of abilities and an exacerbator of differences.
Fourth, regulating the way that humans interact with technology means contemplating multiple layers of context that cooperate or conflict to generate development. At various stages of life, developmental progress intersects with identity goals, creating another lens guiding individual behavior and developmental outcomes. Because these identity goals are inherently social in nature, two layers of context push on the individual – first the context shaping development through interactions and second the context in which the individual attempts to work toward identity goals.
Finally, technology is merely a tool that assists humans in achieving more than they otherwise could; the regulatory and developmental focus should always remain human-centric. New technologies should be analyzed merely as tools in a Vygotskian sense. They enable a user to accomplish more than the user ordinarily could without the tool. As such, the conduct that arises from this assisted action is not new; it is merely amplified conduct. Regulating technology creation is, however, not the answer; regulating humans, their conduct and their use of that technology is a more promising approach. These humans, perhaps unlike the technology itself, can demonstrate extreme levels of variation but provide a more efficacious, though more complicated, point for regulation.
Placing these five lessons in regulatory context, the Children’s Online Privacy Protection Act demonstrates how ignoring these five lessons of contextualist developmental theory can result in regulatory suboptimality.
Wednesday, January 10, 2007
Humans + Technology = Emergent Behaviors, part II
Albert Bandura’s Social Learning Theory presents an analysis consonant with Vygotsky and Bronfenbrenner. Bandura's theory views the person-environment interaction as a three way exchange in which the person, an entity with unique characteristics, performs a behavior in an environment which responds to the person and the behavior in a process of reciprocal determinism; it is an idiosyncratic interaction. According to Bandura, models can serve to instruct, motivate, disinhibit, inhibit, socially facilitate, and arouse emotion in a process of vicarious reinforcement. Essentially, development is viewed as a process of quantitative change, during which learning episodes gradually accumulate over time. Although Social Learning Theory does not directly address historical or cultural context, it reflects the tradition of Vygotsky and the contextualist approach by recognizing the dialectical process of a person who is working within and shaped by an environment; a triadic reciprocal determinism occurs among behavior, cognitive factors and the environment. Also, as in the theory of Vygotsky, there is no endpoint to development, and universal behaviors are rare. Thus, children are developmentally malleable but only within constraints of biology and environment, an environment replete with technology.
Finally, Erikson frames development through identification of eight stages/dichotomies of human development and identity formation: (1) basic trust versus mistrust, (2) autonomy versus shame, (3) initiative versus guilt, (4) industry versus inferiority, (5) indentity versus role confusion, (6) intimacy versus isolation, (7) generativity versus stagnation, (8) ego integrity versus despair. Erikson’s stages 1, 2 and 3 represent childhood stages when the individual is not yet capable of interacting with (borrowing a Vygotskian phrase) “cultural tools” such as the internet. Stage 8 is similarly a stage in which the individual is primarily conquering internal dynamics, and, therefore, interaction with culture, its tools and other individuals is not the primary focus of the stage. Conversely, in stages 4, 5, 6, and 7, the individual is learning from and making a place in society. The child becomes a different person in each stage with different cognitive capacities and progressively achieves a greater ability to interact with a wider range of people. For Erikson, the ego can only remain strong through interactions with cultural institutions that enable the development of the child’s capacities and potential. Technology is a key component of these interactions.
These four schools of nonlinear developmental theory offer useful analytical lense for (re)theorizing and assessing technology regulation. A discussion of some of the insights these theories may provide for technology regulation follows.
Finally, Erikson frames development through identification of eight stages/dichotomies of human development and identity formation: (1) basic trust versus mistrust, (2) autonomy versus shame, (3) initiative versus guilt, (4) industry versus inferiority, (5) indentity versus role confusion, (6) intimacy versus isolation, (7) generativity versus stagnation, (8) ego integrity versus despair. Erikson’s stages 1, 2 and 3 represent childhood stages when the individual is not yet capable of interacting with (borrowing a Vygotskian phrase) “cultural tools” such as the internet. Stage 8 is similarly a stage in which the individual is primarily conquering internal dynamics, and, therefore, interaction with culture, its tools and other individuals is not the primary focus of the stage. Conversely, in stages 4, 5, 6, and 7, the individual is learning from and making a place in society. The child becomes a different person in each stage with different cognitive capacities and progressively achieves a greater ability to interact with a wider range of people. For Erikson, the ego can only remain strong through interactions with cultural institutions that enable the development of the child’s capacities and potential. Technology is a key component of these interactions.
These four schools of nonlinear developmental theory offer useful analytical lense for (re)theorizing and assessing technology regulation. A discussion of some of the insights these theories may provide for technology regulation follows.
Subscribe to:
Posts (Atom)