Category Archives: Privacy

TikTok v. Trump and the Uncertain Future of National Security-based Restrictions on Data Trade

In recent years, foreign bulk data collection of US citizens’ personal data has emerged as a new and increasing national security threat. The ability of foreign adversaries to collect—and in some cases, buy outright—US person data is officially governed by IEEPA and CFIUS. Bernard Horowitz and Terence Check argue that these regulatory frameworks are ill-suited for the particular issues raised by present-day data processing technology.

The authors examine both IEEPA and CFIUS in turn—how these regulations function in practice, and how they apply to bulk adversarial data collection. The authors focus particularly on the recent decision in TikTok v. Trump and how it may undermine the ability of the United States to restrict data trade on national security grounds.

Bernard Horowitz is Law Clerk for Senior Judge Mary Ellen Coster Williams of the United States Court of Federal Claims. This article does not reflect the views of the Court of Federal Claims or Judge Williams, and was written solely in the author’s personal capacity and not as part of his court-related duties.

Terence Check is Senior Counsel, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security; LL.M in Law & Government, specializing in National Security Law & Policy, American University Washington College of Law (2015); J.D., magna cum laude, Cleveland State University, Cleveland-Marshall College of Law (2014); Editor-in-Chief, Cleveland State Law Review (2013-2014). This article does not reflect the official position of the US government, DHS, or CISA and all opinions expressed are solely those of the authors. He is the author of “Turning US Vetting Capabilities and International Information-sharing to Counter Foreign White Supremacist Terror Threats” in the JNSLP Online Supplement.

 

Layered Opacity: Criminal Legal Technology Exacerbates Disparate Impact Cycles and Prevents Trust

Predictive policing tools used widely by law enforcement agencies attempt to identify where crime will happen before it does. These analyses determine police deployment, and ultimately, arrest data. In this article, Ben Winters highlights how risk assessment tools use that data, combined with various other inputs, to determine detention, bail, sentencing, parole, and more which give rise to serious transparency and oversight concerns.

Particularly, Winters highlights the urgency of these paramount concerns given the tool’s operation in a system that severely disadvantages already marginalized communities. Winters argues that the relatedness of the tools is under-recognized and could be stronger reflected in advocacy efforts and regulatory efforts. This article explains the harm compounded by the tools and explores regulatory options both inside of traditional government levers, and the approaching regulation of data and data practices.

Defining the Scope of “Possession, Custody, or Control” for Privacy Issues and the CLOUD Act

With a growing number of US companies storing their electronic data across country lines, US law enforcement agencies are left with the difficult task of trying to access electronic evidence stored outside of their physical jurisdictions.

In response, Congress passed the Clarifying Lawful Overseas Use of Data Act (Cloud Act) in 2018 to provide the US government with the power to order the production of electronic evidence that is stored outside of the US if it is within a US company’s “possession, custody, or control.”

However, the Cloud Act does not define what constitutes the “possession, custody, or control” of electronic evidence, raising concerns about the scope of US authority under the Act. Through their examination of existing domestic and international jurisprudence interpreting these terms in other legal contexts, Hemmings, Srinivasan, and Swire outline the key factors courts should balance in analyzing this pivotal phrase.