Implications of New School Surveillance Methods on Student Data Privacy, National Security, Electronic Surveillance, and the Fourth Amendment

Implications of New School Surveillance Methods on Student Data Privacy, National Security, Electronic Surveillance, and the Fourth Amendment

By Amanda Peskin, University of Maryland, Francis King Carey School of Law, Class of 2024

Abstract

Since the Covid-19 pandemic, schools have escalated their use of educational technology to improve students’ in-school and at-home learning. Although educational technology has many educational benefits for students, it has serious implications for students’ data privacy rights. Not only does using technology for educational practices allow schools to surveil their students, but it also avails students to data collection by the educational technology companies. This paper discusses the legal background of surveilling and monitoring student activity, provides the implications surveillance has on technology, equity, and self-expression, and offers several policy-based improvements to better protect students’ data privacy.

Continue reading

Balanced Scrutiny – The Necessity of Adopting a New Standard to Combat the Rising Harm of Invasive Technology

Balanced Scrutiny – The Necessity of Adopting a New Standard to Combat the Rising Harm of Invasive Technology

By Roosevelt S. Bishop, University of Maine School of Law, Class of 2023

ABSTRACT

The current First Amendment jurisprudence of strict scrutiny is wholly insufficient in fostering a healthy legal landscape regarding the freedom of speech in cyberspace. Technology is outpacing the legislative action to address these increasing harms that are prevalent in a society that practically lives online. Consequently, if we, as a society, are to effectively begin addressing the growing danger of the practically protected “expression” of Privacy Invaders, we need to first explore the possibility of a new tier of scrutiny; we need balance. This blueprint for balanced scrutiny will begin by highlighting the harms suffered unequally through the invasion of Intimate Privacy, a term originally coined by premiere privacy scholar Danielle Keats Citron. It will then touch on the historical standing and flexibility of the First Amendment. After edifying how cyber harassment and the First Amendment intersect, this study will conclude by proposing a new standard of judicial review to be utilized when addressing laws targeting cyber expression.  Continue reading

The Double-Edged Promise of Cryptocurrency: How Innovation Creates New Vulnerabilities and How Government Oversight Can Reduce Crypto Crime

The Double-Edged Promise of Cryptocurrency: How Innovation Creates New Vulnerabilities and How Government Oversight Can Reduce Crypto Crime

By Jason H. Meuse, University of Maine School of Law, Class of 2023

Abstract

The fallout from the FTX fraud scheme brought the dangers of crypto front-and-center. Not only did FTX perpetrate a massive fraud, but its fall exposed the cryptocurrency exchange to hacking resulting in the theft of over $477 million in crypto assets. This theft is not isolated to FTX; by October 2022, hackers had already stolen over $3 billion. In addition, new organizational structure and technology in the crypto industry has introduced new vulnerabilities. Cryptocurrency exchanges, decentralized exchanges, and cross-chain bridges are prime targets for hackers to both steal and launder crypto assets. Part of the reason these technologies leave assets vulnerable is that they undermine a central premise of crypto: a currency system accountable to users within a closed ecosystem. While the industry has responded by increasing its security standards and procedures, its anti-government attitude has inhibited cooperation with government that could make the crypto marketplace even more secure. Many firms are incorporated outside of U.S. jurisdiction, lightening the compliance burden at the cost of security. However, establishing industry security standards and cooperating with the government can lead to higher security and greater consumer confidence.

Continue reading

Life’s Not Fair. Is Life Insurance?

The rapid adoption of artificial intelligence techniques by life insurers poses increased risks of discrimination, and yet, regulators are responding with a potentially unworkable state-by-state patchwork of regulations. Could professional standards provide a faster mechanism for a nationally uniform solution?

By Mark A. Sayre, Class of 2024

Introduction

Among the broad categories of insurance offered in the United States, individual life insurance is unique in a few key respects that make it an attractive candidate for the adoption of artificial intelligence (AI).[1] First, individual life insurance is a voluntary product, meaning that individuals are not required by law to purchase it in any scenario.[2] As a result, in order to attract policyholders, life insurers must convince customers not only to choose their company over other companies but also convince customers to choose their product over other products that might compete for a share of discretionary income (such as the newest gadget or a family vacation). Life insurers can, and do, argue that these competitive pressures provide natural constraints on the industry’s use of practices that the public might view as burdensome, unfair or unethical and that such constraints reduce the need for heavy-handed regulation.[3]

Continue reading

Protecting Critical Infrastructure From Cyberattack: Current Issues and Potential Solutions

Written by G. Andrew Ouellette, Class of 2022 

I. Introduction

On February 5, 2021, hackers gained unauthorized access to the control systems of a water treatment facility in Oldsmar, Florida.[1]  The Oldsmar facility, located about fifteen miles from Tampa, which hosted the Super Bowl the day before, provides water for businesses and over 15,000 residents.[2]  Once inside the computer system, the hackers were able to locate the software function controlling the levels of sodium hydroxide, commonly known as lye, that is added to the water. They proceeded to raise the levels of sodium hydroxide by more than 110 times the standard level, a level that could potentially be fatal to humans if ingested.[3]  Luckily, this crisis was averted thanks to the watchful eye of a plant operator who was able to return the levels to normal before any of the changes could take effect.[4]

Though no casualties were suffered as a result of the Oldsmar attack, the incident highlights a significant and growing threat to national security, a threat that the United States is increasingly unprepared to defend against. This is just one example in a long string of cyberattacks on infrastructure in recent years. According to the FBI, cyberattacks resulted in over $3.5 billion in financial losses reported in 2019 alone,[5] and experts estimate that this could reach $10.5 trillion globally by the year 2025.[6]  Generally, when people think of cyberattacks, they think of data breaches and theft of personal information due to the numerous cases affecting high-profile companies in recent years.[7]  However, more serious cyber threats exist, namely cyberattacks that target our nation’s critical infrastructure. Critical infrastructure (CI) is becoming an increasingly attractive target for terrorists and hackers due to both the strategic importance of CI and the “numerous vulnerabilities found within these assets and systems.”[8]  Experts have noted that “as industries become more digitally connected, we will continue to see more states and criminals target these sites for the impact they have on society.”[9]  A recent report distributed to the Senate Select Committee on Intelligence noted that China, Iran, and Russia all have the ability to launch disruptive cyberattacks on the U.S.’s critical infrastructure, including gas pipelines and electrical grids.[10]  Additionally, former Director of National Intelligence Dan Coats has warned that “Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.”[11]

While the concept of the federal government playing a significant role in protecting CI from attack is not a new one, the increasing interconnectivity of CI to the internet has brought a host of new challenges. Prior to the cyber-era, “the government’s role in protecting infrastructures was relatively justifiable and straightforward, as risks both originated and materialized in the kinetic realm.”[12]  However, risks have multiplied due to an increasing dependence on the internet, as well as the internet itself being classified as CI.[13]  The Covid-19 pandemic has only increased vulnerability with thousands of employees connecting to systems remotely, often with inadequate protection in place.

Rapid development, increasing complexity, and argument over the appropriate approach have led to a lag in policy addressing security regulations in the area. The United States, along with other countries, has so far been hesitant to impose strict regulations, instead opting for a “voluntary participation” based approach.[14] Not only have recent attacks and an increased reliance on remote connectivity laid bare the shortcomings of the current approach to protecting CI, but they have shown that it is time for the adoption of stricter regulation to protect against far more serious attacks.

This paper seeks to highlight some of the issues arising out of the current policy approach to protecting CI from cyberattack and propose recommendations in several key areas. Section II will begin by presenting an overview of relevant background information, including how critical infrastructure is categorized, the current landscape of the CI sectors, as well as current vulnerabilities to cyberattack. Next, Section III will briefly cover the policy history of CI protection in the United States with a focus on major developments to highlight how this policy has evolved as well as recent developments in this area. Section IV will explore the current policy approach as well as some of the significant benefits and drawbacks in key areas.

Section V will conclude by building on the topics discussed in the previous sections and present several proposals, including strengthening incentives for companies to build and maintain robust cybersecurity, furthering public-private information sharing, as well as creating a standardized federal cybersecurity requirement for CI sectors.

Continue reading

Alexa, I’m Home! – The Risks & Regulation of the Internet of Things

Written by, Nora Hanson, Chris Knight, Blake McCartney & Dale Rappaneau, Class of 2022

I. Introduction

There are a variety of definitions of the “Internet of Things” (“IoT”). IoT has been described as “the concept of . . . connecting any device with an on and off switch to the Internet” and/or to another device.[1] It may also be explained as “[t]he interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.”[2] The concept of IoT encompasses many types of devices, including home technologies, wearable devices, and technology used by countless industries such as farming, manufacturing, transportation, and oil and gas.

This paper focuses on IoT in the consumer’s home, a space ripe with privacy considerations. First, this paper considers IoT in the home and the corresponding privacy risks. Next, this piece explains the manner in which the United States currently regulates IoT. Finally, this paper considers how the United States will regulate IoT moving forward.

Continue reading

Cyber Harassment: A Global Issue Within Evolving Technology

Written by Roosevelt Bishop, Devon Draker, Shelbie Mora, and Gabrielle Schwartz as a final paper for the Fall 2021 session of Information Privacy Law

Introduction

Cyber harassment “involves threats of violence, privacy invasions, reputation-harming lies, calls for strangers to physically harm victims, and technological attacks.”[1] Though all of these elements fall under harassment or abuse, online harms can be divided into different mediums and subsections. The various types of cyber harassment “capture the different ways[s] the Internet exacerbates the injuries suffered . . . by extend[ing] the life of destructive posts.”[2] This paper addresses evolution and increased incidences of cyber-harassment such as revenge porn, cyberstalking, Zoom-bombing, and doxxing, and the need for a federal legal solution. Congress must address this harm by enacting a comprehensive cyber-harassment legislation containing the elements detailed below.

Continue reading