Computer Ethics Paper 2

Due: Wednesday, June 21, 2017

Topic option 1: Third-Party Doctrine

Do you have a "reasonable expectation of privacy" -- in the sense of police surveillance -- for data held by others?

The "third-party doctrine" says no, or at least that, if we do, it's too bad for us and the government still does not need a warrant. This was originally determined in the context of:

How broadly should the third-party doctrine apply? And if it does contradict a reasonable expectation of privacy, which rules should apply?

Should the third-party doctrine apply to email? Generally, if you write a letter to someone, and they open it, your letter can be subpoenaed from the recipient. But they can object. No third party ever sees your letter. Email, on the other hand, used to be subpoenaed regularly directly from the ISP. The Sixth Circuit found this unconstitutional in US v Warshak, and ruled that a warrant was needed.

What about phone metadata? For the metadata of a single individual, this was decided by the Supreme Court in Smith v Maryland. In that era, third parties held a lot less digital data on each of us than they do now. And there was probable cause to suspect Smith.

What about cellphone location data? Traditionally, nearest-tower data has been considered to be a business record. GPS data, however, conceptually requires involvement of your phone, and often is not considered a business record, though this is a narrow distinction.

What about library records? Internet search records? Facebook history? Sometimes the third-party doctrine is defended on the grounds of the transaction theory of privacy: the third party has just as much interest in the data as you do. This makes some sense for bank records, which the bank does need and use; what about these other records?

The Patriot Act made it mandatory to turn over most subpoenaed business records on third parties. Would it help if this were simply voluntary, with a warrant available in case a third party refused and the requirements for a warrant could be met? Or should "business records" be interpreted narrowly, and perhaps not so as to include other data?

One common pro-warrant, anti-third-party argument is that it's just not that hard for the police to get a warrant, and they should have to do so whenever the information sought is moderately intrusive.

Another argument is based on the idea that some third-party data has an essential business application for that third party: banking records, phone company records of the called number, nearest-tower data and email recipient addresses, to give a few examples. But other third-party data has no business relevance to the third party: the contents of email messages, or phone GPS data, or the photos or other data we store in the cloud.

Yet another approach is that, today, we all have so much information held by third parties that some form of protection is essential; the third-party doctrine was forged in an era where there was very little third-party data and is now simply outdated.

See the course notes here and here. Orin Kerr, in defending the third-party doctrine, acknowledged it is sometimes thought of as the Fourth Amendment rule scholars love to hate. For a recent blog post by Kerr on this topic, see here.

Topic option 2: Defamation Policy

Has 230 of the Communications Decency Act gone too far? This law, along with the DMCA, has enabled the rise of third-party-content sites. Some of these are mainstream, such as YouTube and Wikipedia. Some, like Reddit, are known for the freedom provided for users to say what they want. And some, like The Dirty, are simply in the business of encouraging salacious gossip. 230 has made it nearly impossible to take down user-posted content. Should this rule be relaxed?

The original goal of 230 was to protect sites that did family-friendly editing, which is arguably the opposite of protecting offensive content. If you do not think 230 should be changed, try to identify the important principles behind 230 and defend them. Consider addressing why you feel 230 cannot be modified without losing part of its essential nature.

If, on the other hand, you are in favor of change, outline some sort of alternative. Spell out whether websites hosting user-posted content would be liable for defamatory content, or whether they would simply have to remove defamatory or otherwise offensive content. If the latter, outline what process would be invoked to have the content taken down. Some approaches may be via a voluntary (or semi-voluntary) "website code of ethics"; as an example, note how Google has limited visibility of user posts on YouTube, and made it harder to post anonymously.

Here are a few other things to keep in mind.

Compuserve escaped liability because they did no editing of user-posted content. Should this position continue to receive the highest protection, or should some limited editing of user-posted content be considered the norm?

Should new 230 rules require some element of family-friendly editing, or editing to attain some other socially beneficial goal? If a site engages in some form of editing of user-posted content, under what circumstances should the site escape liability?

Should sites that "encourage" inappropriate posts, by explicit and intentional policy, be held responsible?

Another approach is to create a take-down requirement for disparaging posts. If so, how would you protect sites from celebrities or politicians who wanted nothing negative about them to appear on the Internet? Who decides what is disparaging? What if the original poster cannot be found, or cannot afford to defend their opinion in court?

Your paper (either topic) will be graded primarily on organization (that is, how you lay out your sequence of paragraphs), focus (that is, whether you stick to the topic), and the nature and completeness of your arguments.

It is, as usual, essential that all material from other sources be enclosed in quotation marks (or set off as a block quote), and preferably with a citation to the original source as well.

Expected length: 3-5 pages (1000+ words)