Washington College of Law
Home Archive Current Volume Volume 66, Issue 5
Volume 66, Issue 5: Symposium Issue
DISCUSSION: Judges as Diplomats in Advancing the Rule of Law: A Conversation with President Koen Lenaerts and Justice Stephen Breyer

Introduction by Fernanda Nicola and Bill Davies66 Am. U. L. Rev. 1159 (2017)

In the aftermath of the second official Luxembourg Forum and the visit of a delegation of the Court of Justice of the European Union to the U.S. Supreme Court, American University convened a workshop with judges, legal scholars, social scientists, students, and practitioners to expand and increase among all workshop participants the value of this Forum:  to enhance constitutional decision making and strengthen the rule of law and fundamental rights across the Atlantic.

The significance of this inter-court dialogue and the use of foreign law and practice in domestic courts is a hotly contested issue at a time when the reaffirmation of national sovereignty through the rise of extremist values and political and economic introspection are in the ascendency.  Famously, just over a decade ago, Justices Stephen Breyer and Antonin Scalia debated the use of foreign law by the U.S. Supreme Court, with Scalia’s more insular approach seemingly winning the day despite the opposing preferences of other Justices, such as Breyer, Ginsburg, and Kennedy.  Since then, Justice Breyer has restated the case for the judge to also be a “diplomat” and to learn from foreign legal ideas, particularly the European constitutional concept of proportionality when adjudicating on the First Amendment.  In a similar way, the members of the Court of Justice of the European Union have also struggled with the use of foreign legal norms given the more precarious nature of its jurisdiction vis-à-vis twenty-eight member states.  In fact, no direct citation to the U.S. Supreme Court appears in the judgments of the Court of Justice of the European Union even though some opinions of its Advocates General occasionally cite to U.S. jurisprudence. This is in sharp contrast from the other regional European court, the European Court of Human Rights based in Strasbourg, which openly cites the U.S. Supreme Court in its decisions.

The lack of this overt kind of influence of the U.S. Supreme Court on the Court of Justice of the European Union and vice-versa does not necessarily mean that they do not employ similar ideas and modes of reasoning. Some scholars have attempted to trace some of these more invisible or cultural cross-influences through the lenses of transnational dialogue among courts, migration of constitutional ideas, and judicial comparativism as judicial diplomacy.  Yet the current literature on comparative constitutional law remains silent on the deep cultural and ideological connections between the Court of Justice of the European Union and the U.S. Supreme Court.  Our questioning during the following conversation sought to evidence the concrete benefits and advantages of this judicial dialogue and to impart to the audience the value and normative significance of the courts’ relationship at a time when judicial independence, and potentially the rule of law itself, are being subverted.  We hope that judicial exchanges, like this one between Associate Justice Stephen Breyer and President Koen Lenaerts, can stem the tide of isolationism that has befallen the Western world. 

Click here to view this Discussion

Little Things and Big Challenges: Information Privacy and the Internet of Things

By Hillary Brill and Scott Jones | 66 Am. U. L. Rev. 1183 (2017)

The Internet of Things (IoT), the wireless connection of devices to ourselves, each other, and the Internet, has transformed our lives and our society in unimaginable ways. Today, billions of electronic devices and sensors collect, store, and analyze personal information from how fast we drive, to how fast our hearts beat, to how much and what we watch on TV.  Even children provide billions of bits of personal information to the cloud through “smart” toys that capture images, recognize voices, and more.  The unprecedented and unbridled new information flow generated from the little things of the IoT is creating big challenges for privacy regulators.  Traditional regulators are armed with conventional tools not fully capable of handling the privacy challenges of the IoT.

A critical review of recent Federal Trade Commission (FTC) enforcement decisions sheds light on a recommended path for the future regulation of the IoT. This Article first examines the pervasiveness of the IoT and the data it collects in order to clarify the challenges facing regulators. It also highlights traditional privacy laws, principles, and regulations and explains why those rules do not fit the novel challenges and issues resulting from the IoT.  Then it presents an in-depth analysis of four key FTC enforcement decisions to highlight how the FTC has and can regulate the IoT without undermining the innovation and benefits that this technology—and the data it provides—brings to our society.                    

Specifically, the Article describes how the FTC, faced with the privacy challenge that accompanies the interconnected world of the IoT, has managed to apply traditional standards of “unfairness” and “deceptive practices” to protect private information.  The FTC has been flexible and nimble with its interpretations of such standards and, in its most recent IoT case, FTC v. VIZIO, established a new “tool” in its toolkit for regulating IoT devices:  an “unfair tracking” standard.  As the de facto data protection authority in the United States, the FTC can use this new tool to work toward standardizing its treatment of IoT privacy issues instead of trying to fit those concerns neatly under the deception authority of section 5 of the FTC Act.  However, this new tool also means that the FTC has the opportunity—and responsibility—to provide guidance on how it will wield that authority.

To assure that innovation is not stifled and that this new rule is fairly applied (whether by the FTC or other agencies that may follow suit), it is imperative that the FTC diligently address concerns about the scope of this new rule and communicate that guidance to businesses, other regulators, and consumers alike.  The new FTC administration should, as the primary regulator of information privacy and the IoT, continue the strong practice established by the previous administration, which is to provide guidance to businesses, consumers, and other regulators navigating the big challenges caused by the little things in the IoT.

Click here to view this Article

Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach

By Lawrence J. Trautman and Peter C. Ormerod | 66 Am. U. L. Rev. 1231 (2017)

On September 22, 2016, Yahoo! Inc. (“Yahoo”) announced that a data breach and theft of information from over 500 million user accounts had taken place during 2014, marking the largest data breach ever at the time.  The information stolen likely included names, birthdays, telephone numbers, email addresses, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers.  Yahoo further disclosed its belief that the stolen data “did not include unprotected passwords, payment card data, or bank account information.”  Just two months before Yahoo disclosed its 2014 data breach, it announced a proposed sale of the company’s core business to Verizon Communications.  Then, during mid-December 2016, Yahoo announced that another 1 billion customer accounts had been compromised during 2013, a new record for largest data breach.

Social media and electronic commerce websites face significant risk factors, and an acquirer may inherit cyber liability and vulnerabilities.  The fact pattern in this announced acquisition raises a number of important corporate governance issues:  whether Yahoo’s conduct leading up to the data breaches and its subsequent conduct constituted a breach of the duty to shareholders to provide security, the duty to monitor, the duty to disclose, or some combination thereof; the impact on Verizon shareholders of the acquisition price renegotiation and Verizon’s assumption of post-closing cyber liabilities; and whether more drastic compensation clawbacks for key Yahoo executives would be appropriate.

Cybersecurity remains a threat to all enterprises, and this Article contributes to the corporate governance literature, particularly as it applies to mergers and acquisitions and the management of cyber liability risk.

Click here to view this Article

NOTE: Holding the FBI Accountable for Hacking Apple’s Software Under the Takings Clause

By Mark S. Levy | 66 Am. U. L. Rev. 1293 (2017)

Smartphones have swiftly replaced most—if not all—conventional methods of sending, receiving, and storing personal information.  Letters, address books, calendars, and trips to the bank have been rendered obsolete by tools such as text messaging, digital contacts, iCal, and mobile banking apps.  Although these digital alternatives are convenient, they are not immune from attack.  Therefore, to remain competitive, technology companies must maintain safe and secure platforms on which users may freely store and share their personal information.

Apple Inc., for example, strives to protect its users’ intimate information, consequently earning a reputation for prioritizing security.  Like a king protecting his castle, Apple has erected a variety of technological and legal barriers to guard its users’ data and ward off unwanted intruders from vulnerabilities at a variety of stages.  First, to protect user data from unauthorized access, Apple’s software authorizes iPhone users to set their own passcode.  Next, Apple encrypts its iPhone software, essentially placing a digital padlock on its software to preclude any software alterations, including the user-determined passcode functionality.  Lastly, Apple copyrights its encryption padlock, discouraging rogue actors from circumventing its technology and security features in fear of civil or criminal implications.

In the spring of 2016, however, the federal government pillaged Apple’s digital fortress, overcoming each of these barriers.  The Federal Bureau of Investigation (FBI) was investigating the terrorist attack in San Bernardino, California, and Apple’s security mechanisms precluded access to a shooter’s iPhone, which was locked with the user-determined passcode.  Nonetheless, the FBI hired professional hackers to alter Apple’s software, thereby circumventing Apple’s encryption and ignoring Apple’s copyrights, to access the iPhone.

Although the FBI opened just this one phone, just this one time, its hacking has much broader implications.  By altering Apple’s software to circumvent its encryption, it smashed Apple’s digital padlock, essentially creating a master key capable of opening hundreds of millions of iPhones, jeopardizing users’ intimate information.  The FBI has devalued Apple’s coveted security and risked Apple’s reputation.  Despite Apple’s copyright, Apple has no statutory remedy available; however, the Takings Clause in the Fifth Amendment of the United States Constitution affords Apple a simple solution.

This Note contributes to the contentious debate about prioritizing individual privacy in the face of increasingly innovative and complex national security threats.  It suggests a novel way to deter governmental intrusion by establishing that Apple’s copyrights are “property” under the Fifth Amendment and by characterizing the FBI’s investigative conduct in the San Bernardino case as a “taking” under the Fifth Amendment.  Constitutionally requiring the federal government to pay “just compensation” necessarily compels it to consider in its calculus the economic consequences of circumventing a technology company’s encryption, potentially preventing such intrusion in the first place.

Click here to view this Note