By Brianna Hughes

 

 

The harm from a breach of privacy can not only be potential fines, litigation costs, loss of trade secrets and reputational damage, a breach of privacy can also put the nation’s safety at risk.[1] An important tool to maintain privacy and secure confidential information is the technique of redaction.[2] Redaction is used to filter information out of documents to keep that information secret from unauthorized individuals.[3] In the past, redaction was performed manually by using a black marker to mark out the information or by cutting out the information with scissors.[4] These manual methods were costly and time-consuming.[5] As technology evolved, different digital techniques for redaction came to light, making it easier to filter out confidential information.[6] Many individuals, businesses, and governments rely on these digital techniques to keep their sensitive information confidential.[7] Though these digital techniques are easier, this does not mean that the redactions done are secure.[8]

Those who use digital redaction typically use PDF redaction tools.[9] This involves placing a black box over the sensitive information that is supposed to remove the information behind the box.[10] When this technique fails, it is usually because the text data remained in the document.[11] This allows an individual who would like to access the information to simply copy and paste the information behind the black box into a new word document, defeating the purpose of the redaction.[12] Some information can also be shown when converting a redacted document from Microsoft Word to PDF.[13] Additionally, the inclusion of enough details can allow individuals to decipher what the redactions were meant to be.[14] When these failures occur, information that was supposed to be unknown to the public could be exploited through the press.[15] Examples of this include the redacted court deposition of Ghislaine Maxwell, the partner of Jeffrey Epstein, being published after being deciphered by journalists.[16] The journalists were able to decipher many names that were redacted, many of those names being high-profile individuals.[17] Redaction failures do not only happen in court filings; anyone using digital redaction techniques can fall victim.[18] An unintentional exploitation of private information through the press occurred through the New York Times when they published redacted information that fell victim to the copy and paste method.[19] This redacted information revealed CIA operations and the name of a program’s target; this information is a matter of national security and was not intended to be known by the public.[20] There are multiple high-profile redaction failures that have exposed information that someone wanted to keep secret.[21]

Ineffective redaction can be detected before information is leaked; however, if it is not detected, that information sits available to all.[22] Researchers have built a tool called Edact-Ray to identify, break, and fix information leaks.[23] The program focuses on the size of the characters and their positioning; it then compares the size of the redaction with a predefined “dictionary” of words to estimate what has been replaced.[24] This software can eliminate 80,000 estimates per second. When it detects a vulnerable PDF redaction, it removes the underlying text from the PDF.[25] The inventors of this tool intend to release parts of this program to help identify non-excising redactions and help repair those redactions.[26] For those individuals and entities that intend to use digital redaction in the future and do not intend on using Edact-Ray, changing the content of the original document before redacting can be one way to avoid failure.[27] While redacting will never be proof, understanding that redaction is not as secure as one thinks will help avoid careless mistakes.[28]

 

 

 

 

 

[1] See e.g., Adam Pez, Digital Redaction Fails & Best Practices: How to Keep Your Sensitive Information Safe, Intralinks (Sept. 3, 2020), https://www.intralinks.com/blog/2020/09/digital-redaction-fails-best-practices-how-keep-your-sensitive-information-safe; Matt Burgess, Redacted Documents Are Not as Secure as You Think, wired (Nov. 25, 2022), https://www.wired.com/story/redact-pdf-online-privacy/.

[2] See Pez, supra note 1.

[3] Id.

[4] See Maxwell Bland, et al., Story Beyond the Eye: Glyph Positions Break PDF Text Redaction 1 (2022).

[5] See Pez, supra note 1.

[6] See Burgess, supra note 1.

[7] See id.

[8] See id.

[9] See Bland, supra note 4, at 1.

[10] Burgess, supra note 1.

[11] Lisa C. Wood & Marco J. Quina, Litigation Practice Notes from the Field the Perils of Electronic Filing and Transmission of Documents, 22 Antitrust ABA 91, 91 (2008).

[12] See Bland, supra note 4, at 2.

[13] See Judge Herbert B. Dixon Jr., Embarrassing Redaction Failures, 58 the judges journal 37, 38 (2019).

[14] See Burgess, supra note 1.

[15] See Wood, supra note 11, at 91.

[16] Burgess, supra note 1; Josh Levin, et al., We Cracked the Redactions in the Ghislaine Maxwell Deposition, slate (Oct. 22, 2020), https://slate.com/news-and-politics/2020/10/ghislaine-maxwell-deposition-redactions-epstein-how-to-crack.html.

[17] Levin, supra note 16.

[18] Id.

[19] See Dixon, supra note 13, at 39.

[20] Id.

[21] Burgess, supra note 1.

[22] Wood, supra note 11, at 92.

[23] Bland, supra note 4, at 2.

[24] Burgess, supra note 1.

[25] Id.

[26] Bland, supra note 4, at 18.

[27] Id. at 17.

[28] See Burgess, supra note 1.

 

 

Image Source: https://images.squarespace-cdn.com/content/v1/58090c87d1758ec5d1815f6f/1507577772082-FHNXIFFO7VSSSFCMEWOB/howto.PNG?format=1500w

By Manasi Singh

 

 

Reproductive rights have been a heavily controversial topic in the United States for several decades. In Dobbs v. Jackson Women’s Health Organization (2022), the Supreme Court overturned two past decisions: Roe vs. Wade (1973) and Planned Parenthood v. Casey (1992).[1] While these cases are broadly remembered for upholding the right to abortion, the intricacies of these cases are where we get into discussions about the definition of legal personhood regarding a fetus and the legal and ethical implications of that definition.

Prior to the Dobbs decision, abortion jurisprudence said that the state could not impose an undue burden on a woman’s right to an abortion before the fetus is viable, with the implication that states may restrict abortion access after viability.[2] This theory of viability was based in the Casey decision. While the Dobbs decision now makes it a mostly moot point, it does beg the question of how we define personhood as a general legal term, specifically in the context of fetuses.[3]

Medicine today is on the path toward ectogenesis, which is gestation that takes place entirely outside the body.[4] In other words, artificial wombs may become a realistic medical option in the near future. This type of technology would allow conception and fetal development to occur outside the human body. It would also allow for a fetus to be transferred from its womb into an artificial womb for the remainder of its gestation.[5] These possibilities would serve many benefits such as removing the need for a surrogate, drastically increasing survival chances for premature babies, and effectively eliminating the health and career risks that are most commonly associated with pregnancy.[6] However, these benefits should not distract from the variety of complex legal questions that this technology raises.

While there are several legal and ethical considerations, three encompass the conversation most broadly. This is not a comprehensive list by any means, but I believe the most likely legal issues to arise out of the development of artificial wombs include: (1) the balance of maternal, paternal, and state interests in the fetus, (2) the enforceability and validity of contracts regarding fetuses in artificial wombs, and (3) the creation of new liability concerns and the exacerbation of existing liability concerns with fetuses in artificial wombs. This list reveals an interesting phenomenon, which is that all these issues require assessing the value and autonomy of a fetus independent of its relationship to the physical body of a biological mother. This takes us back to our earlier conversation about the viability doctrine. This doctrine may not be a constitutional standard anymore. Still, discussions about viability will come into play again when we attempt to resolve some of these issues being brought by artificial womb technology.

 

 

 

[1] Dobbs v. Jackson Women’s Health Organization, 142 U.S. 2228, 2241 (2022).

[2] Planned Parenthood v. Casey, 112 U.S. 2791, 2804 (1992).

[3] Id. at 2807.

[4] Jessica H. Schultz, Development of Ectogenesis: How Will Artificial Wombs Affect the Legal Status of a Fetus or Embryo?, 84 Chicago-Kent L. Rev. 877, 878 (2009).

[5] Id. at 879.

[6] Seppe Segers, The Path Toward Ectogenesis: Looking Beyond the Technical Challenges, 22 BMC Medical Ethics 59, (2021), https://bmcmedethics.biomedcentral.com/articles/10.1186/s12910-021-00630-6#citeas.

 

Image Source: https://rewirenewsgroup.com/2012/02/23/what-do-artificial-wombs-mean-women/

 

By Bryce Yancey

 

 

Since 2018, a company called Fog Data Science has been procuring and selling private individuals’ data which allows private security companies and government agencies to track people without a warrant through its program called ‘Fog Reveal.’[1] Fog Reveal uses its technology to take cellphone location data that was originally collected by smartphone apps.[2] Each cell phone has an advertising ID that is comprised of a set numbers that are unique to the specific phone.[3] Fog Reveal uses smartphones’ GPS capability, which provides detailed location data that it collects from commercially available data brokers that wherever a smartphone goes and any time a user downloads an app or visits a website, a trail is created.[4]

This has become especially controversial since several of the Company’s clients include several government entities, including Virginia State Police.[5] Police have been able to use the technology to sweep an area to see which phones were in a particular location at a given time.[6] The technology has been used in several criminal investigations, including the murder of a nurse in Arkansas in 2018 and tracing participants from the January 6, 2021, attack on the capital.[7] However, the technology is rarely, if ever, mentioned in court documents.[8]

Fog Data Science has maintained that the data collected is anonymous and isn’t tied to individuals.[9] However, the true nature of Fog Reveal came to light when a digital privacy nonprofit called ‘Electronic Frontier Foundation’ publicized information through the Freedom of Information Act that found the data collected was indeed linked to individuals.[10] A senior attorney for Electronic Frontier Foundation said it’s “child’s play” for police to figure out the identity of any given cellphone user based on their individual patterns of life, including where they live, sleep, and work.[11]

The U.S. Supreme Court has ruled in Carpenter v. United States that the Constitution’s Fourth Amendment protects individuals from unreasonable search and seizures by requiring law enforcement agencies to obtain a warrant before tracking someone using a GPS device or cell site location information.[12] However, Fog Reveal technology has been used as a loophole to get around these requirements and to gather the same information without court oversight or public transparency. This technology usage has brought to light to many the differences between Electronic surveillance and data privacy. Under the Electronic Communications Privacy Act and Fourth Amendment of the Constitution, law enforcement officers are required to get a warrant based on probable cause if they wish to intercept communications or track a person’s location.[13] However, the concern raised by many is that there aren’t any comprehensive laws that protect people from their data being bought and sold to government agencies and private entities.

However, there is hope. Civil Rights lawyers and Senators have started pushing for legislation limiting law enforcement’s ability to purchase peoples’ data without a warrant.[14] But until any meaningful steps are taken, data capturing will continue to expand in both the public and private sectors as the unregulated data market grows.

 

 

 

[1] Jason Dearen & Garance Burke, Senators push to reform police’s cellphone tracking tools, ABC 13 News (September 29, 2022), https://wset.com/news/local/senators-push-to-reform-polices-cellphone-tracking-tools-fog-reveal-virginia-data-science-tracking-democrats-lawyers-civil-rights.

[2] Ben Paviour, Virginia State Police is using software to track cellphone location data, VPM News (January 12, 2023, 12:54 AM), https://vpm.org/news/articles/38757/virginia-state-police-is-using-software-to-track-cellphone-location-data.

[3] Anne McKenna, What is Fog Reveal? A legal scholar explains the app some police forces are using to track people without a warrant, The Conversation (October 17, 2022, 8:31 AM), https://theconversation.com/what-is-fog-reveal-a-legal-scholar-explains-the-app-some-police-forces-are-using-to-track-people-without-a-warrant-189944.

[4] Garance Burke & Jason Dearen, Tech tool offers police ‘mass surveillance on a budget,’ AP (September 2, 2022), https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27ef.

[5] Paviour, supra note 2.

[6] Id.

[7] Dearen & Burke, supra note 1.

[8] Id.

[9] Paviour, supra note 2.

[10] McKenna, supra note 3.

[11] Paviour, supra note 2.

[12] Carpenter v. United States, 138 S. Ct. 2206 (2018).

[13] Electronic Communications Privacy Act of 1986, 18 U.S.C. §§ 2510-2523.

[14] Dearen & Burke, supra note 1.

 

Image Source: https://static.wixstatic.com/media/5a1250_4e52a6d7e2964302b2cd9b308a01876d~mv2_d_2262_1557_s_2.jpg/v1/fill/w_916,h_660,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/5a1250_4e52a6d7e2964302b2cd9b308a01876d~mv2_d_2262_1557_s_2.jpg

By Anubhav Das [1]

 

 

INTRODUCTION

In the aftermath of Justice K. S. Puttaswamy v. Union Of India decision (2017) by the Supreme Court of India – that held that the right to privacy is a fundamental right – India recently unveiled the much-awaited draft of the data protection law called ‘The Digital Personal Data Protection Bill, 2022’[2] (“DPDPB 2022”). This is the fourth iteration (once in 2018, then in 2019, then in 2021, and now in 2022) of the draft law, and it is currently under public consultation. The DPDPB 2022 contains many important ingredients of a (good?) data protection law, such as (i) the grounds for processing personal data, (ii) the rights of individuals with respect to their personal data, (iii) the establishment of a data protection board to oversee compliance with the law, and (iv) penalties/fines for violation or non-compliance with the law.[3]

Given the above, an aspect that has been consistent with the Indian government’s approach towards data protection law is the reliance on ‘consent’ as the only practical ground for processing personal data. While there are other grounds under the DPDPB 2022 for processing personal data that are categorised as ‘deemed consent’ (Section 8), however, they are limited to public interest grounds or for employment purposes.[4] On the other hand, the counterpart of DPDPB 2022 – the European General Data Protection Regulation (“GDPR”)[5] – has identified other grounds (Article 6) for processing personal data, such as performance of a contract, legitimate interest, etc.

A key question concerning the discussion above is – what exactly is consent in the context of processing personal data? Is it clicking the ‘I agree’ checkbox while installing an application or accessing a website? But generally, that ‘I agree’ checkbox is accompanied by a line stating that “by clicking on ‘I agree,’ you also agree to the terms and conditions and the privacy policy.” But won’t this be regarded as processing personal data under a contract that is not recognised as a ground for processing personal data under the DPDPB 2022? Considering the above, this article attempts to answer the questions above in the context of DPDPB 2022.

CONSENT: TAKEN OR NOT?

The DPDPB 2022 contemplates consent under Section 7 by stating that it must be ‘freely given, specific, informed, and unambiguous’ and it must be obtained with a clear affirmative action for a specific purpose.[6] With respect to clear affirmative action, it means that organisations cannot use pre-ticked boxes for ‘I agree’ (to get an individual’s consent). Further, to comply with the specific purpose requirement, organisations must provide written digital notice to the individuals in itemised format in plain language containing the description of personal data sought to be collected along with the purpose of processing such personal data.[7]  In addition, organisations are also required to inform the individuals about the contact details of the data protection officer (if applicable) or the grievance redressal officer.[8]

While the above approach can be complied with by small companies/organisations who undertake processing for limited and specified purposes, the problem is that it does not contemplate those companies/organisations that process personal data for many and varied purposes. For example, a social media company may process personal data for (i) targeted advertisement, (ii) improving its services, (iii) enabling communication for its users, (iv) enabling the ease of logging in, and (v) various other purposes. Effectively, such companies (e.g., social media companies) will be required to display a long notice detailing every purpose for which it is processing personal data and will be required to seek individual consent.[9] Now, it is unclear if such consent can be obtained from individuals for all such purposes (as a whole) at once or if organisations will be required to seek consent for each of these purposes separately. If such consent can be obtained for all such purposes (as a whole) at once, then that would mean that individuals by clicking on ‘I agree’ are basically agreeing to the privacy policy and/or the terms and conditions of the website or application. This may raise the question of whether such a consent obtained from the individuals is actually consent or whether such personal data is being processed under a contract. Going with this approach, if it is regarded as processing under a contract, then the entire processing of personal data by such companies will be deemed unlawful under the DPDPB 2022.

Consequently, consent as a ground for processing personal data can only be complied with if individuals agree and consent to each of the purposes for which personal data is processed by such organisation, e.g., by clicking on each of the checkboxes corresponding to the specific purposes.[10] This could of course, dissuade individuals due to such complexity in onboarding from ever taking the services or accessing the websites/application of the organisations, thereby hampering business.

Another consequence of establishing a purely consent-based regime (other than its practical ambiguity) is that it will end data scrapping as a form of business.[11] Data scrapping is an operation wherein data is not extracted from the source (that is from the individual).[12] Instead, it is generally extracted from websites where data is displayed or is in open access. The extracted data may contain personal data, and in such circumstances, consent cannot be obtained by organisations. The DPDPB 2022 neither foresees such a situation nor provides any guidance on obtaining consent on an ex-post facto basis.

PERFORMANCE OF A CONTRACT AS A GROUND FOR PROCESSING PERSONAL DATA

On the one hand and from a business perspective, recognising performance of a contract as a ground for processing personal data will provide an easy solution to the problems (as mentioned above) faced in a purely consent-based regime. Under a contract-based regime, individuals will have to click the ‘I agree’ checkbox, which will bind them to the terms and conditions and privacy policy of the website or the application. However, on the other hand, due to the usually lengthy and complex language used in the terms and conditions and privacy policy of a website/application, individuals may agree to such processing purposes that may be detrimental to their privacy. Therefore, a balance needs to be struck between a contract-based regime and a consent-based regime.

A balanced approach in this regard will be to detail and outline the applicability of processing personal data under a contract and consent for different types of businesses. For example, small to mid-sized businesses with less processing complexity may process personal data under consent. However, large-sized businesses that undertake complex processing activity may rely on contract as a ground for processing personal data. This should be subject to the sensitivity of the personal data processed by such organisations, e.g., financial data must be processed via consent only.

CONCLUSION

While the DPDPB 2022 is a much-required step towards establishing a comprehensive data protection legal framework, however, it does contain a few structural inefficacies. Given that it is still in the draft form, one can hope to get some respite concerning the grounds of processing with the inclusion of additional grounds, such as contractual processing. If granting additional grounds is an inconvenient approach, then the Indian government must issue clarificatory notes and/or a compliance guide for the ease of business as well as for the protection of individual privacy.

 

 

 

 

[1] Anubhav Das is an Associate at Saraf and Partners in Delhi (NCR), focusing on IP and Technology Law. He regularly advises businesses on legal issues with respect to data privacy and intellectual property. LinkedIn.

[2] The Digital Personal Data Protection Bill, 2022 (India).

[3] Id.

[4] The Digital Personal Data Protection Bill, 2022, Section 8 (India).

[5] European General Data Protection Regulation, 2016 (Europe).

[6] The Digital Personal Data Protection Bill, 2022, Section 7 (India).

[7] The Digital Personal Data Protection Bill, 2022, Section 6 (India).

[8] The Digital Personal Data Protection Bill, 2022, Section 9(7) (India).

[9] The Digital Personal Data Protection Bill, 2022, Section 7, (India).

[10] Id.

[11] Fiona Campbell, Data Scrapping – Considering the Privacy Issues, Fieldfisher (Jan. 04, 2023, 12:46 PM), https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/data-scraping-considering-the-privacy-issues.

[12] Id.

 

Image Source: https://unsplash.com/photos/JFk0dVyvdvw

 

By Tundun Oladipo

 

 

Various methods of interpreting evidence have been prominent over the last century in criminal court cases.[1] Bite mark evidence, DNA testing, and fingerprint analysis are some of the more prominent methods used by law enforcement in criminal cases to secure convictions or implicate a suspect.[2] These methods are labeled forensic science and claim to use the latest technology to analyse evidence and match them to suspects of a crime.[3] As more wrongful convictions are overturned based on forensic science errors, [4] more researchers and scientists are taking a closer look at the reliability of these analysis methods. [5] Most studies have found forensic science methods, except DNA testing, unreliable.[6]

One method of forensic analysis that has gained popularity in the last decade is Photo Analysis. In this practice, technicians analyse pictures down to their pixels, trying to determine if suspects’ faces, hands, clothes, or cars match images collected by investigators from cameras at crime scenes. [7] The practice in photo analysis is derived from Dr. Vorder Breugge’s article on denim jeans identification. [8] The article asserts the ability to identify denim trousers from bank surveillance film through side-by-side comparison. Denim jeans are believed to have individual identifying characteristics, such as folds and creases, that are generated in the manufacturing process and during normal wear-and-tear. These characteristics may then be recognized on denim trousers and in photographs. [9]

Today’s advanced technology, high-quality imaging, and ability to enhance photos or videos have made this practice of photo analysis compelling.[10] However, these methods, although more recent, are similar to the types of comparisons done in other unreliable forensic sciences and are just as unreliable.[11] The matching of ridges or arcs in denim jeans or the curvature of a person’s body, height, or size of feet from side to side comparison of images is similar to methods used to match curvature or size of teeth in bite mark analysis.[12] The experts that testify before courts make subjective statements and guesses, just like those who testified about bite mark evidence in the past. [13] Dr. Vorder Bruegge, in one case, claimed the button-down plaid shirt found in the defendant’s house was the exact shirt on the robber in black-and-white surveillance pictures. Bruegge said he matched lines in the shirt patterns at eight points along the seams and that the fabric pattern in a plaid shirt worn by a suspect in a surveillance photo generated a “1 in 650 billion match … give or take a few billion.”[14] Similar findings have been found in other “pattern matching” forensic sciences like bullet marks analysis. The National Academy of Science, Engineering, and Medicine found that statements by the FBI lab asserting the ability to match bullets to a gun or match bullets via chemical compounds cannot be accurate.[15] Its report suggested that similar chemical compositions could exist in anywhere from 12,000 and 35 million other matching bullets. [16]

Although newer and compelling, photo analysis shows a remarkable resemblance to past methods of forensic science that are unreliable and have led to a significant number of wrongful convictions. It has drawn less scrutiny because of its relative novelty but is just as dangerous.

 

 

 

 

[1] Office of Legal Policy U.S. Department of Justice, Forensic Science, https://www.justice.gov/olp/forensic-science.

[2] Id.

[3] Kimmy Gustafson, 9 Modern Forensic Technologies Used Today – Forensics Colleges (last visited Nov. 30, 2022), https://www.forensicscolleges.com/blog/resources/10-modern-forensic-science-technologies

[4] DNA Exonerations in the U.S., Innocence Project, http://www.innocenceproject.org/dna-exonerations-in-the-united-states/ (last visited Nov 27, 2022); see Rebecca P. Arrington, STUDY OF FORENSIC TESTIMONY AND WRONGFUL CONVICTIONS BACKS NEED FOR SCIENTIFIC REFORM, UVAToday (Mar. 16, 2009), https://news.virginia.edu/content/study-forensic-testimony-and-wrongful-convictions-backs-need-scientific-reform.

[5] Supra Arrington, note 5.

[6] National Research Council, National Academy of Sciences, Strengthening Forensic Science in the United States: A Path Forward (2009); FBI Testimony on Microscopic Hair Analysis Contained Errors in at Least 90 Percent of Cases in Ongoing Review, FBI (April 20, 2015), https://www.fbi.gov/news/press-releases/press-releases/fbi-testimony-on-microscopic-hair-analysis-contained-errors-in-at-least-90-percent-of-cases-in-ongoing-review.

[7] Ryan Gabrielson, A Key FBI Photo Analysis Method Has Serious Flaws, Study Says (Feb. 25, 2020), https://www.forensicmag.com/561164-A-Key-FBI-Photo-Analysis-Method-Has-Serious-Flaws-Study-Says/

[8] Id.; Richard W. Vorder Bruegge, Photographic Identification of Denim Trousers from Bank Surveillance Film, 44 J. of Forensic Scis. 613 (1999).

[9] Supra Bruegge, note 8.

[10] Shawn, The Rapid Evolution Of Video Resolution – Past, Present And Future, Digital Connect Mag (May 11, 2018), https://www.digitalconnectmag.com/the-rapid-evolution-of-video-resolution-past-present-and-future

[11] Michael Fortino, Latest Forensic Technology, Pattern Analysis, May Be ‘Pseudoscience’, Criminal Legal News (MAY 15, 2020) https://www.criminallegalnews.org/news/2020/may/15/latest-forensic-technology-pattern-analysis-may-be-pseudoscience/.

[12] Id.

[13] Nicole A. Spaun and Richard W. Vorder Bruegge, Forensic Identification of People from Images and Video, IEEE, 29 Sept. 2008, (stating examiners perform their assessments without automation – “the examinations are performed without the assistance of any type of automated biometric technology”).

[14] Ryan Gabrielson, The FBI Says Its Photo Analysis Is Scientific Evidence. Scientists Disagree, ProPublica (Jan. 17, 2019, 05:00 a.m. EST), https://www.propublica.org/article/with-photo-analysis-fbi-lab-continues-shaky-forensic-science-practices; Supra note 11.

[15] Supra note 11.

[16] Id.

Image Source: https://bigstarsite.com/wp-content/uploads/2021/02/ccelebritiesskinny-jeans-3-1034×641.jpg

By Kasey Hall

 

 

For a while now, there has been a growing call from industry insiders for more robust antitrust enforcement to investigate the practices of Live Nation Entertainment.[1] However, these concerns were mainly brushed aside by the general public until recently when Taylor Swift fans stormed the Ticketmaster website in mass to purchase tickets to a long-awaited tour, only to come up empty-handed.[2] The sheer amount of fans flocking to the website was enough to cause Ticketmaster’s system to crash and, in turn, galvanize more support for antitrust enforcement.[3]

In 2010 Live Nation Entertainment (“Live Nation”) was formed through the merger of Ticketmaster and Live Nation.[4] Ticketmaster, already well known for being an industry giant in the concert ticket space, merged with Live Nation, an up-and-coming regional events promoter.[5] Live Nation was seen as a potential challenger of Ticketmaster’s ticket-selling business, so there was a high degree of skepticism about Ticketmaster’s purchase of a future competitor.[6] At the time of their impending merger, many consumer watchdog groups and a coalition of bipartisan lawmakers pleaded with the Obama administration to block the deal, fearing that decreased competition in this market would unduly hurt consumers.[7] Today, Live Nation holds a substantial market share of over 70%.[8] Without large-scale competition, Live Nation has been able to seize more market share and increasingly raise its prices as it knows consumers have nowhere else to turn.[9]

Many are concerned about the country’s widening income and wealth inequality, and the strengthening of industry competition should appeal to large swatches of the American public.[10] Evidence shows that U.S. antitrust laws have “been too lax toward consolidation” and that a more aggressive approach is needed to combat the rise in horizontal and vertical mergers.[11] The concept is simple; more market competition increases the fight among businesses for sales and customers, something critics argue Live Nation has not had to worry about since its merger.[12] Predictably, Live Nation has had less of a need to innovate to win over new customers. Instead, it has only allowed Live Nation to raise its prices and fees, squeezing consumers.[13] Live Nation, through its monopolistic control of the concert market, has been able to add on additional hidden fees such as; service fees, processing fees, facility fees, and promoting fees and label them as merely “an extension of the ticket price.”[14]

The U.S. Department of Justice differs from 12 years ago and should bring more antitrust cases forward. Officials within the Biden administration have been continually pushing back on major mergers signaling a shift in antitrust enforcement philosophy.[15] In an executive order dated July 9, 2021, the Biden administration cited federal government inaction over the last several decades as a significant factor leading to excess industry consolidation.[16] The Federal Government has the authority to mount challenges to significant moves in industry consolidation through the Sherman Antitrust Act, the Clayton Antitrust Act, or other laws.[17] Similarly, President Biden has tasked federal agencies such as the Federal Trade Commission to increase their exercise of regulatory authority over industry mergers.[18]

Without stronger federal antitrust enforcement, consumers will have fewer choices, higher prices, and less customer satisfaction in this modern era of big mergers.[19] Live Nation, in the past, has shown a “sense of entitlement and dismissiveness toward their customers.”[20] Suppose Live Nation still holds that sentiment today. In that case, there should be enough support from lawmakers, industry insiders, and the general public for the U.S. Department of Justice to not only investigate but to go further and attempt the long process to break them up.

 

 

 

 

[1] Winston Cho, Activist Group Asks Justice Dept. to Unwind Live Nation and Ticketmaster Merger, The Hollywood Reporter (Oct. 19, 2022, 7:00 AM), https://www.hollywoodreporter.com/business/business-news/activist-group-justice-dept-unwind-live-nation-ticketmaster-merger-1235244376/.

[2] Peter Cohan, Taylor Swift Overwhelms Live Nation-Ticketmaster’s 70% Monopoly, Forbes (Nov. 18. 2022 4:26 PM), https://www.forbes.com/sites/petercohan/2022/11/18/taylor-swift-overwhelms-live-nation-ticketmasters-70-monopoly/?sh=74272462685f.

[3] Id.

[4] David Segal, Calling Almost Everyone’s Tune, N.Y. Times (Apr. 24, 2010), https://www.nytimes.com/2010/04/25/business/25ticket.html.

[5] Id.

[6] Id.

[7] Bill Pascrell Jr., Op-Ed: Everyone’s worst fears about the Live Nation-Ticketmaster Merger have come true, L.A. Times (May 17, 2018, 4:05 AM), https://www.latimes.com/opinion/op-ed/la-oe-pascrell-live-nation-concert-ticketing-20180517-story.html.

[8] Florian Ederer, Did Ticketmaster’s Market Dominance Fuel the Chaos for Swifties?, Yale Insights (Nov. 23, 2022), https://insights.som.yale.edu/insights/did-ticketmasters-market-dominance-fuel-the-chaos-for-swifties.

[9] Id.

[10] Modern Antitrust Enforcement: Modern U.S. antitrust theory and evidence amid rising concerns of market power and its effects, Yale School of Management, https://som.yale.edu/centers/thurman-arnold-project-at-yale/modern-antitrust-enforcement.

[11] Id.

[12] See Pascrell Jr., supra note 6.

[13] Id.

[14] Id.

[15] Emily Birnbaum, Biden Team to Push ‘Ambitious’ Antitrust Crackdown on Big Tech in Congress, Bloomberg (Nov. 4, 2022, 4:21 PM), https://www.bloomberg.com/news/articles/2022-11-04/biden-plans-ambitious-antitrust-crackdown-on-big-tech-post-midterms?leadSource=uverify%20wall.

[16] Exec. Order No. 14036, 86 FR 36987 (2021).

[17] See 15 U.S.C. 18; Standard Oil Co. v. United States, 221 U.S. 1, 60-62 (1911).

[18] Exec. Order No. 14036.

[19] Modern Antitrust Enforcement: Modern U.S. antitrust theory and evidence amid rising concerns of market power and its effects, supra note 9.

[20] See Pascrell Jr., supra note 6.

 

Image Source:  https://nypost.com/2021/04/20/biden-urged-to-probe-live-nation-ticketmaster-monopoly/

By John Vantine

 

Earlier this year, Amazon once again found itself at the center of a privacy-focused controversy stemming from the methods by which its smart doorbell division, Ring, shares customer data with law enforcement.[1] In a letter sent to Senator Edward Markey on July 1, 2022, the company disclosed that it provided footage from customers’ Ring doorbells to law enforcement agencies without a warrant or consent on eleven occasions through the first six months of 2022.[2]

Ring has a history of aiding law enforcement efforts through its Neighbors Public Safety Service (“NPSS”) service.[3] NPSS offers the Neighbors by Ring application (“Neighbors”), which “provides local public safety agencies with a tool to help them better engage with and inform the communities they serve.”[4] The app is available to “every community member, which includes fire departments, police departments, and sheriff’s offices.”[5] As of July 1st, 2022, 2,161 law enforcement agencies and 455 fire departments enrolled in NPSS nationally.[6] NPSS and Neighbors have drawn scrutiny in previous years for policies some believed to be contrary to the Fourth Amendment’s privacy and warrantless search protections.[7] In response, Ring approached the Policing Project at NYU Law in 2020 to conduct an audit of their policies and work with law enforcement, with a particular focus on NPSS.[8] Following the audit, Ring “implemented over one hundred changes to its products, policies, and legal practices.”[9] The changes included the introduction of “Request(s) for Assistance,” public posts on Neighbors by verified NPSS public safety agents seeking footage that community members may voluntarily submit.[10] The Request for Assistance function was implemented in response to concerns that law enforcement officials were neglecting warrant processes by directly emailing Neighbors’ users to request footage.[11] However, Ring can sometimes manage footage requests from police differently in emergencies.[12]

The U.S. federal criminal code permits the voluntary disclosure of customer communications and records to law enforcement, without a warrant or consent, if they believe, in good faith, “that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency.”[13] In its July 1, 2022 letter to Senator Markey, Amazon confirmed that Ring reserves the right to adhere to this standard.[14] It also clarified that all eleven instances in the first half of 2022 in which customer footage was shared with law enforcement without warrants were deemed by the company to be in compliance with the law.[15] Ring was unwilling to share information from where and from which agencies these eleven emergency requests came.[16] However, the company did share that they “include cases involving kidnapping, self-harm and attempted murder.”[17]

Despite the apparent urgency of such emergency requests, skepticism about Ring’s relationship with law enforcement remains. Analysts from the Electronic Frontier Foundation point to the current review process, where no judge or Ring device owner determines whether an emergency occurred as a potential gateway to abuse by law enforcement.[18] Concerns persist that officers and agencies may be tempted to submit emergency requests in situations that do not warrant such drastic action.[19]

Whether you feel that Ring is infringing on privacy rights by cooperating with law enforcement or not, the company’s situation is sure to play a role in shaping the framework of tech-related privacy regulations moving forward.

 

 

 

[1] Alyssa Lukpat, Amazon’s Ring Gave Surveillance Footage to Authorities 11 Times This Year Without User Consent, Wall St. J. (July 14, 2022, 3:24 PM), https://www.wsj.com/articles/amazons-ring-gave-surveillance-footage-to-authorities-11-times-this-year-without-user-consent-11657823542.

[2] Id.

[3] RING & NEIGHBORS PUBLIC SAFETY SERVICE: A CIVIL RIGHTS & CIVIL LIBERTIES AUDIT, Policing Project NYU School of Law, https://www.policingproject.org/ring (last visited Dec. 2, 2022).

[4] Neighbors Public Safety Service, Ring, https://ring.com/neighbors-public-safety-service (last visited Dec. 2, 2022).

[5] Id.

[6] Letter from Brian Huseman, Vice President, Public Policy, Amazon.com, Inc., to Edward Markey, Senator, United States Senate, 4 (July 1, 2022), https://www.markey.senate.gov/imo/media/doc/amazon_response_to_senator_markey-july_13_2022.pdf.

[7] See Yesenia Flores, Bad Neighbors? How Amazon’s Ring Video Surveillance Could be Undermining Fourth Amendment Protections, Cal. L. Rev. Online (June 2020), https://californialawreview.org/amazon-ring-undermining-fourth-amendment/; Grace Egger, Ring, Amazon Calling: The State Action Doctrine & The Fourth Amendment, 95 Wash L. Rev. Online 245 (2020).

[8] Policing Project NYU School of Law, supra note 2.

[9] Id.

[10] Ring, Ring Launches Request for Assistance Posts on the Neighbors App, Ring (June 3, 2021), https://blog.ring.com/products-innovation/ring-launches-request-for-assistance-posts-on-the-neighbors-app/.

[11] Ry Crist, Ring, Google, and the Police: What to Know About Emergency Requests for Video Footage, CNET (July 26, 2022, 11:37 AM), https://www.cnet.com/home/security/ring-google-and-the-police-what-to-know-about-emergency-requests-for-video-footage/.

[12] See id.

[13] 18 U.S.C. § 2702(b).

[14] Huseman, supra note 6.

[15] Id.

[16] Crist, supra note 11.

[17] Id.

[18] Jason Kelley & Matthew Guariglia, Ring Reveals They Give Videos to Police Without User Consent or a Warrant, Electronic Frontier Foundation (July 15, 2022), https://www.eff.org/deeplinks/2022/07/ring-reveals-they-give-videos-police-without-user-consent-or-warrant.

[19] Id.

 

Image Source: https://www.vice.com/en/article/bjw9e8/inside-rings-quest-to-become-law-enforcements-best-friend