Irion et al. on Governing ‘European values’ Inside Data Flows

Kristina Irion (University of Amsterdam) et al. have posted “Governing ‘European values’ Inside Data Flows: Interdisciplinary Perspectives” (Internet Policy Review, 10(3)) on SSRN. Here is the abstract:

This editorial introduces ten research articles, which form part of this special issue, exploring the governance of “European values” inside data flows. Protecting fundamental human rights and critical public interests that undergird European societies in a global digital ecosystem poses complex challenges, especially because the United States and China are leading in novel technologies. We envision a research agenda calling upon different disciplines to further identify and understand European values that can adequately perform under conditions of transnational data flows.

Smith on Cross-Border Surveillance Under the US CLOUD Act

Stephen W. Smith (Stanford Law School Center for Internet and Society) has posted “Clouds on the Horizon: Cross-Border Surveillance Under the US CLOUD Act” on SSRN. Here is the abstract:

The CLOUD Act of 2018 was hailed by proponents as a significant breakthrough in the ability of U.S. law enforcement to obtain electronic data stored abroad. Far less attention has been paid to another law enforcement-friendly aspect of this law–enabling real-time surveillance in a foreign country. This chapter takes a closer look at CLOUD Act provisions that authorize, expressly or (perhaps) implicitly, live monitoring of activities by criminal suspects and others abroad. While wiretaps and pen registers are explicitly covered, two other common and extremely intrusive surveillance techniques–cell phone tracking and remote access computer monitoring (i.e. hacking)–are not mentioned at all. What are we to infer from their omission? That these common techniques are not covered at all? Or that they are covered, but buried under ambiguous verbiage unlikely to attract attention and generate opposition? At this point it is not obvious which is more likely to be the case.

This legal uncertainty is disconcerting for many reasons. First, to the extent the CLOUD Act authorizes U.S. law enforcement to unilaterally engage in real-time surveillance on foreign soil, it may violate the international law principle of territorial sovereignty. Second, U.S. jurisprudence is currently unsettled as applied to new surveillance techniques such as smartphone tracking and computer hacking; as a result, foreign governments might well be disinclined to enter into a CLOUD Act executive agreement with the U.S. permitting such activities on their soil. Finally, the extraterritorial impact of modern electronic surveillance can be dramatic, especially in the case of remote access to foreign servers and devices. Several EU countries have already recognized the special dangers posed by government hacking–to privacy, internet security, and foreign relations–and have developed a panoply of protections to mitigate those risks. By contrast, the U.S. has failed to enact any special substantive and procedural protections against the risks posed by such intrusive surveillance.

The CLOUD Act should be amended to unambiguously exclude coverage of real-time surveillance techniques. Until that is accomplished, any foreign power negotiating a CLOUD Act executive agreement should be aware of the limits and uncertainties of U.S. law concerning these surveillance methods, and insist upon robust legal standards and procedures governing their use.

Volokh on Treating Social Media Platforms Like Common Carriers

Eugene Volokh (UCLA – School of Law) has posted “Treating Social Media Platforms Like Common Carriers?” (1 Journal of Free Speech Law 377 (2021)) on SSRN. Here is the abstract:

The rise of massively influential social media platforms—and their growing willingness to exclude certain material that can be central to political debates—raises, more powerfully than ever, the concerns about economic power being leveraged into political power. There is a plausible (though far from open-and-shut) argument that these concerns can justify requiring the platforms not to discriminate based on viewpoint in choosing what material they host, much as telephone companies and package delivery services are barred from such viewpoint discrimination. PruneYard Shopping Center v. Robins, Turner Broadcasting System v. FCC, and Rumsfeld v. FAIR suggest such common-carrier-like mandates would be constitutional. On the other hand, platforms do have the First Amendment right to choose what to affirmatively and selectively recommend to their users.