29 August 2016

Tobacco Litigation

'Tobacco Litigation in International Courts' by Sergio Puig in (2016) 57 Harvard International Law Journal comments
 For years, tobacco interests have played an important role in developing international law. Recently, cooperation among nations concerned with the risks and health consequences of smoking tobacco has resulted in the adoption of international treaties, regional directives, and common administrative and regulatory practices. As a result, a wave of litigation before international courts and tribunals, including the European and Andean Courts of Justice, Investor-State Tribunals, and the World Trade Organization’s dispute settlement body, has led to novel legal questions.
This Article is the first to trace, survey, and recount the history of tobacco litigation before international courts and tribunals and to assess its contribution to international law. In particular, it pays new attention to recent efforts by tobacco interests to challenge compelled speech by exporting the far-reaching Free Speech Clause of the United States into international law, especially in the context of marketing controls, mandatory graphic warnings, and “plain packaging” labels.
This Article shows that, contrary to conventional wisdom, international courts and tribunals can play a central role in advancing and enhancing complex national, regional, and global regulations rather than eroding sovereign regulatory space. Complete deference to states’ policies, however, can also be risky as it may perpetuate the use of economic and political influence to distort the functioning of government. Hence, the history of international tobacco litigation reveals a more complex interrelationship between domestic institutions and international law than many scholars acknowledge.

Family Property

'Constitutional Law and the Limits of Discretion in Family Property Law' by Patrick Parkinson in (2016) 44(1) Federal Law Review 49-75 comments
 The argument of this Article is that the width of discretion that trial judges have to alter property rights under the Family Law Act 1975 (Cth) (‘the Act’) has been overstated. The property aspects of the Act can only be valid to the extent to which the law is an appropriate application of the marriage and divorce powers in the Constitution or is within the boundaries of the States’ reference of powers about de facto relationships. These constitutional provisions place significant constraints upon judicial discretion. In relation to marriages, the need to adjust property rights must result from the circumstances of the marital relationship or be justified as a consequence of the financial impact upon a party of its breakdown. The authority of Parliament to make laws concerning the alteration of the property rights of de facto partners is limited to cases of relationship breakdown.
Furthermore, the Family Court of Australia and the Federal Circuit Court of Australia are both Chapter III courts. That has implications for the kind of discretion that Parliament can lawfully confer upon the trial judge, and the limits of that discretion. Some recent dicta and decisions of the Full Court of the Court suggest a view of judicial discretion which, it is argued, is inconsistent with the nature of judicial power in a Chapter III court. The discretion of trial judges is fettered by three duties: The duty to follow the interpretation of the Act as established authoritatively by appellate decisions, taking account of guidelines in appellate judgments; the duty to give reasons that explain the outcome of the case, and in particular, to justify the alteration of legal and equitable interests in specific items of property; and the duty to avoid arbitrary and capricious decision-making.
The current jurisprudence on family property law is not necessarily consistent with these constitutional limitations.

Sumptuary Law and OMGs in Queensland

The Queensland Premier in an exercise of 'tougher than you' has announced 'Bikies to be banned from “wearing colours” in public', an initiative of interest to criminologists and scholars of sumptuary law.

The media release states
Outlaw Motorcycle Gangs will be banned from wearing their colours in public anywhere in Queensland under the Palaszczuk Government’s tough new package of laws to better tackle serious organised crime.
The move will extend the current prohibition on wearing colours in licenced venues into all public places across the State.
Premier Annastacia Palaszczuk said Outlaw Motorcycle Gangs have been a very visible and intimidating part of organised crime.
“The days of brazen, menacing rides through our streets and cities in daunting gang colours are over,” Ms Palaszczuk said.
“Under Campbell Newman’s laws, gang colours were still permitted on our streets. Under my laws, they won’t be."
“The gangs can expect no let-up from police and prosecutors. I want more convictions not less, something we haven’t seen under the LNP laws."
“My Government’s new laws will give the police and our courts workable, enforceable laws to convict those involved in all forms of serious crime,” the Premier said.
Attorney-General and Minister for Justice Yvette D’Ath said the extension of the ban will target outlaw motorcycle gangs, without impacting legitimate, law-abiding motorcycle riders and clubs.
“The Taskforce Report on Organised Crime Legislation recommended the Government retain the provisions in the Liquor Act that ban the wearing of prohibited items such as OMCG colours in licenced venues,” Mrs D’Ath said.
“The Government is adopting that recommendation but taking it further, because we recognise the fear and intimidation caused by colours, wherever they are worn."
“They can also intimidate victims or witnesses to crimes, who may fear the consequences if they come forward."
“That intimidation goes directly to the behaviour of OMCGs that is rightfully a concern to the Queensland public and Queensland Police."
“We want to ensure the safety of our community, and are committed to giving law enforcement agencies the tools they need to make that happen.”
It is intended the offence will carry escalating penalties including imprisonment, and police will be empowered to confiscate banned items on the spot.
The Palaszczuk Government’s commitment to tackling organised crime in all its forms means the provisions that will prevent outlaw motorcycle gang clubhouses reopening can also be used to shut down premises such as call centres being used for boiler room fraud rackets.
Police Minister Bill Byrne said the new laws will also retain additional mandatory penalties as an inducement for offenders to cooperate with police.
“Our crackdown on serious organised crime will be all-encompassing,” Mr Byrne said.
“That’s why police have been involved through the development of this new regime."
“Key stakeholders have had also had input into the Commission of Inquiry into the Criminal Organisations Act and the Taskforce on Organised Crime Legislation.”
The new package will be introduced to Parliament in the next fortnight to allow consultation on the specific provisions of the draft legislation. The Government will work toward the passage of the laws through the Parliament by the end of this year.

26 August 2016

NIST on Deidentification

The draft NIST Special Publication 800-188 De-Identifying Government Datasets [PDF] by Simson L. Garfinkel comments
De-identification removes identifying information from a dataset so that the remaining data cannot be linked with specific individuals. Government agencies can use de-identification to reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing government data. Previously NIST published NISTIR 8053, “De-Identifying Personal Data,” which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification. Before using de-identification, agencies should evaluate their goals in using de-identification and the potential risks that de-identification might create. Agencies should decide upon a de-identification release model, such as publishing de-identified data, publishing synthetic data based on identified data, and providing a query interface to identified data that incorporates de-identification. Agencies can use a Disclosure Review Board to oversee the process of de-identification; they can also adopt a de-identification standard with measurable performance levels. Several specific techniques for de-identification are available, including de-identification by removing identifiers and transforming quasi-identifiers and the use of formal de-identification models that rely upon Differential Privacy. De-identification is typically performed with software tools which may h ave multiple features; however, not all tools that mask personal information provide sufficient functionality for performing de-identification. This document also includes an extensive list of references, a glossary, and a list of specific de-identification tools, although the mention of these tools is only to be used to convey the range of tools currently available, and is not intended to imply recommendation or endorsement by NIST.
The document goes on to state
The US Government collects, maintains, and uses many kinds of datasets. Every federal agency creates and maintains internal datasets that are vital for fulfilling its mission, such as delivering services to taxpayers or ensuring regulatory compliance. Federal agencies can use de-identification to make government datasets available while protecting the privacy of the individuals whose data are contained within those datasets.
Increasingly these government datasets are being made available to the public. For the datasets that contain personal information, agencies generally first remove that personal information from the dataset prior to making the datasets publicly available. De-identification is a term used within the US Government to describe the removal of personal information from data that are collected, used, archived, and shared. De-identification is not a single technique, but a collection of approaches, algorithms, and tools that can be applied to different kinds of data with differing levels of effectiveness. In general, the potential risk to privacy posed by a dataset’s release decreases as more aggressive de-identification techniques are employed, but data quality decreases as well.
The modern practice of de-identification comes from three distinct intellectual traditions:
• For four decades, official statistical agencies have researched and investigated methods broadly termed Statistical Disclosure Limitation (SDL) or Statistical Disclosure Control
• In the 1990s there was an increase in the unrestricted release of microdata, or individual responses from surveys or administrative records. Initially these releases merely stripped obviously identifying information such as names and social security numbers (what are now called direct identifiers). Following some releases, researchers discovered that it was possible to re-identify individual data by triangulating with some of the remaining identifiers (now called quasi-identifiers or indirect identifiers). The result of this NIST research was the development of the k-anonymity model for protecting privacy, which is reflected in the HIPAA Privacy Rule.
• In the 2000s, computer science research in the area of cryptography involving private information retrieval, database privacy, and interactive proof systems developed the theory of differential privacy , which is based on a mathematical definition of the privacy loss to an individual resulting from queries on a database containing that individual’s personal information. Starting with this definition, researchers in the field of differential privacy have developed a variety of mechanisms for minimizing the amount privacy loss associated with various database operations.
In recognition of both the growing importance of de-identification within the US Government and the paucity of efforts addressing de-identification as a holistic field, NIST began research in this area in 2015. As part of that investigation, NIST researched and published NIST Interagency Report 8053, De-Identification of Personal Information.
Since the publication of NISTIR 8053, NIST has continued research in the area of de-identification. NIST met with de-identification experts within and outside the United States Government, convened a Government Data De-Identification Stakeholder’s Meeting in June 2016, and conducted an extensive literature review.
The decisions and practices regarding the de-identification and release of government data can be integral to the mission and proper functioning of a government agency. As such, these activities should be managed by an agency’s leadership in a way that assures performance and results in a manner that is consistent with the agency’s mission and legal authority. Before engaging in de-identification, agencies should clearly articulate their goals in performing the de-identification, the kinds of data that they intend to de-identify and the uses that they envision for the de-identified data. Agencies should also conduct a risk assessment that takes into account the potential adverse actions that might result from the release of the de-identified data; this risk assessment should include analysis of risk that might result from the data being re-identified and risk that might result from the mere release of the de-identified data itself.
One way that agencies can manage this risk is by creating a formal Disclosure Review Board (DRB) consisting of stakeholders within the organization and representatives of the organization’s leadership. The DRB should evaluate applications for de-identification that describe the data to be released, the techniques that will be used to minimize the risk of disclosure, and how the effectiveness of those techniques will be evaluated.
Several specific models have been developed for the release of de-identified data. These include:
• The Release and Forget model: The de-identified data may be released to the public, typically by being published on the Internet.
• The Data Use Agreement (DUA) model: The de-identified data may be made available to qualified users under a legally binding data use agreement that details what can and cannot be done with the data.
• The Simulated Data with Verification Model: The original dataset is used to create a simulated dataset that contains many of the aspects of the original dataset. The simulated dataset is released, either publically or to vetted researchers. The simulated data can be used to develop queries or analytic software; these queries and/or software can then be provided to the agency and be applied on the original data. The results of the queries and/or analytics processes can then be subjected to Statistical Disclosure Limitation and the results provided to the researchers.
• The Enclave model:  The de-identified data may be kept in some kind of segregated enclave that restricts the export of the original data, and instead accepts queries from qualified researchers, runs the queries on the de-identified data, and responds with results.
Agencies can create or adopt standards to guide those performing de-identification. The standards can specific disclosure techniques, or they can specify privacy guarantees that the de-identified data must uphold. There are many techniques available for de-identifying data; most of these techniques are specific to a particular modality. Some techniques are based on ad-hoc procedures, while others are based on formal privacy models that make it possible to rigorously calculate the amount of data manipulation required of the data to assure a particular level of privacy protection.
De-identification is generally performed by software. Features required of this software includes detection of identifying information; calculation of re-identification probabilities; performing de-identification; mapping identifiers to pseudonyms; and providing for the selective revelation of pseudonyms . Today there are several non-commercial open source programs for performing de-identification but only a few commercial products. Currently there are no performance standards, certification, or third-party testing programs available for de-identification software.

25 August 2016


'A Grave Situation: An Examination of the Legal Issues Raised by the Life and Death of Charles Byrne, the “Irish Giant”' by Thomas Louis Muinzer in (2013) 20 International Journal of Cultural Property 23-48 comments
Charles Byrne was an eighteenth-century celebrity “Irish giant” who requested burial upon nearing death, but whose corpse was procured against his wishes by the surgeon John Hunter. Hunter reduced Byrne’s corpse to its skeleton and exhibited it as the centerpiece of his vast anatomical collection. It has since remained on display in the Hunterian Museum, London. In 2011 it was announced that research conducted on the skeleton’s DNA has revealed that several Northern Irish families share a common ancestry with Byrne. This article considers the legal issues raised by Byrne’s story. The results of fieldwork undertaken by the author in Byrne’s native townland are also discussed, where folk tradition suggests that Byrne wished to be buried foremost at a local site remembered today as “the Giant’s Grave.”
Muinzer notes that a body snatcher for Hunter
had Byrne’s body secretly swapped in its coffin for dead weight as the [burial] party stopped over-night to rest, and a further accomplice covertly transported the corpse thence to Hunter. Hunter immediately reduced Byrne’s body to its bones by stripping the flesh in a large boiling cauldron. He then hid the remains away so that any evidence implicating him in the misdeed was out of sight. When things had settled down, he bound the bones together in their correct skeletal arrangement, studied the skeleton, and wrote up his findings. Four years passed before Hunter revealed publically that the skeleton had become a part of his collection of anatomical specimens, and interested parties were invited to view the Irishman’s remains. 
Today Hunter’s enormous specimen collection, the Hunterian Museum, is open to the public free of charge in the Royal College of Surgeons, London. At its center, in a towering, illuminated display case, is the skeleton of Charles Byrne. Len Doyal and the present author have argued in the British Medical Journal that the skeleton ought to be removed from public display and that the remains ought to be buried in accordance with Byrne’s wishes. Byrne’s position at the center of the Hunterian Collection perhaps brings to mind one of Hunter’s own aphorisms, “No man ever was a great man who wanted to be one.”

Reading Privacy Boilerplate

'The Biggest Lie on the Internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services' by Jonathan A. Obar and Anne Oeldorf-Hirsch addresses
‘the biggest lie on the internet’ with an empirical investigation of privacy policy (PP) and terms of service (TOS) policy reading behavior. An experimental survey (N=543) assessed the extent to which individuals ignore PP and TOS when joining a fictitious social networking site, NameDrop. Results reveal 74% skipped PP, selecting ‘quick join.’ For readers, average PP reading time was 73 seconds, and average TOS reading time was 51 seconds. Based on average adult reading speed (250-280 words per minute), PP should have taken 30 minutes to read, TOS 16 minutes. A regression analysis revealed information overload as a significant negative predictor of reading TOS upon signup, when TOS changes, and when PP changes. 
Qualitative findings further suggest that participants view policies as nuisance, ignoring them to pursue the ends of digital production, without being inhibited by the means. Implications were revealed as 98% missed NameDrop TOS ‘gotcha clauses’ about data sharing with the NSA and employers, and about providing a first-born child as payment for SNS access.

24 August 2016

Ashley Madison Data Breach

The Privacy Commissioner of Canada and the Australian Privacy Commissioner have released a report on their joint investigation into the 2015 Ashley Madison data breach.

The report states
On 15 July 2015, a person or group identifying itself as ‘The Impact Team’ announced that it had hacked ALM. The Impact Team threatened to expose the personal information of Ashley Madison users unless ALM shut down Ashley Madison and another of its websites, Established Men. ALM did not agree to this demand. On 20 July 2015, following media reports and after an invitation from the Office of the Privacy Commissioner of Canada (OPC), ALM voluntarily reported details of the breach to the OPC. Subsequently, on 18 and 20 August 2015, The Impact Team published information it claimed to have stolen from ALM, including the details of approximately 36 million Ashley Madison user accounts. The compromise of ALM’s security by The Impact Team, together with the subsequent publication of compromised information online, is referred to in this report as ‘the data breach’. 
Given the scale of the data breach, the sensitivity of the information involved, the impact on affected individuals, and the international nature of ALM’s business, the Office of the Australian Information Commissioner (OAIC) and the OPC jointly investigated ALM’s privacy practices at the time of the data breach. The joint investigation was conducted in accordance with the Australian Privacy Act 1988 (Australian Privacy Act) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). The collaboration was made possible by the OAIC and OPC’s participation in the Asia-Pacific Economic Cooperation (APEC) Cross-border Privacy Enforcement Arrangement and pursuant to ss 11(2) and 23.1 of PIPEDA and s 40(2) of the Australian Privacy Act. 
The investigation initially examined the circumstances of the data breach and how it had occurred. It then considered ALM's information handling practices that may have affected the likelihood or the impact of the data breach. For clarity, this report makes no conclusions with respect to the cause of the data breach itself. The investigation assessed those practices against ALM's obligations under PIPEDA and the Australian Privacy Principles (APPs) in the Australian Privacy Act. 
The primary issue under consideration was the adequacy of the safeguards ALM had in place to protect the personal information of its users. Although ALM's security was compromised by The Impact Team, a security compromise does not necessarily point to a contravention of PIPEDA or the Australian Privacy Act. Whether a contravention occurred depends on whether ALM had, at the time of the data breach: for PIPEDA: implemented safeguards appropriate to the sensitivity of the information it held; and for the Australian Privacy Act: taken such steps as were reasonable in the circumstances to protect the personal information it held. 
The investigation also considered the following related information handling practices of ALM: ALM’s practice of retaining personal information of users after profiles had been deactivated or deleted by users, and when profiles were inactive (that is, had not been accessed by the user for an extended period of time); ALM’s practice of charging users to “fully delete” their profiles; ALM’s practice of not confirming the accuracy of user email addresses before collecting or using them; and ALM’s transparency with users about its personal information handling practices. 
The investigation identified a number of contraventions of the APPs and PIPEDA. 
Although ALM had a range of personal information security protections in place, it did not have an adequate overarching information security framework within which it assessed the adequacy of its information security. Certain security safeguards in some areas were insufficient or absent at the time of the data breach. 
The findings of this report include important lessons for other organizations that hold personal information. The most broadly applicable lesson is that it is crucial for organizations that hold personal information electronically to adopt clear and appropriate processes, procedures and systems to handle information security risks, supported by adequate expertise (internal or external). This is especially the case where the personal information held includes information of a sensitive nature that, if compromised, could cause significant reputational or other harms to the individuals affected. Organizations holding sensitive personal information or a significant amount of personal information, as was the case here, should have information security measures including, but not limited to: a security policy(cies); an explicit risk management process that addresses information security matters, drawing on adequate expertise; and adequate privacy and security training for all staff. 
It is not sufficient for an organization such as ALM, or any organization that holds large amounts of personal information of a sensitive nature, to address information security without an adequate and coherent governance framework. 
The OAIC and OPC provided a number of recommendations for ALM to follow to ensure it addressed the issues discussed in this report and brings itself into compliance with PIPEDA and the Australian Privacy Act with respect to those issues. 
The Privacy Commissioner of Canada has accepted a compliance agreement, and the Acting Australian Information Commissioner has accepted an enforceable undertaking, from ALM. In accordance with these agreements ALM will be required to take significant additional steps to address the issues identified in this report to protect the privacy of individuals, some of which have already been initiated by ALM.