Harvard faculty reacted angrily to Harvard’s search of Resident Deans’ emails. (Resident Deans are administrators who oversee the affairs of Harvard’s residential dorms.) Harvard conducted the search, without notice to the deans whose accounts were searched, in order to determine how confidential information regarding last year’s cheating scandal leaked to the press. Through the search, Harvard determined that the memo was forwarded by one Resident Dean to two students.

Harvard faculty criticized the search on the ground that it violated Harvard policy, which guaranteed faculty members that their Harvard email accounts would not be searched except in “extraordinary circumstances” and only then with prior notice. (See, for example, computer science professor Michael Mitzenmacher’s post, which describes Harvard’s email policy.) Harvard countered that the policy was not violated because Resident Deans were assigned two email accounts – a personal account and an account to use in connection with their responsibilities as Resident Deans, and only the Resident Dean accounts were searched. Additionally, the email searches accessed only the subject lines and not the other content of the emails.

Much of the debate over the search has focused on whether Harvard violated its own email policies and guarantees to its faculty. But the story brings up a number of interesting what-ifs that are interesting to contemplate. If Harvard had been a public institution instead of a private university, the search might have violated the Fourth Amendment. (See City of Ontario v. Quon.) If Harvard had stored its emails on a third-party service rather than its own server, accessing the communications might have violated the Stored Communications Act. Even if Harvard’s IT department offered email accounts to the public rather than only to Harvard employees, the IT department may have been required to keep the content of the emails confidential. Another interesting aspect of the case is that Harvard defended its actions in part by saying it only accessed the subject lines of emails and not the “contents” of the emails – but the DOJ considers subject lines “content.” (See page 123 of the DOJ manual on obtaining electronic evidence in criminal investigations.)

Report on China Cyberattacks Renews Discussion on Cyberespionage Law

In other news, the security group Mandiant released a report that traced the majority of the cyberattacks originating inside China and targeted at Americans to a neighborhood in Shanghai where a unit of the People’s Liberation Army is located. The attacks originating in the neighborhood, tied circumstantially to P.L.A. Unit 61398, included intrusions on American government, infrastructure, and companies. One of the most surprising items in the report was that the P.L.A. allegedly deployed its hackers to give Chinese beverage company Huiyuan Juice Group an advantage in negotiations with Coca-Cola, by accessing Coca-Cola’s servers to steal confidential company files. According to the report, five legal services organizations were also targeted. The information renewed the discussion on creating new international law on cyberespionage.

Higher Standard for Search of Computers at Border in Ninth Circuit

The border-search exception, a doctrine allowing Border Patrol agents to conduct routine searches of closed containers at an international border or airport, was qualified by a Ninth Circuit decision last Friday requiring that agents have “reasonable suspicion” of wrongdoing before searching electronic devices. The “reasonable suspicion” standard is lower than the “probable cause” standard for a warrant, but is a higher standard than not requiring any suspicion at all. The decision was limited to “comprehensive searches,” leaving undecided the question of what constitutes a comprehensive search. But for now, travelers leaving or entering the country from a point within the Ninth Circuit can be slightly more assured of the privacy of their computer files.

Digital Rights Management Feature Makes SimCity Fans Angry

The newest version of SimCity, SimCity 2013, was released on March 5, only to be pulled on Amazon a week later. The cause? Complaints of SimCity fans, many of whom probably started their connection with the franchise before they had a home Internet connection. To prevent pirating and protect digital rights, SimCity used a common technique – requiring a persistent Internet connection during gameplay to verify that the copy was legally obtained. But the plan turned out poorly for many SimCity players, who had trouble connecting to SimCity’s servers and in some cases lost games when their connections failed. Although SimCity’s manufacturer, Electronic Arts, says it has by now addressed most of the problems, the case illustrates one of the pitfalls of a technological safeguards for digital rights management. This could provide fodder for either those who argue that EA should try less hard to prevent piracy or those who believe that government should step in with harsher or more-enforced penalties to dissuade would-be pirates in the absence of hardwired safeguards.

Spurred by the E-Government Act of 2002, which created a centralized site for submission of electronic comments, agencies have shifted their comment-gathering efforts toward e-mail and online forums. See Strauss et. al., Gellhorn & Byse’s Adminstrative Law 534-46 (11th ed. 2011).  Regulations.gov, the centralized rulemaking comment site, allows users to find and comment on all rules proposed by federal agencies. Since the beginning of 2012, agencies have posted more than 5,000 rules while users have submitted approximately 340,000 comments. Submitting a comment is as easy as clicking the blue “Comment Now!” buttons that are ubiquitous throughout the site. Transitioning from postcards and faxes to websites and e-mails has increased the quantity of submissions, at least in certain high profile cases. See John M. de Figueiredo, When Do Interest Groups Use Electronic Rulemaking, in eRulemaking at the Crossroads 19-20 (2006).

Shulman argues that “low quality, redundant, and generally insubstantial” comments on certain topics “annoy government officials with a mind-numbing redundant task that impedes real work” and obscure the few potentially valuable comments that are submitted. Shulman at 26-29. According to Shulman, quality matters, not quantity. Advocacy organizations lead constituents to believe that submitting a generic comment has an effect on outcomes, but agencies use the comment process to gather pertinent facts and identify new issues—and not as a referendum. Id. at 34-35. Shulman analyzed 1,000 of the longest comments submitted during a proposed rulemaking by the EPA and found that at most 5% presented the agency with potentially new information. Id. at 45. A 2006 survey of existing research suggested that e-rulemaking has not increasing the quality of participation. Any increased participation took the form of mass-comment campaigns. S.M. Benjamin, Evaluating E-Rulemaking: Public Participation and Political Institutions, 55 Duke L. J. 893, 933-35.

Karpf, on the other hand, argues that mass submissions of electronic comments are nothing new: they are merely an adaptation of the postcard campaigns that were common before the Internet. Comment drives “giv[e] people a simple first step to participation.” Id. at 14. Additionally, high-volume campaigns, even if low-quality, provide information to rule makers by “singnal[ing] broad public outrage,” or at least strong sentiments from specific segments of the population, regarding a proposed rulemaking. Id. at 12. Solicitation of comments can increase the quality of interest group participation by helping interest groups determine which issues resonate with their members. Id. at  33. Moreover, Karpf’s study of emails sent by activist groups reveals that calls to submit comments to a federal agency are relatively rare. Id. at 27.

The same technology that powers spam filters and electronic discovery could help agencies avoid the backlog of sorting through comments while providing the signaling and participation advantages that Karpf identifies. After a sample of the submissions are sorted by hand, a remainder of the submissions may be sorted automatically through a process known as active learning. See Cardie et. al., Active Learning for e-Rulemaking: Public Comment Categorization, in The Proceedings of the 9th Annual International Digital Government Research Conference 234 (2008) (describing one method of automatic categorization of agency comments using “active learning” algorithms). There is little indication that the agencies currently employ active learning filters on the data they receive. According to Shulman, electronic comments received on a 2004 rulemaking were printed and “reportedly sorted by the shape of the words on the page by a team of 15 staffers making piles.” Shulman at 46. A description of the process by which comments were reviewed in 2008 did not indicate that any automatic sorting took place. Committee on the Status and Future of Federal e-Rulemaking, Achieving the Potential: The Future of Federal e-Rulemaking 12-16 (2008). A 2011 survey notes that the White House and some agencies are implementing the crowdsourcing software IdeaScale, which ranks comments according to popularity, but does not mention active learning. Cary Coglianese, Federal Agency Use of Electronic Media in the  Rulemaking Process 14-15 (2011).

Importing active learning technology into rulemaking would resolve the issues that Shulman points out by cutting down on agency resources required to review comments and pulling potentially new and relevant information to the top of the heap. Additionally, grouping similar comments would have the desired effect of drawing attention to strong feelings from specific segments of the population. Once comments are categorized by sentiment, agencies could more effectively use metadata associated with the comments to develop a better picture of those supporting or opposing the rule. Use of this technology may raise concerns that not all comments will be read—an important comment could be missed by an automated review and never be read by an agency employee. However, if automated review in e-discovery is any indication, computers can be trained to outperform humans in selecting relevant submissions, leading to a smoother notice-and-comment process for both agencies and advocates. See Maura R. Grossman & Gordon V. Cormack, Technology-Assisted Review in E-Discovery Can Be More Effective and More Efficient Than Exhaustive Manual Review, XVII Rich. J.L. & Tech. 11 (2011).

A new law in California allows Google’s cars on the road, as long as there is a driver inside ready to take control. This license to Google to test their cars comes on the heels of similar legislation in Nevada. A reporter from CNN test-drove Google’s car, and a columnist for Wired predicted that nobody will need a drivers’ license in 2040.

FBI Battles Industry Over Access to Electronic Communication

In the good old days, it was easy for the FBI to open a wiretap on a landline. With more would-be wrongdoers communicating through other channels, like VoIP, instant message, email, or social networks, the FBI has had a harder time monitoring communication. In May, the FBI proposed an amendment to the Communications Assistance for Law Enforcement Act that would require providers of these technologies to build the FBI a backdoor for eavesdropping on users. At the same time, the Wall Street Journal reports that technology companies are pushing back on the FBI’s attempts to monitor content, questioning the Third Party Doctrine. Google recently challenged the legality of an FBI search warrant, refusing to share the content of a smartphone belonging to a suspected pimp.

Gizmodo’s Coverage of the Apple Maps Release

Apple’s iOS6 came with Apple Maps, creating much grumbling. Apple reassured customers, “The more people use it, the better it will get.” Gizmodo has an interesting collection of posts on the topic, including speculation on why Apple made the switch and and reactions from people whose iPhone got them lost. However, students of contract law can take note that Apple had a whole year left on its contract with Google. Apple’s release of the new app mid-contract caught Google off-guard.

Facebook Will Not Use Facial Recognition Software in Europe

Facebook turned off tag suggestion for all users after European regulators objected to the feature as an invasion of privacy. The tag suggestion feature recognized the faces of users in photo albums and helped those users’ friends tag photos of them. Facebook plans to restore tag suggestion outside of Europe, but did not say when the feature will return. The feature will return to Europe only after approval by the regulators.

New York Times Discusses Environmental Impact of Data Centers

The Time’s James Glanz wrote a thought-provoking series on the environmental and social externalities of data centers and other infrastructure that power the Internet. In the first article, Glanz described the astronomical power needs of some data centers, which are equipped to handle peak traffic. The next article examines the impact of data center construction on rural communities.