Abstract
We examine several technology-policy debates in which technical and legal perspectives are so at odds that they approach incommensurability. Investigating the use of digital rights management systems in the online-copyright debate and the dispute over the impact of end-to-end encryption on lawful surveillance, we offer an analysis of the source of this incommensurability. In these two policy debates, both sides invoke the rule of law to support their position, but in each case they draw selectively from the constituent parts of the rule of law, resulting in seemingly irreconcilable differences. We show that the rule of law is actually composed of rules (susceptible to deterministic evaluation against a set of facts) and principles (expressing important values but not susceptible to purely formal evaluation). The clash between rules and principles exacerbates the difference in perspective between system designers, who favor formal rules, and policy makers, who are more comfortable with situational application of principles. Following our observation that the rules-principles gap makes for incommensurate debate between legal and technical actors, we identify steps that each discipline can take to move toward more coherent policy for the networked, digital environment.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Note added in July 2018: On June 22, 2018, the Supreme Court ruled [4] that historical location data is subject to full Fourth-Amendment privacy protection, rejecting a lower-court decision [18], which had found that, in some circumstances, the police could access location data even without the traditional Fourth-Amendment proof of probable cause. Although it is an important step forward for privacy protection, the Carpenter decision still leaves open numerous digital-privacy questions, including what standard of privacy protection the United States Constitution provides for real-time location data.
References
Abelson, H., et al.: Keys under doormats: mandating insecurity by requiring government access to all data and communications. J. Cybersecur. 1, 69–79 (2015). https://doi.org/10.1093/cybsec/tyv009
An Open Letter from US Researchers in Cryptography and Information Security, 24 January 2014. masssurveillance.info
Barrett, D.: FBI repeatedly overstated encryption threat figures to congress, public. Washington Post, 22 May 2018
Carpenter v. United States, No. 16–402, 585 U.S. (2018)
Dworkin, R.: Taking Rights Seriously. Harvard University Press, Cambridge (1978)
Feigenbaum, J., Hendler, J., Jaggard, A., Weitzner, D.J., Wright, R.: Accountability and deterrence in online life. In: Proceedings of the 3rd International Web Science Conference. ACM, New York, June 2011. Article no. 7. https://doi.org/10.1145/2527031.2527043
Frankle, J., Park, S., Shaar, D., Goldwasser, S., Weitzner, D.J.: Practical accountability of secret processes. In: Proceedings of the 27th Security Symposium. USENIX, Berkeley, August 2018
Hennessey, S., Wittes, B.: Apple is selling you a phone, not civil liberties. Lawfare, 18 February 2016. https://lawfareblog.com/apple-selling-you-phone-not-civil-liberties
In re Search of an Apple iPhone, 2016 WL 618401
Jackson, J.: Security expert seeks to make surveillance costly again. Computerworld, 7 November 2013. https://www.computerworld.com/article/2485721/data-security/security-expert-seeks-to-make-surveillance-costly-again.html
Kroll, J., Felten, E., Boneh, D.: Secure protocols for accountable warrant execution. Working paper. https://www.jkroll.com/papers/warrant_paper.pdf
Meisner, J.: Protecting customer data from government snooping. Microsoft Technet: The Official Microsoft Blog, 4 December 2013. https://blogs.technet.microsoft.com/microsoft_blog/2013/12/04/protecting-customer-data-from-government-snooping/
Pato, J., Paradesi, S., Jacobi, I., Shih, F., Wang, S.: Aintno: demonstration of information accountability on the web. In: Proceedings of the 3rd International Conference on Privacy, Security, Risk, and Trust and 3rd International Conference on Social Computing, pp. 1072–1080. IEEE Computer Society, Los Alamitos, October 2011
Prevelakis, V., Spinellis, D.: The Athens affair. IEEE Spectr. 44(7), 26–33 (2007). https://doi.org/10.1109/MSPEC.2007.376605
Rozenshtein, A.J.: Surveillance intermediaries. Stan. Law Rev. 70, 99–189 (2018)
Rogaway, P.: The moral character of cryptographic work. Cryptology ePrint Archive, Report 2015/1162 (2015). https://eprint.iacr.org/2015/1162
Smith v. Maryland, 442 U.S. 735 (1979)
United States v. Carpenter, 819 F.3d 880 (6th Cir. 2016)
United States v. Jones, 565 U.S. 400 (2012)
Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.: Information accountability. Commun. ACM 51(6), 82–89 (2008). https://doi.org/10.1145/1349026.1349043
Acknowledgements
Feigenbaum was supported in part by US National Science Foundation grants CNS-1407454 and CNS-1409599 and by the William and Flora Hewlett Foundation grant 2016-3834. Weitzner was supported in part by the William and Flora Hewlett Foundation grant 2014-1601.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Feigenbaum, J., Weitzner, D.J. (2018). On the Incommensurability of Laws and Technical Mechanisms: Or, What Cryptography Can’t Do. In: Matyáš, V., Švenda, P., Stajano, F., Christianson, B., Anderson, J. (eds) Security Protocols XXVI. Security Protocols 2018. Lecture Notes in Computer Science(), vol 11286. Springer, Cham. https://doi.org/10.1007/978-3-030-03251-7_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-03251-7_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03250-0
Online ISBN: 978-3-030-03251-7
eBook Packages: Computer ScienceComputer Science (R0)