The Technology Law and Public Policy Clinic (Tech-Law Clinic) works at the intersection of public policy and technology. Students have the opportunity to write laws, compose policy papers, meet with stakeholders and provide legislative testimony. Tech-Law clinicians learn about the policy making process, work with a project team and select and address a current issue where high tech and public policy cross. The Tech-Law Clinic is a unique opportunity to learn about and influence the policy making process.
Vicky Wei and Teresa Stephenson
Technological innovation has led to the prevalent use of algorithms in everyday decision making. So ubiquitous is the application of algorithms that many may not recognize its impact on their daily lives. From online shopping to applying for a home loan, algorithms are at play in categorizing and filtering individuals to serve the goal of providing more accurate and efficient results than human decisionmaking would. At the basic level, algorithms are nothing more than a series of step-by-step instructions compiled by a computer, which then analyzes swaths of data based on those instructions. However, when algorithms use incorrect variables to filter results—such as certain stereotypes about minorities—or, more imperceptibly, learn bad habits from how humans behave online, our absolute reliance on their results can cause disparate harm to minority communities.
The pervasive use of algorithms by both corporate and government organizations for the purposes of efficiency and pattern analysis in the collection of Big Data has brought questions to light as to (1) whether these algorithms are fair across the board and (2) whether they contribute to disparate outcomes resulting in discriminatory practices. The inquiry then ultimately turns to the legal methods to regulate algorithms in order to combat their negative influence while still maintaining all the technological success and convenience society enjoys.
Submitted to the American Civil Liberties Union of Washington State.
Employer Liability and Bring Your Own Device: Do Existing Regulations Support Employer Liability for a Compromised Personal Device?
Beth A. Hutchens
As employers increasingly permit employees to use their personal devices (known as Bring Your Own Device, or “BYOD”) for business purposes, and as the risk of data exposure continues to rise, the question of how, when, and against whom to attach liability remains in flux. This paper will endeavor to explore employer liability as viewed through the lens of hacked or compromised BYOD devices. The research begins by identifying BYOD as a concept along with the risks and benefits incident to the practice. It then discusses current state and federal data protection regulations. It then explores recurring themes in data breach litigation with a particular emphasis on portable device cases. In the remaining parts, the author attempts to discover congruencies in data breach liability and employer liability for portable devices by examining two states with strict data protection regulations that could apply to portable devices regardless of the question of ownership. Lastly, the author identifies the arguments against regulating BYOD devices and suggests that current regulatory frameworks provide ample redress for compromised personal devices used for work purposes.
Submitted to the Washington State Office of Privacy and Data Security.
Beth Hutchens, Gavin Keene, and David Stieber
The Internet of Things (IoT)—the internetworking of “smart” devices for the purpose of collecting and exchanging data—is developing rapidly. Estimates of the number of IoT devices currently in circulation range from 6.4 to 17.6 billion. By 2020, those numbers could reach upward of 30 billion. While the technology encourages innovation and promotes data-driven policymaking, it also compromises consumer privacy, security, and safety. Consumers are generally unaware that IoT devices transmit scores of personally-identifiable information with only rudimentary security protections in place. For some devices, inadequate security measures unnecessarily risk consumer safety by leaving the devices vulnerable to remote manipulation by third parties.
Whether IoT-connected devices found in a “smart” home should be regulated to ensure appropriate protections for consumers and their data.
The IoT should be regulated but not yet. The industry is still in its infancy and the current political climate is too unstable. Over the next decade, the industry should be closely studied and regulation should be revisited once all of the main risks are assessed.
Directed to the Washington State Office of Privacy and Data Security.
Brian Conley, Jeffrey Echert, Andrew Fuller, Heather Lewis, and Charlotte Lunday
Cryptocurrencies are open-source, peer-to-peer digital currencies. Two of their most distinctive features include the use of public key cryptography to secure transactions and create additional currency units, as well as the decentralized nature of their digital payment systems. The underlying technical system which all cryptocurrencies are modelled after is that of the original cryptocurrency,
Bitcoin was created by “Satoshi Nakamoto” a person or group credited with writing the first paper on the digital currency in 2008. Certain key elements differentiate cryptocurrencies from traditional electronic currency systems such as electronic banking and PayPal, most notably their decentralized control mechanisms. That is, traditional methods involve a single entity recording, verifying, and ensuring transactions. With many cryptocurrencies, including Bitcoin, past transactions are recorded on a public ledger and verification of transactions is outsourced to users.
Bitcoin and other cryptocurrencies provide users many benefits, including ease of digital transactions, lower transaction costs, and enhanced privacy. However, these benefits come with concerns regarding consumer protection and fraud deterrence. Three pressure points persist: the irretrievability problem (the inability to call back a bitcoin once it has been transferred), bitcoin mining malware, and exchange services. Also problematic is the lack of uniformity from state-to-state regarding cryptocurrencies’ (predominately Bitcoin’s) categorization as either currency or property. Defining cryptocurrencies as currency facilitates its use as a method of exchange, while categorizing it as property may be easier for tax collection purposes.
Bitcoin’s encrypted nature problematizes the digital currency as abandoned property. Traditionally, abandoned property reverts to the state after a statutorily set period of time. In instances of cash, gold, etc. this is fairly easy – ownership of the valuable goods transfers to the state after the statutory period. Generally, banks and financial institutions are required by state laws to retain a customer’s property for a period of time, usually five years, before the property will escheat to the state. However, Bitcoin creates circumstances in which the value of the abandoned property is permanently lost rather than transferred to the state. Finally, a fear concerning Bitcoin and other digital currencies is the potential for use in criminal activity. The pseudonymous nature of the transactions, the ease with which funds can be transferred across geographical distances, and the inherent risk in the currency have fueled hesitation and fear. This paper defines cryptocurrencies, Bitcoin, and explains the processes and vulnerabilities facing Bitcoin user, as well as the currency’s potential as a tool for criminal activity. Additionally, each section concludes with policy suggestions to help inform legislators and general audiences on the nature and Bitcoin, as well as provide insights into the digital currency’s’ general usage.
Note: This paper was prepared for general education purposes by students in the University of Washington School of Law's Technology Law and Public Policy Clinic, under the guidance of Professor William Covington
On December 13, 2012 then-Mayor Mike McGinn announced a partnership between the City of Seattle, the University of Washington, and a company called Gigabit Squared that was to bring ultra high speed Internet connections to twelve neighborhoods within Seattle.1 Called Gigabit Seattle, the plan promised a fiber-to-the-premises (FTTP) network to 50,000 city households and businesses, serving over 100,000 residents.2 The letter of intent between the city and Gigabit Squared stated the company would seek $25 million in capital with the network built and operational within 24 months that would provide connection speeds to customers of up to 1000 megabits per second (Mbps).3 The announcements were high-profile and grandiose, with eruptions of applause and whistles at Mayor McGinn’s announcement of the project to a standing-room only crowd at Seattle Tech Meetup.4 But barely a year after the announcement, on January 7, 2014, the project had apparently entirely fallen apart, with the newly elected Mayor Ed Murray declaring the project dead and Gigabit Squared owing the city $52,250 in unpaid bills for work the city did for the company. What happened?
Were the initial promises too good to be true? Had the parties grossly underestimated the massive scope of the project? Had Gigabit Squared misrepresented its position to the city, over-promising and under-performing as the project stumbled? While definitive answers are hard to come by, it seems the answers to all of these questions are yes. But that does not mean ultra high speed Internet connections cannot come to Seattle. The desire from both the city government and residents seems to be present, and some individuals are picking up the pieces to see another project come to fruition. But it must be understood just how important the project is for Seattle to continue as a leader in technology, medicine, and business.
Sexual Exploitation in the Digital Age: Non-Consensual Pornography and What Washington Can Do to Stop It
Farah Ali, Brian Conley, Heather Lewis, and Charlotte Lunday
James Barker, Nicholas Pleasants, Shudan Zhu, Peter Montine, and Rachel Wilka
Autonomous Vehicle Law Report and Recommendations to the ULC Based on Existing State AV Laws, the ULC's Final Report, and Our Own Conclusions about What Constitutes a Complete Law
University of Washington Technology Law and Public Policy Clinic
This report was created by the University of Washington’s Technology Law and Policy Clinic for the Uniform Law Commission (ULC). It was created at the request of Robert Lloyd, Professor of Law at the University of Tennessee and a member of the ULC’s subcommittee for autonomous vehicles. The report aims to do three things: (1) present the existing autonomous vehicle provisions on the books in California, Michigan, Florida, Nevada, and Washington, D.C.; (2) analyze these provisions, address related questions raised in the ULC’s Final Report, and make recommendations to the ULC; and (3) offer draft provision language to illustrate our recommendations.
Our analysis sometimes favors select state provisions that we think get it right and sometimes creatively suggests provisions that no state has adopted. Professor Lloyd asked us to be forward-looking and creative in our thinking, particularly as it relates to provisions surrounding the deployment, sale, and consumer-operation of autonomous vehicles (relatively uncharted territory). This report reflects this charge, while attempting to firmly ground itself in the wisdom of existing state provisions and surrounding scholarship. The report starts by addressing definitional provisions, moves to provisions related to the testing and certification of autonomous vehicles, and concludes with provisions covering deployed and salable autonomous vehicles.
The implications of 3D printing are manifold, with some commentators anticipating permanent market disruption in the massive (and ill-defined) field of small physical things. I begin this paper by asserting that the opportunities afforded by 3D printing are so attractive that it is a mere matter of time before an explosion of use; but that the diffusion of manufacturing to the consumer level is poised to put individual end-users in uncomfortably close contact with intellectual property law.
By analogy to the physical CD-distribution model, and the ways in which it broke down in the Napster era, (and with sensitivity to the technological and physical limitations of 3D printing,) I will argue that the copyright landscape as it currently exists is not up to the challenge of managing consumer-grade 3D printing, but that legal clarification as to the copyright eligibility of CAD designs and products can substantially improve this situation.
Moreover, I will argue that business should apply copyright delicately to 3D printing. Rather than enforcing copyrights on a similarity basis, industry should instead adopt permissive models of licensing to manage 3D-printable parts, thereby letting go of a part of the market in order to preserve consumer goodwill and develop new markets.
Submitted to the Washington State Legislature, Technology and Economic Development Committee.
University of Washington Technology Law and Public Policy Clinic
Technology is essential for economic growth and job creation. Ensuring Washington has 21st century digital infrastructure, such as high-speed broadband Internet access, fourth-generation (4G) wireless networks, new healthcare information technology and a modernized electrical grid, is critical to the long-term prosperity and competitiveness of our state. The Internet is a global platform for communication, commerce and individual expression, and now promises to support breakthroughs in important national priorities such as healthcare, education and energy. Additionally, the Internet and information technology can be applied to make government more effective, transparent and accessible to all Americans.
For Washington, improvement of broadband access will open up ways for our state’s innovators and entrepreneurs to reassert and extend national and global leadership. It will unlock doors of opportunity long closed by geography, income, and race. It can enable education beyond the classroom, healthcare beyond the clinic, and participation beyond the town square.
Directed to the Washington State Legislature, Technology and Economic Development Committee and the Uniform Law Commission.
University of Washington Technology and Public Policy Clinic
University of Washington Technology Law and Public Policy Clinic
Clean energy technologies have begun to transform the national economy. Growth in this sector is expected to be as high as four-‐fold, generating more than $2 trillion per year by 2020. Washington State has historically been a leader in the field by pursuing low-‐carbon energy policies, such as renewable portfolio standards and green building codes. But as competition increases, Washington needs to continue to improve to stay on top. This report presents a package of proposals that address policy and technical barriers to developing Washington State’s clean energy economy.
University of Washington Technology Law and Public Policy Clinic
Clean energy technologies have begun to transform the national economy. Growth in this sector is expected to be as high as four-fold, generating more than $2 trillion per year by 2020. Washington State has historically been a leader in the field by pursuing low-carbon energy policies, such as renewable portfolio standards and green building codes. But as competition increases, Washington needs to continue to improve to stay on top.
Increasing investment in distributed generation, energy efficiency, and conservation has been identified as the future for Washington State by the Legislature, two Governors (both Gregoire and Inslee), the Washington Department of Commerce, the Northwest Power and Conservation Council, and the people themselves (in passing I-937, the Energy Independence Act).
To this chorus of supporting voices, we add our own. Investments in clean energy technologies promotes energy independence, creates clean tech jobs, safeguards our natural resources, reduces greenhouse gas emissions,
protects against environmental degradation, and maintains low energy costs throughout the state. Consequently, the State should consider all manner of policies to support these investments. We have identified several policy and technical barriers to developing Washington State’s clean energy economy. The following is a series of recommendations on eight policy areas that are critical to this issue:
- Distributed generation
- Energy efficient buildings
- Increasing affordability
- Net Metering
- Plug-in electric vehicles
- Amendments to the EIA
Sarah Campbell Eagle, Abigail St. Hilaire, and Kelly Sherwood
The Internet is a constant companion to people the world over and as technology improves it is becoming more accessible every day. With the amount of communication that occurs online, it was only a matter of time before anonymity became an important topic of discussion. Several so-called “anonymity networks” have been developed to facilitate anonymous communication by the citizens of the web. Because the use of these networks is already so widespread, the time is ripe for a discussion of their merits and potential government responses to this phenomenon. An anonymity network “enables users to access the Web while blocking any tracking or tracing of their identity on the Internet.” Anonymity networks generally use some combination of encryption and peer-to-peer networks to allow people to use the Web anonymously. Electronic encryption functions much like the codes that have been used by governments and militaries for centuries. Put simply, one computer will translate a message into a secret code and only computers that have the key to the code will be able to decrypt it. Encryption contributes to anonymity for the obvious reason that if a message is sent over the Internet and someone intercepts it, they won’t be able to decode it unless they have the key (or a very powerful computer depending on the level of encryption). The shortcoming of encryption is that is doesn’t protect the source or the destination of the communication, only the content of the message. Peer-to-peer networks are networks like Napster. When a person would download music on Napster, they were downloading it from another user’s machine. There was no central database where all the information was stored. These networks can contribute to anonymity in the sense that there isn’t a central server that is monitoring and recording all of the traffic in the network. Anonymity networks are most effective when they are more widely used. They rely on volume of communications to cloak individual communications. A good network will also require minimal computing power and consume few network resources, as all the encryption in the world won’t do any good if it makes the network too slow to be useable.
Most Common Types of Anonymity Networks
The Onion Relay (“Tor”) enables individuals to access sites and services available on the Internet in ways that are, at once, secure and anonymous. It does so by employing a decentralized, volunteer-run network of servers throughout the world. To use the Tor network, individuals operate through Tor clients, which cipher and decipher information and in turn make use of Tor servers, which relay information from a point of entry (or “node”), to other Tor nodes, to an exit node that delivers the user to a publicly accessible Internet location. Accordingly, when a user transmits and receives information vis-à-vis the Tor network, that information is both encrypted and encapsulated: encryption hides the user’s content, and encapsulation hides the user's identity.
Directed to the University of Washington Computer Science and Engineering Department.