In the wake of Edward Snowden’s disclosures, the Obama administration had to address a daunting series of challenges on surveillance, cybersecurity, and privacy.

Upcoming Events

Defamation

Defamation

Info Session for Prospective Students
OCT
27
9:00 am - 12:00 pm
RWU Law- Main Campus, 10 Metacom Avenue, Bristol, RI 02809
Professor Anthony J. Santoro Business Law Lecture and Dedication
OCT
27
4:00 pm - 4:00 pm
RWU Law | Bristol Campus
Law Alumni Night
OCT
27
7:00 pm - 9:00 pm
Aidan’s Restaurant & Pub
DEFAMATION - THE PLAY
NOV
02
3:30 pm - 5:00 pm
School of Law - Appellate Courtroom 283
CLE Program: Management of Spinal and Extremities Radiology
NOV
02
5:30 pm - 8:30 pm
Crowne Plaza, Warwick, Rhode Island

Trending@RWULaw

09/08/2017
By Michael Bowden
How do you get from law school to City Hall (or the State House)? With a lot of passion, persistence and hard work, a group of six alumni told a sizeable audience of mostly 1Ls on Thursday. The...


Affordable Excellence at RWU LAW

Archives

Newsroom

Cybersecurity: Obama's Conflicted Legacy

In the wake of Edward Snowden’s disclosures, the Obama administration had to address a daunting series of challenges on surveillance, cybersecurity, and privacy.

RWU Law Professor Peter Margulies writes:

CybersecurityIn the wake of Edward Snowden’s disclosures, the United States administration faced a daunting series of challenges on surveillance, cybersecurity, and privacy. Congress was reluctant to enact comprehensive legislation. Moreover, Snowden’s revelations had triggered an international trust deficit. To deal with these challenges, the executive branch under President Barack Obama resorted to two alternatives: soft law and agency discretion. Soft law entails the issuance of non-binding policy positions and entry into nonbinding agreements with other stakeholders. In contrast, agency discretion connotes unilateral action by federal agencies.

In the soft law domain, the Obama administration sought to ease the post-Snowden trust deficit with Presidential Policy Directive No. 28, which expressly recognized global privacy rights. In collaboration with the EU, the Obama administration also crafted the Privacy Shield agreement governing U.S.-EU commercial data transfers, which created an ombudsperson in the State Department to address EU complaints about U.S. surveillance. The agency discretion model has also yielded advances on privacy. The Federal Trade Commission, for example, has implemented cybersecurity best practices through settlements with firms whose negligence resulted in data breaches.

While both soft law and agency discretion have marked virtues, they also create risks. In disputes with Microsoft regarding overseas data and with Apple about iPhone encryption, U.S law enforcement prioritized the acquisition of information needed for investigations over engagement with stakeholders. Moreover, soft law often lacks clear norms and enforcement mechanisms. For example, the Privacy Shield agreement lacks specificity on the ombudsperson’s powers, which may blunt the ombudsperson’s ability to check the U.S. intelligence community.

To analyze the Obama administration’s cyber efforts, this article proposes a paradigm of stewardship with both discursive and structural dimensions. Discursive stewardship refers to the Executive’s openness to dialogue with other stakeholders. Structural stewardship refers to the domestic and transnational distribution of decisional authority, including checks and balances that guard against the excesses of unilateral action. The Article concludes that the Obama administration made substantial progress in each of these realms. However, the outsized role of law enforcement agendas and dearth of clearly articulated checks on transnational surveillance drove headwinds that limited forward movement.

To download and read the full paper, click here. This excerpt also appeared as a blog on the website of the law firm of Robinson+Cole.